Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've Tried Almost Everything


  • Please log in to reply
15 replies to this topic

#1 wjmccrthy

wjmccrthy

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 12 March 2007 - 09:11 PM

My computer has suddenly become very slow.

I am using a Dell 8400 - 3.2, with 2gb ram using an XP professional platform.

I have no idea what is going on.

Please help!!

Logfile of HijackThis v1.99.1
Scan saved at 10:07:09 PM, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [FlawLong] C:\DOCUME~1\xxxxx.xxx\APPLIC~1\CLOSEC~1\FUNK META DVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~1\STARDO~1\sdie.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O15 - Trusted Zone: www.msn-cnet.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.5.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167536831945
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 13 March 2007 - 04:48 AM

Welcome to BleepingComputer wjmccrthy :thumbsup:

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

*******************************

Click on Start>Control Panel>Add/Remove Programs.
Uninstall/remove any of the following programs if listed:
Netpumper
Bitroll
Bitgrabber
CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media

This is because they are often bundled with the malware you are dealing with.
Don't worry if none of them are present.
If you happened to remove any of them please restart your pc.

******************************

Download NoLop.exe to your desktop.

* First close any other programs you have running as this will require a reboot.
* Double click NoLop.exe to run it.
* Then click the button labelled "Search and Destroy".
* When scanning is finished you will be prompted to reboot only if infected,click 'OK'.
* Now click the "REBOOT" Button.
* A Message should popup from NoLop, if not,double click the program again and it will finish.
Post the contents of C:\NoLop.log and a new Hijack This log into your next reply.
Posted Image
Posted Image

#3 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 17 March 2007 - 09:13 AM

Thanks for getting back to me on this problem.

The NoLop program found no infections here is the log:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\xxxx\Desktop
[3/17/2007]
[9:54:52 AM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Creative
C:\Documents and Settings\Administrator\Application Data\Gtek
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Sonic
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Broderbund Llc
C:\Documents and Settings\All Users\Application Data\Broderbund Software
C:\Documents and Settings\All Users\Application Data\Ca
C:\Documents and Settings\All Users\Application Data\Dell
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Forge Of Games
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Gtek
C:\Documents and Settings\All Users\Application Data\Hewlett-packard
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Iolo -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Jollybear
C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
C:\Documents and Settings\All Users\Application Data\Roxio
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Slysoft
C:\Documents and Settings\All Users\Application Data\Sonic
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Support.com
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\The Learning Company
C:\Documents and Settings\All Users\Application Data\Trend Micro
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Zero Knowledge
C:\Documents and Settings\xxxx\Application Data\Sun
C:\Documents and Settings\xxxx\Application Data\Adobe
C:\Documents and Settings\xxxx\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\xxxx\Application Data\Ahead
C:\Documents and Settings\xxxx\Application Data\Aim
C:\Documents and Settings\xxxx\Application Data\Alawar
C:\Documents and Settings\xxxx\Application Data\Avg7
C:\Documents and Settings\xxxx\Application Data\Corel
C:\Documents and Settings\xxxx\Application Data\Creative
C:\Documents and Settings\xxxx\Application Data\Cyberlink
C:\Documents and Settings\xxxx\Application Data\Ea
C:\Documents and Settings\xxxx\Application Data\Google
C:\Documents and Settings\xxxx\Application Data\Gtek
C:\Documents and Settings\xxxx\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\xxxx\Application Data\Identities
C:\Documents and Settings\xxxx\Application Data\Jasc Software Inc
C:\Documents and Settings\xxxx\Application Data\Lavasoft
C:\Documents and Settings\xxxx\Application Data\Leadertech
C:\Documents and Settings\xxxx\Application Data\Macromedia
C:\Documents and Settings\xxxx\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\xxxx\Application Data\Microsoft
C:\Documents and Settings\xxxx\Application Data\Mozilla
C:\Documents and Settings\xxxx\Application Data\Musicmatch
C:\Documents and Settings\xxxx\Application Data\Pixelstorm
C:\Documents and Settings\xxxx\Application Data\Real
C:\Documents and Settings\xxxx\Application Data\Roxio
C:\Documents and Settings\xxxx\Application Data\Sonic
C:\Documents and Settings\xxxx\Application Data\Sun
C:\Documents and Settings\xxxx\Application Data\Talkback
C:\Documents and Settings\xxxx\Application Data\Tuneup Software
C:\Documents and Settings\xxxx\Application Data\Wildfire
C:\Documents and Settings\Default User\Application Data\Creative
C:\Documents and Settings\Default User\Application Data\Gtek
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Roxio
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Owner\Application Data\Sun
C:\Documents and Settings\xxxx\Application Data\Absolutist.com
C:\Documents and Settings\xxxx\Application Data\Adobe
C:\Documents and Settings\xxxx\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\xxxx\Application Data\Apple Computer
C:\Documents and Settings\xxxx\Application Data\Corel
C:\Documents and Settings\xxxx\Application Data\Creative
C:\Documents and Settings\xxxx\Application Data\Cyberlink
C:\Documents and Settings\xxxx\Application Data\Download Manager -- EMPTY Directory
C:\Documents and Settings\xxxx\Application Data\Ea
C:\Documents and Settings\xxxx\Application Data\Elaborate Bytes
C:\Documents and Settings\xxxx\Application Data\Funkitron
C:\Documents and Settings\xxxx\Application Data\Google
C:\Documents and Settings\xxxx\Application Data\Gtek
C:\Documents and Settings\xxxx\Application Data\Help
C:\Documents and Settings\xxxx\Application Data\Icaclient
C:\Documents and Settings\xxxx\Application Data\Ice Age 2
C:\Documents and Settings\xxxx\Application Data\Identities
C:\Documents and Settings\xxxx\Application Data\Imgburn
C:\Documents and Settings\xxxx\Application Data\Installshield
C:\Documents and Settings\xxxx\Application Data\Intuit
C:\Documents and Settings\xxxx\Application Data\Iolo -- EMPTY Directory
C:\Documents and Settings\xxxx\Application Data\Jasc Software Inc
C:\Documents and Settings\xxxx\Application Data\Lavasoft
C:\Documents and Settings\xxxx\Application Data\Leadertech
C:\Documents and Settings\xxxx\Application Data\Macromedia
C:\Documents and Settings\xxxx\Application Data\Mcafee.com
C:\Documents and Settings\xxxx\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\xxxx\Application Data\Media Player Classic
C:\Documents and Settings\xxxx\Application Data\Microsoft
C:\Documents and Settings\xxxx\Application Data\Mozilla
C:\Documents and Settings\xxxx\Application Data\Pixelstorm
C:\Documents and Settings\xxxx\Application Data\Prevx
C:\Documents and Settings\xxxx\Application Data\Real
C:\Documents and Settings\xxxx\Application Data\Roxio
C:\Documents and Settings\xxxx\Application Data\Shareaza
C:\Documents and Settings\xxxx\Application Data\Slysoft
C:\Documents and Settings\xxxx\Application Data\Smart Pc Solutions
C:\Documents and Settings\xxxx\Application Data\Sonic
C:\Documents and Settings\xxxx\Application Data\Sun
C:\Documents and Settings\xxxx\Application Data\Symantec
C:\Documents and Settings\xxxx\Application Data\Talkback
C:\Documents and Settings\xxxx\Application Data\Tuneup Software
C:\Documents and Settings\xxxx\Application Data\Versiontracker Pro
C:\Documents and Settings\xxxx\Application Data\Viewpoint
C:\Documents and Settings\xxxx\Application Data\Vso
C:\Documents and Settings\xxxx\Application Data\Wildfire
C:\Documents and Settings\xxxx\Application Data\Zero Knowledge


The new Hijack This log is:

Logfile of HijackThis v1.99.1
Scan saved at 10:08:35 AM, on 3/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\plscd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MagicSpeedBooster] C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O15 - Trusted Zone: www.msn-cnet.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.5.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167536831945
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Processing time was a little faster after Cleanup, but still slow.

Thanks for your help so far!

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 17 March 2007 - 09:30 AM

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*******************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.5.cab
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)

Find and delete:
C:\WINDOWS\system32\plscd.exe
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\xxx\Application Data\Viewpoint

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 17 March 2007 - 12:13 PM

Wow!!

AVG found many Trojans (trojan.small,downloader.zlob)

Still very slow, still, when booting up.

Here is AVG's new log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:45:13 PM 3/17/2007

+ Scan result:



C:\Program Files\SoftwareDoctor -> Adware.SoftwareDoctor : Cleaned.
C:\Program Files\SoftwareDoctor\ErrorDoctor -> Adware.SoftwareDoctor : Cleaned.
C:\Program Files\SoftwareDoctor\ErrorDoctor\dvt.nfo -> Adware.SoftwareDoctor : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP58\A0036826.exe -> Downloader.Zlob.bky : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP58\A0036823.dll -> Downloader.Zlob.bno : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP58\A0036827.exe -> Downloader.Zlob.bnw : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP50\A0034700.dll -> Downloader.Zlob.boo : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP58\A0036825.exe -> Downloader.Zlob.boo : Cleaned.
C:\Documents and Settings\xxxx\Cookies\xxxx@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\xxxx\Cookies\xxxx@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\xxxx\Cookies\xxxx@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\xxxx\Cookies\xxxx@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP11\A0006579.exe -> Trojan.Inject.au : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0005598.exe -> Trojan.Inject.au : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP57\A0036782.exe -> Trojan.Obfuscated.cb : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP78\A0056677.exe -> Trojan.Obfuscated.cb : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP78\A0056682.exe -> Trojan.Obfuscated.cb : Cleaned.
C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld124B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld125F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld12D5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1382.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld13F9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1450.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld14AF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1551.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1574.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld15BB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld15EB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld167E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld176B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld17E9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld19C0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1B5A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1B6C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1B86.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1BA4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1CC8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1CE1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1CF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1D1E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1DB3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1DD5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1E3D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld1EDF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld202B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2162.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld22ED.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2341.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2455.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2467.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld24AC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld252.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld25D9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld25DF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld27A8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2A70.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2B91.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2BD1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2BFA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2CED.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2D4C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2D84.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2DDF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2E19.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2E96.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2ED6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld2F3A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld30A6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld327.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld338C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld33E3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3471.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld34A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld35.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3507.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld357D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld35BD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3640.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3692.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld36C9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld36EA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld378C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld38A8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld38F7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld39E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3AFD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3C78.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3C9A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3CA2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3CA4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3DB7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3DFF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3EC1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3EC4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3F5B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld3FDE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4280.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld440A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld446E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4572.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4585.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld45AB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld46F7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld472C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld48F5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4B2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4B8D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4C9F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4CFF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4D18.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4DA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4DDC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4E49.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4E6A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4EA2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4EED.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4F27.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld4FE5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5049.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld51A4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld54BA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5501.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5570.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5635.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld568B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld56BC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld574E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld57AF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld57E7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld57E8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld58AA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5A05.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5A33.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5C1B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5D89.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5D96.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5DB2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5DCF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5EA6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5F0D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5FB0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld5FC3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6088.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld60FC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld63AD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6519.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld657D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld66A0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld66A3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld66A9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld67B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld67E4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6814.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6869.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6A12.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6CAB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6DBD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6E0D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6E45.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6EDA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6F57.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6F97.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6FC0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld6FFB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld7036.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld70E3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld7176.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld72B2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld74CB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld75D8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld762E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld768D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld7752.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld778A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld77BA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld784D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld78CD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld78F6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld7904.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld79C8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld7B14.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld7BAE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld7D39.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld7E87.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld7EC3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld7ED0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld7F94.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld800C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld809F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld80B1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld81A6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld84CB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld8636.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld867B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld87B7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld87D0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld87EC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld88F2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld8932.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld89B5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld8B30.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld8DD8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld8EAC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld8F2B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld8F63.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld8FF8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld90B5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld90B9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld90ED.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld9119.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld9144.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld91E2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld9274.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld93B1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld952.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld95E9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld96E6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld974C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld978C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld9870.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld98A7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld98B9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld996B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld99F5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld99FA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld9A12.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld9AC6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld9C31.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld9CDC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld9E56.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld9F76.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld9FCE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ld9FE1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA093.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA139.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA1BC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA1C0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA2D3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA5E9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA764.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA77A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA83.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA8A5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA8DE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA8E5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldA929.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldAA00.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldAA40.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldAAD3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldAB4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldAC4E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldACD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldAF06.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldAFAA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB058.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB081.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB0F6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB1B3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB20B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB227.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB261.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB2E0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB383.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB4AF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB58C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB765.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB813.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB85A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB88A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB98E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB9B5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldB9B7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldBA88.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldBAF9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldBB13.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldBB30.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldBBD4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldBCF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldBD20.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldBDF9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldBF93.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC065.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC0CD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC10E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC182.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC267.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC2DD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC3E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC3F1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC67.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC707.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC888.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC891.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC9B3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldC9F3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldCA0C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldCA66.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldCB0E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldCB2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldCB6E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldCBF1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldCCC8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldCD6C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD024.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD0B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD0B9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD185.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD18A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD19E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD214.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD2B2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD338.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD345.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD38F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD3DF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD481.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD5AE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD6AA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD88.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD90F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD931.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD978.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldD989.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldDA9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldDAAC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldDAC5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldDAE3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldDB97.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldDBF7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldDC30.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldDCF2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldDE0F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldDF17.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE0A2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE163.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE1FA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE22C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE280.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE2C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE394.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE3DC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE51E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE824.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE975.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE996.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldE9AF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldEAD0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldEB11.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldEB39.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldEB94.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldEC1C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldEC8B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldED1E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldEDC6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldEE6A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF141.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF1C7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF284.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF2CC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF322.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF3A1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF443.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF446.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF4BC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF4ED.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF570.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF64D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF6BC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF78.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldF825.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldFA3C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldFA4F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldFA86.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldFA87.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldFBC9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldFBE1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldFBE3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldFCA5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldFCE6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldFD2F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldFDF1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\SYSTEM32\1024\ldFF1D.tmp -> Trojan.Small : Cleaned.


::Report end

The new Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 1:05:58 PM, on 3/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MagicSpeedBooster] C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O15 - Trusted Zone: www.msn-cnet.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.5.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167536831945
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks,

worst bug I've ever had!!!

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 17 March 2007 - 12:20 PM

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Posted Image

#7 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 17 March 2007 - 12:59 PM

Will the infections ever cease?

Here is the combofix log:

"xxxx" - 07-03-17 13:45:01 Service Pack 2
ComboFix 07-03-15.2 - Running from: "C:\Documents and Settings\xxxx\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\FNTS~1


((((((((((((((((((((((((((((((( Files Created from 2007-02-17 to 2007-03-17 ))))))))))))))))))))))))))))))))))


2007-03-17 10:58 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-03-17 09:54 106 --a------ C:\delete.bat
2007-03-16 21:36 <DIR> d-------- C:\DOCUME~1\\APPLIC~1\Smart PC Solutions
2007-03-16 21:31 <DIR> d-------- C:\Program Files\Smart PC Solutions
2007-03-16 19:26 <DIR> d-------- C:\DOCUME~1\\APPLIC~1\iolo
2007-03-16 19:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-03-16 17:45 <DIR> d-------- C:\Program Files\1 Click PC Fix 2007
2007-03-16 17:15 <DIR> d-------- C:\Program Files\InterMute
2007-03-12 07:02 <DIR> d-------- C:\DOCUME~1\xxxx\APPLIC~1\Real
2007-03-11 19:42 251,392 --a------ C:\hijackthis_sfx.exe
2007-03-11 11:34 94,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2007-03-11 11:34 85,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2007-03-11 11:34 43,176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2007-03-11 11:34 31,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2007-03-11 11:34 23,352 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2007-03-11 11:33 90,112 --a------ C:\WINDOWS\SYSTEM32\AVASTSS.scr
2007-03-11 11:33 689,280 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-03-11 11:33 <DIR> d-------- C:\Program Files\Alwil Software
2007-03-11 11:18 262,144 --a------ C:\DOCUME~1\Owner\NTUSER.DAT
2007-03-11 11:18 262,144 --a------ C:\DOCUME~1\xxxx\NTUSER.DAT
2007-03-10 19:07 <DIR> d-------- C:\Program Files\RegVac Registry Cleaner
2007-03-10 12:54 <DIR> d-------- C:\Program Files\SmartPCTools
2007-03-10 12:14 <DIR> d-------- C:\Program Files\RegistryFix
2007-03-10 10:43 <DIR> d-------- C:\WINDOWS\MaxSecureBackup
2007-03-10 09:52 63 --a------ C:\WINDOWS\SYSTEM\SYSRegC.dll
2007-03-10 09:49 143,360 --a------ C:\WINDOWS\SYSTEM32\GetHardDiskNo.dll
2007-03-10 09:49 1,126,400 --a------ C:\WINDOWS\SYSTEM32\VchReg.dll
2007-03-10 09:49 <DIR> d-------- C:\Program Files\Max Registry Cleaner
2007-03-10 09:49 <DIR> d-------- C:\Download
2007-03-08 22:58 <DIR> d-------- C:\DOCUME~1\`\.housecall6.6
2007-03-04 17:28 <DIR> d-------- C:\DOCUME~1\\APPLIC~1\SlySoft
2007-03-04 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-03-04 11:12 <DIR> d-------- C:\Program Files\Star Downloader
2007-02-19 12:30 68,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-17 11:13 384 --a------ C:\WINDOWS\SYSTEM32\dvcstatebkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2007-03-17 11:13 384 --a------ C:\WINDOWS\SYSTEM32\dvcstate-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2007-03-16 21:08 -------- d-------- C:\Program Files\sp2 connection patcher
2007-03-16 17:02 -------- d-------- C:\Program Files\winace
2007-03-11 11:24 -------- d-------- C:\Program Files\mcafee.com
2007-03-10 21:10 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-03-10 11:20 -------- d-------- C:\Program Files\dvdsanta
2007-03-10 11:18 -------- d-------- C:\Program Files\yahoo!
2007-03-09 22:39 -------- d-------- C:\Program Files\noadware3
2007-03-04 18:16 -------- d-------- C:\Program Files\clonedvd
2007-03-04 16:59 -------- d-------- C:\DOCUME~1\\APPLIC~1\vso
2007-03-01 11:24 -------- d-------- C:\DOCUME~1\\APPLIC~1\real
2007-02-18 11:06 -------- d-------- C:\Program Files\dvd-rb
2007-02-15 20:56 11984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\RegKill.sys
2007-02-15 20:54 15440 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ElbyCDIO.sys
2007-02-12 14:13 -------- d-------- C:\DOCUME~1\\APPLIC~1\media player classic
2007-02-11 06:57 359808 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
2007-02-10 12:03 -------- d-------- C:\Program Files\dvdfab platinum 3
2007-02-10 11:38 87608 --a------ C:\DOCUME~1\\APPLIC~1\ezpinst.exe
2007-02-10 11:38 7824 --a------ C:\DOCUME~1\\APPLIC~1\pcouffin.cat
2007-02-10 11:38 47360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pcouffin.sys
2007-02-10 11:38 47360 --a------ C:\DOCUME~1\\APPLIC~1\pcouffin.sys
2007-02-10 11:38 34 --a------ C:\DOCUME~1\\APPLIC~1\pcouffin.log
2007-02-10 11:38 1144 --a------ C:\DOCUME~1\\APPLIC~1\pcouffin.inf
2007-02-04 08:42 -------- d-------- C:\DOCUME~1\\APPLIC~1\imgburn
2007-02-04 08:17 -------- d-------- C:\Program Files\imgburn
2007-02-03 13:30 -------- d-------- C:\Program Files\xp codec pack
2007-02-03 13:24 -------- d-------- C:\Program Files\k-lite codec pack
2007-02-03 10:07 -------- d-------- C:\Program Files\no1 dvd ripper
2007-02-02 12:37 81920 --a------ C:\WINDOWS\SYSTEM32\elbycdio.dll
2007-02-01 21:30 -------- d-------- C:\Program Files\winavivideoconverter
2007-02-01 00:46 -------- d-------- C:\Program Files\dvd-rb pro
2007-01-31 23:08 -------- d-------- C:\Program Files\google
2007-01-30 21:40 -------- d-------- C:\Program Files\microsoft windows vista upgrade advisor
2007-01-28 10:13 646392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
2007-01-28 10:05 -------- d--h----- C:\Program Files\installshield installation information
2007-01-27 10:26 223 --a------ C:\WINDOWS\freedom.backup.dat
2007-01-27 08:55 768000 --a------ C:\WINDOWS\SYSTEM32\exec1.exe
2007-01-17 22:00 -------- d-------- C:\Program Files\apple software update
2007-01-14 17:37 848 --ahs---- C:\WINDOWS\SYSTEM32\kgygaavl.sys
2007-01-13 12:29 325 --a------ C:\WINDOWS\initialize.bat
2007-01-11 17:36 65536 --a------ C:\WINDOWS\SYSTEM32\nmsaccess.exe
2007-01-09 19:46 10752 --a------ C:\WINDOWS\SYSTEM32\ff_vfw.dll
2007-01-08 20:01 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-12-31 18:04 22040 ---h----- C:\DOCUME~1\\APPLIC~1\addon.dat
2006-12-30 23:33 0 --a------ C:\AUTOEXEC.BAT
2006-12-30 23:28 23428 --a--c--- C:\WINDOWS\SYSTEM32\emptyregdb.dat
2006-12-18 14:36 100720 --a------ C:\DOCUME~1\\APPLIC~1\gdipfontcachev1.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MagicSpeedBooster"="C:\\Program Files\\Smart PC Solutions\\Magic Speed\\MagicSpeedBooster.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IAAnotif"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE\""
"CTHelper"="CTHELPER.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime Alternative\\qttask.exe\" -atboottime"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableCAD"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##xxxxcomputer#c]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{268eaf35-dd5a-11da-bf12-00038a000015}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d714c6b-ef1b-11da-bf2b-00038a000015}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4434bbf8-9531-11da-bdcf-0020eab22540}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6977160f-958f-11da-bdd1-00038a000015}]


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\1MEGURC9\adjs[4].php 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\1MEGURC9\f_subscribe[1].gif 176 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\1MEGURC9\rss_software[1].gif 256 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\banner[1].htm 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bar_bg[1].gif 208 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\BB11114481A2448AD9D353F72B69B2[1].jpg 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bbd001-300_01[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bcsaup[1].gif 256 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\BD124224411D51A29AAC71C99521[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\BD2822C159E1722608087C821AC5[1].jpg 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bg-topnav[1].gif 80 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bg_star[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\binkiespikecollar[1].gif 16384 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bk14[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\black-bill_trocchi-inside.c.basketball[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\blank[1].gif 424 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\blog_kushner_blog[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bnum=45301069[1] 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bnum=72662798[1] 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\boardov[1].gif 504 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\body-bg[1].gif 16384 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\body-top[1].gif 168 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bodytopleft[1].gif 80 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\border030407-80[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bottomleft[1].gif 200 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bottomright[1].gif 280 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\boxshot_anydvd[1].gif 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\box_body_560[1].gif 72 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\box_fill[1].gif 96 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\box_top[1].gif 496 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\btnfavorites[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\btnSearch[1].gif 352 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\btntvshows[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\btn_no[1].gif 496 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\buttons[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bwtest[1].swf 40960 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\bwtest[2].swf 40960 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\b[1].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\b[2].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\b[3].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\b_02_B_jncbxh7fh[1].gif 61440 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\C700000136;tvg=ad;pos=head;tile=2;dcopt=;promo=;sz=320x55;ord=1173267237378[1] 320 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\CA7AOHEI.htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\CACUDIHK.htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\carddetails[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\category[1].htm 49152 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\cbddm[1].js 12288 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\CCC6CFB5F746C4DE811CE5A16C97EB[1].jpg 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ccrtv[1].htm 216 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\CEEFAFB775E0E452A5EE6D2FFA7129[1].jpg 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\central[1].gif 256 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\CFFD71984EB3562FF139171D8D3527[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\claim[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\cm[1].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\cm[2].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\cm[3].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\cm[4].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\cnet-prototype-1.3.1[1].js 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\cniov[1].gif 248 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\communityov[1].gif 232 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\computer[1].gif 248 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\config[1].xml 0 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\context[1].htm 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\context[2].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\corporate[1].gif 520 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\counter[1].js 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\cp2403_LoveWord[1].png 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\crossdomain[1].xml 96 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\crossdomain[2].xml 96 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\cs[1].css 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ctechov[1].gif 232 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\customerservicebanner[1].gif 12288 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\cuttingEdge100[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\c_flickr.css.v1[1].css 36864 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\departmentsov[1].gif 520 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\dl_global[1].css 16384 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\dl_global[1].js 12288 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\doclibov[1].gif 520 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\doclibov[2].gif 232 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\dotted_div_hor[1].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\download-box[1].png 12288 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\download[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\download_free_trial[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\download_red[1].gif 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\dresscode[1].gif 248 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\e0[1].js 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\e0[2].js 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\eason5&dechannel=idolphotos&size=728x90&server=APPS72.in.ign[1].com&PageId=1172960342641&random=1172960342641&property=americanidol&tile=1172960382339 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\eason5&dechannel=idolphotos&size=728x90&server=APPS72.in.ign[1].com&PageId=1172960356921&random=1172960356921&property=americanidol&tile=1172960396188 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\eason5&dechannel=idolphotos&size=728x90&server=APPS72.in.ign[1].com&PageId=1172960358780&random=1172960358780&property=americanidol&tile=1172960398339 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\eason5&dechannel=idolphotos&size=728x90&server=APPS72.in.ign[1].com&PageId=1172960360921&random=1172960360921&property=americanidol&tile=1172960400340 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\eason5&dechannel=idolphotos&size=728x90&server=APPS72.in.ign[1].com&PageId=1172960376045&random=1172960376045&property=americanidol&tile=1172960415771 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ECH_Chase_468X60[1].gif 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EmbedVideoPlayer_5.0.0.0[1].swf 57344 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\employov[1].gif 584 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\erate[1].gif 232 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\etech[1].gif 232 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\etwork=fim&reginsider=n&subdomain=americanidol.com&pagetype=idol_mrcontent&site=idolseason5&dechannel=idolphotos&size=text&server=APPS72.in.ign[1].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\etwork=fim&reginsider=n&subdomain=americanidol.com&pagetype=idol_mrcontent&site=idolseason5&dechannel=idolphotos&size=text&server=APPS72.in.ign[2].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\etwork=fim&reginsider=n&subdomain=americanidol.com&pagetype=idol_mrcontent&site=idolseason5&dechannel=idolphotos&size=text&server=APPS72.in.ign[3].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\etwork=fim&reginsider=n&subdomain=americanidol.com&pagetype=idol_mrcontent&site=idolseason5&dechannel=idolphotos&size=text&server=APPS72.in.ign[4].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\etwork=fim&reginsider=n&subdomain=americanidol.com&pagetype=idol_mrcontent&site=idolseason5&dechannel=idolphotos&size=text&server=APPS72.in.ign[5].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ewtrack[1].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ewtrack[2].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ewtrack[3].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ewtrack_9[1].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ewtrack_9[2].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_NEW_V[1] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_NEW_V[2] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_NEW_V[3] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_NEW_V[4] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_NEW_V[5] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_NEW_V[6] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_NEW_V[7] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_NEW_V[8] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_NEW_V[9] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_TIME[1] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_TIME[2] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_TIME[3] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\EWTRACK_TIME[4] 8 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ewtrack_wesupport[1].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ewtrack_wesupport[2].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\F0A527EF70AEFC92F1A4774F2BF26C[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\F19B2F4BA660BF23ACA39479569B7A[1].jpg 12288 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\F700000047;tvg=ad;pos=top;tile=1;dcopt=ist;promo=;sz=728x90;ord=1173267001509[1] 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\F800007610;tvg=ad;pos=bottom;tile=4;dcopt=;promo=;sz=728x90;ord=1173267095664[1] 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\F800007610;tvg=ad;pos=right;tile=3;dcopt=;promo=;sz=300x250;ord=1173267095664[1] 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\facilitiesov[1].gif 416 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\farright[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\favicon[1].ico 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\favicon[2].ico 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\favicon[3].ico 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\favicon[4].ico 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\favicon[5].ico 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\feb22pimp[1].jpg 12288 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\fedprog[1].gif 240 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ff2[1].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\firefox-title[1].png 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\FirstRead_300TZ[1].jpg 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\footer[1].gif 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\formfields-bg[1].gif 480 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\front[1].asp 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\front[2].asp 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\f_06_F_jncbxh7fh[1].gif 24576 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\f_reply[1].gif 352 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\g=mich;slug=ap;path=2007;path=basketball;path=ncaa;path=03;path=03;path=ohiost_mich_ap;file=index_html;dcove=d;sz=160x600;ptile=3;ord=415726989680[1] 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\gamingUS[1].gif 53248 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\gateway[1].xml 472 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\GeekSquad_Vista_2_728x90[1].swf 20480 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\generic[1].gif 80 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\getmsg[1].htm 32768 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\getmsg[2].htm 32768 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\gkt03[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\global_tracking[1].js 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\glossary-js[1].htm 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\glossary-js[2].htm 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\glyph_close_hover[1].gif 72 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\grandmaster_flash_404x208[1].jpg 28672 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\g_07_G_jncbxh7fh[1].gif 24576 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\hd-bg[1].gif 544 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\hdbrand_bg[1].gif 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\header-language03[1].gif 128 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\header-logo[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\headerapp[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\header[1].jpg 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\header_messageboards[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\headline_publisher[1].gif 304 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\headline_pub_info[1].gif 544 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\homeov[1].gif 184 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\Home_f2[1].gif 160 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\HoTMaiL[1].htm 49152 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\housecall[1].png 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\icon_downloading_sm[1].gif 536 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\icon_download_product_large_ani[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\icon_sad[1].gif 176 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\icon_watchlist[1].gif 200 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\iframead[2].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\imdb[1].htm 45056 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ImgServlet[1].png 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ImgServlet[2].png 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ImgServlet[3].png 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\ImgServlet[4].png 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\impeach[1].gif 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\implementation-java[1].png 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\implementation[1].js 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\index[1].htm 16384 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\index[1].jsp 384 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\index[2].htm 24576 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\index[3].htm 45056 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\inputext[1].gif 528 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\iQ_Eye_3SolRtJump24Hr_Res_Loop_022007_mn_300x120[1].swf 28672 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\iraqforsale[1].jpg 12288 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\irc[1].gif 232 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\jive[1].js 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\join-signup-btn[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\j[1].ad 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\j[2].ad 480 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\j[3].ad 448 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\j[4].ad 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\klipinsert4[1].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\klipinsert4[2].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\korean_lite[1].gif 104 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\left_music[1].gif 584 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\lhs_filmographies[1].gif 536 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\lhs_promotional[1].gif 496 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\livelines-anim[1].gif 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\live[1].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\lmb_lre_PassStMandancingCalcBCO10s_MC430_1399_0307_125x125[1].gif 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\lmb_lre_PassStRtCnctDtFxnMapNoBrdText_near40yr_MC510_1698_0307_300x120[1].gif 16384 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\lmb_lre_PassStRtCred3DncManNBrdTxt10s_near40yr_MC510_1698_0307_300x120[1].gif 12288 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\locres204[1].auz 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\login-x[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\login_t[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\logo-top[1].gif 12288 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\logo[1].gif 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\lunchov[1].gif 248 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\lunch[1].gif 240 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\l_sb_c[1].js 28672 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\main[1].css 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\main[1].js 16384 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\main_buynow[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\main_config[1].xml 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\march[2].gif 24576 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\menu2-back[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\missionov[1].gif 248 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\mission[1].gif 240 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\mlb[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\mlb_pipe2[1].gif 56 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\mlb_sel_btn[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\monster_climb_728x90[1].swf 20480 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\moz-com-logo[1].png 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\mrs06227_gene_728x90_DEF[1].jpg 16384 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\MS2681_16099_160x600_FCR_2[1].gif 20480 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\MSFT_pos[2].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\musichub10[1].swf 61440 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\mymsn[1].js 400 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\n&subdomain=americanidol.com&pagetype=idol_chhomepage&page.allowcompete=no&site=idolseason5&dechannel=idolphotos&size=text&server=APPS72.in.ign[1].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\nameboe[1].gif 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\navbg[1].gif 56 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\navHeader_Brewers[1].jpg 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\nav[1].css 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\nav_multi[1].js 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\nav_top[1].gif 104 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\nb15[1].css 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\newov[1].gif 248 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\newtopcal[1].gif 504 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\newtophome[1].gif 312 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\n_shuster_libby_070306.thumb[1].jpg 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\opol[1].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\opol[2].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\opol[3].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\opol[4].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\opol[5].gif 48 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\optn=1[1] 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\optn=1[1].htm 328 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\optn=1[2] 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\optn=1[2].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\optn=1[3] 352 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\optn=1[4] 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\optn=1[5] 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\optn=64[1].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\optn=64[2].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\optn=64[3].htm 4096 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\outside_logos[1].gif 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\overlibmws_iframe[1].js 8192 bytes
C:\Documents and Settings\xxxx\Local Settings\Temporary Internet Files\Content.IE5\5C5CDU74\pattern_02[1].gif 4096 bytes
C:\Documents and

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 17 March 2007 - 01:15 PM

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option #1 – Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy and paste the content of that report into your next reply.
Also post a new Hijackthis log please.
Posted Image
Posted Image

#9 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 17 March 2007 - 01:39 PM

So many problems.

Here is the report for smitfraud:

SmitFraudFix v2.148

Scan done at 14:32:42.38, Sat 03/17/2007
Run from C:\Documents and Settings\xxxx\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\xxxx


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\xxxx\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Here is the most recent Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 2:34:05 PM, on 3/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe
C:\WINDOWS\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MagicSpeedBooster] C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O15 - Trusted Zone: www.msn-cnet.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.5.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167536831945
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks for your help.

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 17 March 2007 - 01:55 PM

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt

Post the smitfraudfix report into your next reply.

********************************

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Edited by RichieUK, 17 March 2007 - 01:57 PM.

Posted Image
Posted Image

#11 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 17 March 2007 - 06:45 PM

slowly but surely, the computer is getting faster.

Here is the smitfraud fix log:

SmitFraudFix v2.148

Scan done at 14:59:34.54, Sat 03/17/2007
Run from C:\Documents and Settings\xxxx\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

The Dr.Web csv follows:

Process.exe;C:\Documents and Settings\xxxx\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\xxxx\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
Gamehouse Tumblebugs Trial to Full by Great Elmo!!.EXE;C:\Program Files\GameHouse\Tumblebugs;Tool.GameCrack;Incurable.Moved.;
Reflexive Arcade Twistingo Trial to Full by Great Elmo!!.EXE;C:\Program Files\Twistingo;Tool.GameCrack;Incurable.Moved.;
patch.exe;C:\Program Files\WinAce;Tool.ASEye.2;Incurable.Moved.;
A0030520.EXE;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP42;Tool.GameCrack;Incurable.Moved.;
A0030529.EXE;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP42;Tool.GameCrack;Incurable.Moved.;
A0056676.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP78;Trojan.GLoad;Deleted.;
A0056680.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP78;Trojan.GLoad;Deleted.;
Process.exe;C:\WINDOWS\SYSTEM32;Tool.Prockill;Incurable.Moved.;

Thanks

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 18 March 2007 - 09:04 AM

Please run the F-Secure online virus/spyware scan using Internet Explorer:
http://support.f-secure.com/enu/home/ols3.shtml
Follow the directions in the F-Secure page for proper Installation.
Accept the License Agreement.
Once the ActiveX installs,Click ‘Custom Scan’ and be sure the following are checked:
1.Scan whole System
2.Scan all files
3.Scan whole system for rootkits
4.Scan whole system for spyware
5.Scan inside archives
6.Use advanced heuristics
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the ‘I want to decide item by item’ button.
For each item found,Select ‘Disinfect’ and click ‘Next’.
Click the ‘Show Report’ button,then copy and paste the entire report into your next reply.

*************************

Please download Sophos Anti-Rootkit,and save it on your desktop.
1. Double-click sarsfx.exe to extract the files and leave the default settings.
2. Open the folder C:\SOPHTEMP and double-click sargui.exe to start the program.
3. Make sure the following are checked:
- Running processes
- Windows Registry
- Local Hard Drives
4. Click the "Start Scan" button.
5. Click the "OK" button after you get the notification that the scan has finished and close the program.
6. Click on Start>Run and type, or copy and paste: %temp%\sarscan.log then press Enter.
7. This should open the log from the rootkit scan.
Post this log into your next reply.

Note:
If the scan is performed while the computer is in use, false positives may appear in the scan results.
This is caused by files or registry entries being deleted,including temporary files being deleted automatically.
It has also been reported that Trojan Hunter is detecting Sophos Anti-rootkit as Trojan.Dropper.Interlac.100
So if you have Trojan Hunter installed you will need to disable it prior to running a scan.
Posted Image
Posted Image

#13 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 18 March 2007 - 02:31 PM

F-Secure Online Scanner 3.0.19 - Scanning Report - Sunday, March 18, 2007 13:52:45Scanning
Report
Sunday, March 18, 2007 10:13:44 - 13:52:40
Computer name: METAL_MAIDEN
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\



Result: 6 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
W32/DLoader.AYGD (virus)
C:\PROGRAM FILES\VUGAMES\LEISURE SUIT LARRY - MAGNA CUM LAUDE\LARRY8_PATCH.EXE
(Submitted)
W32/Hupigon.AIVC (virus)
C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS (Submitted)
W32/Suspicious_F.gen (virus)
C:\PROGRAM FILES\WINACE\KEYGEN.EXE (Submitted)
W32/Viking.EQ (virus)
C:\PROGRAM FILES\GAMEHOUSE\CHUZZLE DELUXE\CHUZZLE_DELUXE_1.0_GH_CRACK.EXE
(Submitted)



Statistics
Scanned:
Files: 65743
System: 6249
Not scanned: 13
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 5
Submitted: 4
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\xxxx\LOCAL
SETTINGS\TEMP\~ROMFN_00000CE0
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION
DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_50E417E0-E461-474B-96E2-077B80325612

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION
DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B37808A3C062E98A1525B6134702B0F1_50E417E0-E461-474B-96E2-077B80325612

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION
DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9CD5DD2691CE9B0DFF98976FD512D6D_50E417E0-E461-474B-96E2-077B80325612

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION
DATA\MICROSOFT\CRYPTO\DSS\MACHINEKEYS\8951D0E5D1C775491913076F85C509B6_50E417E0-E461-474B-96E2-077B80325612




Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-03-16
F-Secure AVP: 7.0.171, 2007-03-17
F-Secure Orion: 1.2.37, 2007-03-16
F-Secure Blacklight: 1.0.53, 0000-00-00
F-Secure Draco: 1.0.35, 0260-02-44
F-Secure Pegasus: 1.19.0, 2007-02-14
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF
VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI
MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0
TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics



Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third
parties that F-Secure World Wide Web pages have a link to. Unless you have
clearly stated otherwise, by submitting material to any of our servers, for
example by E-mail or via our F-Secure's CGI E-mail, you agree that the
material you make available may be published in the F-Secure World Wide Pages
or hard-copy publications. You will reach F-Secure public web site by clicking
on underlined links. While doing this, your access will be logged to our
private access statistics with your domain name.This information will not be
given to any third party. You agree not to take action against us in relation
to material that you submit. Unless you have clearly stated otherwise, by
submitting material you warrant that F-Secure may incorporate any concepts
described in it in the F-Secure products/publications without liability.

Sophos Anti-Rootkit Version 1.2 (data 1.01) © 2006 Sophos Plc
Started logging on 3/18/2007 at 14:00:04 PM
Hidden: file C:\Documents and Settings\xxxx\Favorites\Desktop.ini
Hidden: file C:\Documents and Settings\xxxx\Favorites\Wachovia .url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Jefferson County Schools - School Websites.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Shepherdstown Elementary School - Shepherdstown Elementary.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Yahooligans! The Web Guide for Kids.url
Hidden: file C:\Documents and Settings\xxxx\Local Settings\Temp\nzpldm.exe
Hidden: file C:\Documents and Settings\xxxx\Favorites\Avaxhome Games.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Microsoft Websites\Welcome to IE7.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Microsoft Websites\IE site on Microsoft.com.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Microsoft Websites\IE Add-on site.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Microsoft Websites\Microsoft At Home.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Microsoft Websites\Microsoft At Work.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Microsoft Websites\Marketplace.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Microsoft\See What's new in IE7.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Microsoft\IE on Microsoft.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Microsoft\Marketplace.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Microsoft\At Home.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Microsoft\At Work.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Bank of America.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Microsoft Windows Update.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Professional Education Center.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\Emusic.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\Corel Online Store.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\Detto IntelliMover Online Store.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\hp customer care.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\hp music store.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\hp pavilion home computing.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\hp user support forum guide.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\hp's online shopping center.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\my hp club.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\SkyDesk @ Backup Service.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\Software Online Store.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\Symantec Online Store.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\ZeroKnowledge Online Store.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\AOL.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Dialpad.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\MSN.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Ofoto.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Access Anywhere.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Amazon.com.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Boingo Wireless.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\CompuServe.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\DirecTV DSL.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Earthlink DSL.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\GoAmerica.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Quicken Financial Center.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Local Weather Forecast for Shepherdstown, WV (25443) - weather.com.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Washington Gas 401K.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Local Weather Forecast for Shepherdstown, WV (25443) - weather.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\United Bank.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\MARCTracker - Train Location View.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Washington Metropolitan Area Transit Authority.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\http--meritline.stores.yahoo.net-hp-dvd840i-lightscribe-dvd-burner-and-10-hp-lightscribe-52x-cdr.html.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Polaroid Part MPA6930A at PartStore.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Adelphia\Adelphia Customer Support.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Adelphia\Adelphia eSafety.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Adelphia\Adelphia Power Link.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Adelphia\Adelphia Subscriber Agreement, AUP and Privacy Policy.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Adelphia\Adelphia Web Site Privacy Policy.url
Hidden: file C:\Documents and Settings\xxxx\Favorites\Verizon Supported Cell Phones - RingingPhone.com.url
Stopped logging on 3/18/2007 at 15:22:45 PM

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 18 March 2007 - 03:19 PM

Reboot,post a new Hijackthis log into your next reply,let me know how your pc is running now.
Posted Image
Posted Image

#15 wjmccrthy

wjmccrthy
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 18 March 2007 - 03:52 PM

Thanks for all your help.

Once the IE or Firefox opens up, speed is not a problem. However, the two programs still take
a long time open up.

Here is the latest hijack this log:

ogfile of HijackThis v1.99.1
Scan saved at 4:45:57 PM, on 3/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O15 - Trusted Zone: www.msn-cnet.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.5.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1167536831945
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users