1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet explorer pop-ups and other problems

Discussion in 'Virus & Other Malware Removal' started by poltomb, Nov 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. poltomb

    poltomb Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    14
    Well, my girlfriend sent me one of those e-cards, and now her computer is full of ad-ware, and some viruses (virii?). I have tried numerous times to get rid of it, but I am just stumped. I know there are a lot of things that are not needed on this computer. Notably, anything that is an ad-causing program for internet explorer can be deleted, she uses firefox.

    Here is the HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:06:26 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Common Files\AOL\1146277923\ee\AOLSoftware.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\avp.exe
    C:\WINDOWS\mgrs.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\QdrModule\QdrModule9.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\QdrPack\QdrPack9.exe
    C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Documents and Settings\Cassandra\Desktop\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {19387FDD-92BE-42C3-BDE2-8B4AB1ED6AD0} - C:\Program Files\MSN\mewody4444.dll
    O2 - BHO: (no name) - {2E68DFAF-4441-3CB3-3054-4D71C105C3C6} - C:\WINDOWS\system32\ltt.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {5F2D1427-E937-41A5-9B5A-6CD68F2B74B8} - C:\WINDOWS\system32\mljgh.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
    O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A4553DF3-D5CD-4FF1-878C-5FD559B39100} - C:\Program Files\MSN\mewody83122.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\awtsrqr.dll (file missing)
    O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
    O2 - BHO: 0 - {D54BBF04-D75C-4E1C-6FAD-882B1FDC81D9} - C:\Program Files\Internet Explorer\qujawiqe.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146277923\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\otygcnwy.dll",sitypnow
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Cassandra\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
    O4 - HKCU\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe"
    O4 - HKCU\..\Run: [Ultimate Cleaner.install] "C:\Program Files\ucleaner_setup.exe" continue
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?862d90c1d542458ab89a242dc320f56d
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?862d90c1d542458ab89a242dc320f56d
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
    O20 - Winlogon Notify: awtsrqr - awtsrqr.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\nkbseaos.exe (file missing)
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
    O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    YEAH, its pretty infected. Lets get started and Welcome to TSG :)

    Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Download SDFix and save it to your desktop.
    Double click SDFix.exe and it will extract the files to %systemdrive%
    (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

    Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Open the SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.



    ==================================


    Download Combofix and save it to your desktop.

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------
    Please go to Start---> Run---> In the space provided, type "%userprofile%\Desktop\ComboFix.exe"/killall
    & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall
     
  3. poltomb

    poltomb Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    14
    SDFix: Version 1.114

    Run by Cassandra on Sun 11/11/2007 at 10:55 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Documents and Settings\Cassandra\Application Data\WinTouch\wintouch.cfg - Deleted
    C:\Program Files\Insider\Insider.exe - Deleted
    C:\Program Files\Insider\UnInstall.exe - Deleted
    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe - Deleted
    C:\DOCUME~1\CASSAN~1\LOCALS~1\Temp\cmdinst.exe - Deleted
    C:\WINDOWS\avp.exe - Deleted
    C:\WINDOWS\b104.exe - Deleted
    C:\WINDOWS\mgrs.exe - Deleted
    C:\WINDOWS\TTC-4444.exe - Deleted
    C:\WINDOWS\uninstall_nmon.vbs - Deleted


    Folder C:\Documents and Settings\Cassandra\Application Data\WinTouch - Removed
    Folder C:\Program Files\InetGet2 - Removed
    Folder C:\Program Files\Insider - Removed
    Folder C:\Program Files\Temporary - Removed
    Folder C:\Temp\1cb - Removed
    Folder C:\Temp\fse - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-11 23:08:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Common Files\\AOL\\1146277923\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1146277923\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
    "C:\\Program Files\\Common Files\\AOL\\1146277923\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1146277923\\ee\\aim6.exe:*:Enabled:AIM"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
    "C:\\WINDOWS\\system32\\nkbseaos.exe"="C:\\WINDOWS\\system32\\nkb"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:mad:xpsp2res.dll,-22019"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:mad:xpsp2res.dll,-22019"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Fri 26 Oct 2007 56 ..SHR --- "C:\WINDOWS\system32\4D93A87DDB.sys"
    Tue 4 Sep 2007 88 ..SHR --- "C:\WINDOWS\system32\DB7DA8934D.sys"
    Tue 9 Oct 2007 1,573,360 A.SH. --- "C:\WINDOWS\system32\hgjlm.tmp"
    Fri 21 Sep 2007 6,448 A.SH. --- "C:\WINDOWS\system32\hgjlm.bak1"
    Tue 9 Oct 2007 768,189 A.SH. --- "C:\WINDOWS\system32\hgjlm.bak2"
    Fri 26 Oct 2007 6,580 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Sun 7 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL0004.tmp"
    Sat 31 Mar 2007 24,576 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL0397.tmp"
    Sat 31 Mar 2007 25,600 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL0507.tmp"
    Fri 30 Mar 2007 24,064 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL0520.tmp"
    Sun 7 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL0613.tmp"
    Sat 31 Mar 2007 25,088 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL1220.tmp"
    Fri 30 Mar 2007 24,576 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL1255.tmp"
    Fri 30 Mar 2007 24,576 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL1348.tmp"
    Sun 7 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL1409.tmp"
    Sat 31 Mar 2007 25,600 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL1569.tmp"
    Fri 30 Mar 2007 24,576 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL1665.tmp"
    Sun 7 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL1668.tmp"
    Sun 7 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL1779.tmp"
    Fri 30 Mar 2007 24,576 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL1994.tmp"
    Sun 7 Oct 2007 36,352 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL2114.tmp"
    Sun 7 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL2118.tmp"
    Fri 30 Mar 2007 24,064 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL2240.tmp"
    Sun 7 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL2256.tmp"
    Sun 7 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL2450.tmp"
    Sun 7 Oct 2007 34,304 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL2758.tmp"
    Sun 7 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL3122.tmp"
    Sun 7 Oct 2007 34,816 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL3911.tmp"
    Sun 7 Oct 2007 35,840 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL3956.tmp"
    Sat 31 Mar 2007 25,088 ...H. --- "C:\Documents and Settings\Cassandra\My Documents\~WRL4023.tmp"
    Thu 18 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0089cd1ec7c03d0a52caa6b6ea801507\BITC5.tmp"
    Fri 21 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BITAE.tmp"
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Cassandra\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Cassandra\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Cassandra\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
    Wed 18 Apr 2007 8 A..H. --- "C:\Documents and Settings\Cassandra\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
    Thu 6 Sep 2007 8 A..H. --- "C:\Documents and Settings\Cassandra\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"

    Finished!

    -------------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 11:18:57 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Common Files\AOL\1146277923\ee\AOLSoftware.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\QdrModule\QdrModule9.exe
    C:\Program Files\QdrPack\QdrPack9.exe
    C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Cassandra\Desktop\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {19387FDD-92BE-42C3-BDE2-8B4AB1ED6AD0} - C:\Program Files\MSN\mewody4444.dll
    O2 - BHO: (no name) - {2E68DFAF-4441-3CB3-3054-4D71C105C3C6} - C:\WINDOWS\system32\ltt.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {5F2D1427-E937-41A5-9B5A-6CD68F2B74B8} - C:\WINDOWS\system32\mljgh.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
    O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A4553DF3-D5CD-4FF1-878C-5FD559B39100} - C:\Program Files\MSN\mewody83122.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\awtsrqr.dll (file missing)
    O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
    O2 - BHO: 0 - {D54BBF04-D75C-4E1C-6FAD-882B1FDC81D9} - C:\Program Files\Internet Explorer\qujawiqe.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146277923\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\otygcnwy.dll",sitypnow
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
    O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
    O4 - HKCU\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe"
    O4 - HKCU\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?862d90c1d542458ab89a242dc320f56d
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?862d90c1d542458ab89a242dc320f56d
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
    O20 - Winlogon Notify: awtsrqr - awtsrqr.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\nkbseaos.exe (file missing)
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
    O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
     
  4. poltomb

    poltomb Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    14
    ComboFix 07-11-08.3 - Cassandra 2007-11-11 23:22:54.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.146 [GMT -6:00]
    Running from: C:\Documents and Settings\Cassandra\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\check_LSA7.txt
    C:\Documents and Settings\All Users\Application Data.\salesmonitor
    C:\Documents and Settings\All Users\Start Menu\Programs.\UltimateCleaner 2007
    C:\Documents and Settings\All Users\Start Menu\Programs.\UltimateCleaner 2007\Register UltimateCleaner 2007.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs.\UltimateCleaner 2007\Start UltimateCleaner 2007.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs.\UltimateCleaner 2007\Uninstall UltimateCleaner 2007.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\UltimateCleaner 2007\Register UltimateCleaner 2007.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\UltimateCleaner 2007\Start UltimateCleaner 2007.lnk
    C:\Documents and Settings\All Users\Start Menu\Programs\UltimateCleaner 2007\Uninstall UltimateCleaner 2007.lnk
    C:\Documents and Settings\Cassandra\Application Data.\Ultimate Cleaner
    C:\Documents and Settings\Cassandra\Application Data.\Ultimate Cleaner\settings.dat
    C:\Documents and Settings\Cassandra\Application Data\microsoft\internet explorer\quick launch\Start UltimateCleaner 2007.lnk
    C:\Documents and Settings\Cassandra\Application Data\Ultimate Cleaner\settings.dat
    C:\Documents and Settings\Cassandra\Desktop\Find Spyware Remover.lnk
    C:\Documents and Settings\Cassandra\Desktop\Go to Casino.lnk
    C:\Documents and Settings\Cassandra\Desktop\Ultimate Cleaner 2007.lnk
    C:\Documents and Settings\Cassandra\err.log
    C:\Documents and Settings\Cassandra\Start Menu\Programs\Internet Speed Monitor
    C:\Documents and Settings\Cassandra\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
    C:\Documents and Settings\Cassandra\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
    C:\Documents and Settings\LocalService\Application Data\NetMon
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
    C:\Program Files\Common Files\ystem~1
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    C:\Program Files\internet explorer\msimg32.dll
    C:\Program Files\Internet Explorer\rtereleku.html
    C:\Program Files\ISM
    C:\Program Files\ISM\BndDrive7.dll
    C:\Program Files\ISM\dictionary.gz
    C:\Program Files\ISM\kazooupd.exe
    C:\Program Files\ISM\targets.gz
    C:\Program Files\ISM\tourupd.exe
    C:\Program Files\ISM\Uninstall.exe
    C:\Program Files\ISM2
    C:\Program Files\ISM2\dictionary.gz
    C:\Program Files\ISM2\hydramedupd.exe
    C:\Program Files\ISM2\ISMPack7.exe
    C:\Program Files\ISM2\ISMPack8.exe
    C:\Program Files\ISM2\targets.gz
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Cache\0002D23A
    C:\Program Files\MyWebSearch\bar\Cache\04EBD3DE.GKw
    C:\Program Files\MyWebSearch\bar\Cache\04EBDAE3
    C:\Program Files\MyWebSearch\bar\Cache\04EBE052.bin
    C:\Program Files\MyWebSearch\bar\Cache\04EBEDCF.bin
    C:\Program Files\MyWebSearch\bar\Cache\04EBEEF8.bin
    C:\Program Files\MyWebSearch\bar\Cache\04EBF12A.bin
    C:\Program Files\MyWebSearch\bar\Cache\06012333.bin
    C:\Program Files\MyWebSearch\bar\Cache\060129EA.bin
    C:\Program Files\MyWebSearch\bar\Cache\06012D07.bin
    C:\Program Files\MyWebSearch\bar\Cache\0601313D.bin
    C:\Program Files\MyWebSearch\bar\Cache\115DF102.bin
    C:\Program Files\MyWebSearch\bar\Cache\115DF2B8
    C:\Program Files\MyWebSearch\bar\Cache\files.ini
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    C:\Program Files\QdrPack
    C:\Program Files\QdrPack\dicts.gz
    C:\Program Files\QdrPack\QdrPack9.exe
    C:\Program Files\QdrPack\trgts.gz
    C:\Program Files\ucleaner_setup.exe
    C:\Program Files\Ultimate Cleaner
    C:\Program Files\Ultimate Cleaner\com\ucsecuredelete.dll
    C:\Program Files\Ultimate Cleaner\program.info
    C:\Program Files\Ultimate Cleaner\ucleaner.pkg
    C:\Program Files\Ultimate Cleaner\UltimateCleaner.db
    C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe
    C:\Program Files\Ultimate Cleaner\Uninstall.exe
    C:\WINDOWS\Casino.ico
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Free Online Dating.ico
    C:\WINDOWS\Spyware Remover.ico
    C:\WINDOWS\system32\A1
    C:\WINDOWS\system32\bronto.dll
    C:\WINDOWS\system32\f02WtR
    C:\WINDOWS\system32\f3PSSavr.scr
    C:\WINDOWS\system32\H2
    C:\WINDOWS\system32\ltt.dll
    C:\WINDOWS\system32\nnitwmnb.exe
    C:\WINDOWS\system32\nuwjipsn.exe
    C:\WINDOWS\system32\praytkod.exe
    C:\WINDOWS\system32\Q2
    C:\WINDOWS\system32\Q2\mon33dll.exe
    C:\WINDOWS\system32\qedfamqk.exe
    C:\WINDOWS\system32\rxanaipv.exe
    C:\WINDOWS\system32\umlcxrwq.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NETWORK_MONITOR
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
    .

    2007-11-11 23:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-11 22:54 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-10-31 22:51 <DIR> d-------- C:\Program Files\QdrModule
    2007-10-26 14:56 <DIR> d-------- C:\Program Files\E404 Helper
    2007-10-26 14:55 <DIR> d-------- C:\Program Files\Lavasoft
    2007-10-26 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-26 14:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-26 14:53 56 -r-hs---- C:\WINDOWS\system32\4D93A87DDB.sys
    2007-10-25 16:43 11,776 --a------ C:\Program Files\591174875.exe
    2007-10-25 13:53 11,776 --a------ C:\Program Files\580951390.exe
    2007-10-24 17:58 <DIR> d-------- C:\Program Files\Minitab 15
    2007-10-19 13:28 <DIR> d-------- C:\Program Files\Adsense Helper Object

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-12 04:32 --------- d-----w C:\Documents and Settings\Cassandra\Application Data\AVG7
    2007-09-24 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2007-09-23 06:15 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-09-23 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-09-23 06:04 --------- d-----w C:\Program Files\Spyware Doctor
    2007-09-23 05:56 --------- d-----w C:\Documents and Settings\Cassandra\Application Data\Lavasoft
    2007-09-20 03:12 --------- d-----w C:\Program Files\Common Files\Sonic Shared
    2007-09-20 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
    2007-09-20 03:09 --------- d-----w C:\Program Files\Common Files\HP
    2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\Q2Fzc2FuZHJhIA\kZIWwZIRtJL1KE.vbs
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19387FDD-92BE-42C3-BDE2-8B4AB1ED6AD0}]
    2007-08-02 07:43 282624 --a------ C:\Program Files\MSN\mewody4444.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F2D1427-E937-41A5-9B5A-6CD68F2B74B8}]
    C:\WINDOWS\system32\mljgh.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]
    C:\Program Files\ISM\BndDrive4.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4553DF3-D5CD-4FF1-878C-5FD559B39100}]
    2007-08-02 07:43 282624 --a------ C:\Program Files\MSN\mewody83122.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D54BBF04-D75C-4E1C-6FAD-882B1FDC81D9}]
    C:\Program Files\Internet Explorer\qujawiqe.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 19:49]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 19:46]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 19:50]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 03:56]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 14:08]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 22:19 C:\WINDOWS\stsystra.exe]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-15 09:44]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-18 14:15]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
    "ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 16:34]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 18:20]
    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 16:34]
    "HostManager"="C:\Program Files\Common Files\AOL\1146277923\ee\AOLSoftware.exe" [2006-05-09 18:24]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49]
    "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-22 08:15]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 01:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
    "QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [2007-10-30 09:42]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

    C:\Documents and Settings\Cassandra\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-03-21 19:00:17]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-09-17 14:48:50]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-18 14:08:58]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
    HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24]
    Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-03-21 18:52:28]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrqr]
    awtsrqr.dll


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
    "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
    

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
    "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c523b674-4c2f-11db-b8b2-001422a4fe75}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-05 15:06:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-12 05:14:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-11 23:29:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-11 23:31:06 - machine was rebooted
    .
    --- E O F ---



    -------------------------------------------------------------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 11:33:27 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Common Files\AOL\1146277923\ee\AOLSoftware.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\QdrModule\QdrModule9.exe
    C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Cassandra\Desktop\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {19387FDD-92BE-42C3-BDE2-8B4AB1ED6AD0} - C:\Program Files\MSN\mewody4444.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {5F2D1427-E937-41A5-9B5A-6CD68F2B74B8} - C:\WINDOWS\system32\mljgh.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A4553DF3-D5CD-4FF1-878C-5FD559B39100} - C:\Program Files\MSN\mewody83122.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: 0 - {D54BBF04-D75C-4E1C-6FAD-882B1FDC81D9} - C:\Program Files\Internet Explorer\qujawiqe.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146277923\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?862d90c1d542458ab89a242dc320f56d
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?862d90c1d542458ab89a242dc320f56d
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: awtsrqr - awtsrqr.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
    O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
     
  5. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Download the attached file CFScript.txt to your Desktop


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall



    Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this computer only!!!!


    ====================================

    Please download and install SUPERAntiSpyware
    • Load SUPERAntiSpyware and click the Check for Updates button.
    • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

    IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
    • Open SUPERAntiSpyware and click the Scan your Computer button.
    • Check Perform Complete Scan and then click Next.
    • SUPERAntiSpyware will now scan your computer and when itÂ’s finished it will list all the infections it has found.
    • Make sure that they all have a check next to them, and then click Next.
    • Click Finish and you will be taken back to the main interface.
    • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
    • I'll need a log afterwards of what has been found.
    • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
    • Please post the results of the SUPERAntiSpyware login your next reply.
     

    Attached Files:

  6. poltomb

    poltomb Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    14
    ComboFix 07-11-08.3 - Cassandra 2007-11-14 19:53:55.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.159 [GMT -6:00]
    Running from: C:\Documents and Settings\Cassandra\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Cassandra\Desktop\CFScript.txt
    * Created a new restore point

    FILE
    C:\Program Files\580951390.exe
    C:\Program Files\591174875.exe
    C:\Program Files\MSN\mewody4444.dll
    C:\Program Files\MSN\mewody83122.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Cassandra\Start Menu\Programs\Internet Speed Monitor
    C:\Documents and Settings\Cassandra\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
    C:\Documents and Settings\Cassandra\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
    C:\Program Files\580951390.exe
    C:\Program Files\591174875.exe
    C:\Program Files\Adsense Helper Object
    C:\Program Files\Adsense Helper Object\aho.v5.dll
    C:\Program Files\MSN\mewody4444.dll
    C:\Program Files\MSN\mewody83122.dll
    C:\Program Files\QdrPack
    C:\Program Files\QdrPack\QdrPack9.exe

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
    .

    2007-11-11 23:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-11 22:54 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-10-31 22:51 <DIR> d-------- C:\Program Files\QdrModule
    2007-10-26 14:56 <DIR> d-------- C:\Program Files\E404 Helper
    2007-10-26 14:55 <DIR> d-------- C:\Program Files\Lavasoft
    2007-10-26 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-10-26 14:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-26 14:53 56 -r-hs---- C:\WINDOWS\system32\4D93A87DDB.sys
    2007-10-24 17:58 <DIR> d-------- C:\Program Files\Minitab 15

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-12 04:32 --------- d-----w C:\Documents and Settings\Cassandra\Application Data\AVG7
    2007-09-24 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2007-09-23 06:15 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-09-23 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-09-23 06:04 --------- d-----w C:\Program Files\Spyware Doctor
    2007-09-23 05:56 --------- d-----w C:\Documents and Settings\Cassandra\Application Data\Lavasoft
    2007-09-20 03:12 --------- d-----w C:\Program Files\Common Files\Sonic Shared
    2007-09-20 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
    2007-09-20 03:09 --------- d-----w C:\Program Files\Common Files\HP
    2005-05-12 04:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\Q2Fzc2FuZHJhIA\kZIWwZIRtJL1KE.vbs
    .

    ((((((((((((((((((((((((((((( [email protected]_23.30.28.70 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-15 02:00:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_14c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 19:49]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 19:46]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 19:50]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 03:56]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 14:08]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 22:19 C:\WINDOWS\stsystra.exe]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-15 09:44]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-18 14:15]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
    "ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 16:34]
    "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 18:20]
    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 16:34]
    "HostManager"="C:\Program Files\Common Files\AOL\1146277923\ee\AOLSoftware.exe" [2006-05-09 18:24]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49]
    "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-22 08:15]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 01:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
    "QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [2007-10-30 09:42]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

    C:\Documents and Settings\Cassandra\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-03-21 19:00:17]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-09-17 14:48:50]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-18 14:08:58]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
    HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24]
    Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-03-21 18:52:28]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
    

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
    "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c523b674-4c2f-11db-b8b2-001422a4fe75}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-05 15:06:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-15 01:14:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-14 20:01:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-14 20:05:01 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-11 23:31
    .
    --- E O F ---


    -------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 8:07:18 PM, on 11/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Common Files\AOL\1146277923\ee\AOLSoftware.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\QdrModule\QdrModule9.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Cassandra\Desktop\hijackthis\HijackThis.exe
    C:\WINDOWS\system32\cmd.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146277923\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?862d90c1d542458ab89a242dc320f56d
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?862d90c1d542458ab89a242dc320f56d
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
    O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
     
  7. poltomb

    poltomb Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    14
    Sorry about the delay between posts, I'm not always with my girl, and shes not very confident about doing this herself

    --------------------------------------------------------------------------------------------

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/14/2007 at 10:26 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3345
    Trace Rules Database Version: 1346

    Scan type : Complete Scan
    Total Scan Time : 02:11:13

    Memory items scanned : 662
    Memory threats detected : 1
    Registry items scanned : 5850
    Registry threats detected : 36
    File items scanned : 34996
    File threats detected : 543

    Trojan.Downloader-Gen/QDRModule
    C:\PROGRAM FILES\QDRMODULE\QDRMODULE9.EXE
    C:\PROGRAM FILES\QDRMODULE\QDRMODULE9.EXE
    [QdrModule9] C:\PROGRAM FILES\QDRMODULE\QDRMODULE9.EXE

    Adware.MyWebSearch
    HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
    HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
    HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
    HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
    HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
    HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
    C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
    HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
    C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL

    Adware.AdSponsor/ISM
    HKLM\Software\Classes\CLSID\{12DA1BC4-5384-42fd-A119-3C99D2D146A2}
    HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}
    HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}
    HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}#AppID
    HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories
    HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
    HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32
    HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32#ThreadingModel
    HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\ProgID
    HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\TypeLib
    HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\VersionIndependentProgID
    C:\PROGRAM FILES\ISM\BNDDRIVE4.DLL
    HKLM\Software\Classes\CLSID\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}#AppID
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\ProgID
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\TypeLib
    HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\VersionIndependentProgID
    C:\PROGRAM FILES\ISM\BNDDRIVE7.DLL
    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{12DA1BC4-5384-42fd-A119-3C99D2D146A2}
    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM2\ISMPACK7.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP424\A0026857.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP425\A0026876.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP425\A0026877.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP429\A0028032.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029242.EXE

    Adware.Tracking Cookie
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][6].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][6].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected]=0_[3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected]=10_[2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][5].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][5].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][6].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][6].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][6].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][5].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected]8[1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][23].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][7].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][10].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][11].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][12].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][13].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][14].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][15].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][16].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][17].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][18].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][19].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][20].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][21].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][22].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][5].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][6].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][7].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][8].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][9].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][5].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][5].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][5].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
     
  8. poltomb

    poltomb Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    14
    PART 2
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/14/2007 at 10:26 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3345
    Trace Rules Database Version: 1346

    -------------------------------------------------------------------------------------------------------

    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected]redorbit.us.intellitxt[1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][4].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\cas[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][3].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cassandra\Cookies\[email protected][2].txt

    Adware.E404 Helper/Hij
    C:\Program Files\E404 Helper\e404.v1.dll
    C:\Program Files\E404 Helper
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP427\A0027039.DLL

    Unclassified.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MSN\MEWODY4444.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MSN\MEWODY83122.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0026786.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP439\A0029414.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP439\A0029415.DLL

    Malware.Ultimate Defender
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\UCLEANER_SETUP.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ULTIMATE CLEANER\ULTIMATECLEANER.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029288.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029295.EXE

    Adware.ClickSpring
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LTT.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029239.DLL

    Adware.eZula
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NNITWMNB.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NUWJIPSN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PRAYTKOD.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QEDFAMQK.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RXANAIPV.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UMLCXRWQ.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP423\A0026788.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029233.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029234.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029235.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029236.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029237.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029238.EXE

    Trojan.NetMon/DNSChange
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP425\A0026868.EXE

    Trojan.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP425\A0026870.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP435\A0029181.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP435\A0029183.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP435\A0029184.VBS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP435\A0029190.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP435\A0029191.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP435\A0029194.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP435\A0029196.VBS
    C:\WINDOWS\Q2FZC2FUZHJHIA\KZIWWZIRTJL1KE.VBS
    C:\WINDOWS\SYSTEM32\DLL2\MMEMDT83122.EXE

    Trojan.Downloader-Gen/Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP425\A0026871.EXE

    Adware.Adservs
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP425\A0026872.DLL

    Trojan.Downloader-Gen/AVP
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP434\A0029117.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP435\A0029180.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP435\A0029189.EXE

    Adware.Search2Find
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029229.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029230.LNK
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP436\A0029318.LNK

    Adware.Vundo Variant/Rel
    C:\WINDOWS\SYSTEM32\HGJLM.BAK1
    C:\WINDOWS\SYSTEM32\HGJLM.BAK2
    C:\WINDOWS\SYSTEM32\HGJLM.INI
    C:\WINDOWS\SYSTEM32\HGJLM.INI2

    ----------------------------------------------------------------------------------------------------
     
  9. poltomb

    poltomb Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    14
    Logfile of HijackThis v1.99.1
    Scan saved at 11:23:36 PM, on 11/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Common Files\AOL\1146277923\ee\AOLSoftware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Documents and Settings\Cassandra\Desktop\hijackthis\HijackThis.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146277923\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?862d90c1d542458ab89a242dc320f56d
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?862d90c1d542458ab89a242dc320f56d
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
    O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
     
  10. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    How is everything running??
     
  11. poltomb

    poltomb Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    14
    Seems to be working really well. No pop-ups all day. Thanks for all your help.
     
  12. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Sorry for the delay :(

    How is everything? I just wanted to check back, i've been really busy.
     
  13. poltomb

    poltomb Thread Starter

    Joined:
    Nov 11, 2007
    Messages:
    14
    So far, so clean. Thanks again for your help. I won't let her download any more e-cards or malware-infested screensavers.:D
     
  14. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Good, lets finish up.

    Please remove ComboFix by following these instructions: Go to Start---> Run---> In the space provided, type ComboFix /u and press enter. A DOS windows will appear and click ok to uninstall combofix.


    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:

    • Download the latest version of Java Runtime Environment (JRE) 6u3.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.


    Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

    To SET A NEW RESTORE POINT:
    1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
    2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    3. Then go to Start > Run and type: Cleanmgr
    4. Click "OK".
    5. Click the "More Options" Tab.
    6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

    Graphics for doing this are in the following links if you need them.
    How to Create a Restore Point.
    How to use Cleanmgr.

    ======================================

    Here is some useful information on keeping your computer clean:
    1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
    2. Here are two great Preventive programs:
      • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
      • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
    3. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
      • Red for Warning
      • Yellow for Use Caution
      • Green for Safe
      • Grey for Unknown

      Here are the link to install SiteAdisor in Internet Explorer and Firefox
    4. Anti-Spyware Programs I Recommend:
      • Free Anti-Spyware Programs
    5. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650784

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice