1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Multiple Infestation in XP

Discussion in 'Virus & Other Malware Removal' started by BSUmerc, Jul 1, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. BSUmerc

    BSUmerc Thread Starter

    Joined:
    Jul 1, 2007
    Messages:
    4
    I've been having major issues with a variety of adware, and as my specialty is security for routers and switches, I'm essentially clueless as to how to remove them all. IE windows and unlabeled windows have been popping up, with ads and ebay searches for SCA MFC, respectively. I have removed both the files and registry keys for WebBuying and Outerinfo, but the majority of my issues still persist. HijackThis log is as follows:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:57:53 PM, on 7/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Nero\Nero 7\Nero 7\InCD\InCDsrv.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\DISC\DISCover.exe
    C:\Program Files\DISC\DiscUpdateMgr.exe
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1141524304\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Nero\Nero 7\Nero 7\InCD\InCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\rlajscl.exe
    C:\WINDOWS\retadpu2000219.exe
    C:\WINDOWS\rlajsclA.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\WINDOWS\cfg32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Tor\Privoxy\privoxy.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\cfg32a.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\DISC\DiscStreamHub.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\taskmgr.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://launch.yahoo.com/launchcast/member.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
    O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141524304\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [rlajsclA] C:\WINDOWS\rlajsclA.exe
    O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
    O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\itpb_11.exe SKY003
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Tor\Vidalia\vidalia.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\itpb_11.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Privoxy.lnk = C:\Program Files\Tor\Privoxy\privoxy.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O15 - Trusted Zone: http://*.trymedia.com (HKLM)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173591164184
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\InCD\InCDsrv.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rlajscl.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

    Also, when I booted, there was a message stating that dls0523pmw.exe had an issue.

    I have Avast!, A squared, Panda Anti-rootkit, and SpywareBlaster, but I think most of the above got on and incubated while I was using Norton. I'll be installing free AVG as soon as I get these issues taken care of.

    Edit: Just noticed this, but now something called Mirar pops up for about three seconds whenever the ads would pop up. The previous processes are still eating up processor time, though.
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    Download the Trial version of Superantispyware Pro (SAS):
    http://www.superantispyware.com/superantispyware.html?rid=3132


    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new Hijack This log.
     
  3. BSUmerc

    BSUmerc Thread Starter

    Joined:
    Jul 1, 2007
    Messages:
    4
    Just a heads up, at first windows didn't start successfully - it wouldn't even go to the user selection screen. However, it's probably just a deleted rootkit scheduled to run on boot.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/02/2007 at 02:37 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3263
    Trace Rules Database Version: 1274

    Scan type : Complete Scan
    Total Scan Time : 03:03:45

    Memory items scanned : 666
    Memory threats detected : 7
    Registry items scanned : 7554
    Registry threats detected : 189
    File items scanned : 208204
    File threats detected : 233

    Unclassified.Unknown Origin/System
    C:\WINDOWS\SYSTEM32\MLJGE.DLL
    C:\WINDOWS\SYSTEM32\MLJGE.DLL
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mljge
    C:\WINDOWS\SYSTEM32\DWDSREGT.EXE
    C:\WINDOWS\Prefetch\DWDSREGT.EXE-0DC2E041.pf

    Trojan.Downloader-Gen/HitItQuitIt
    C:\WINDOWS\SYSTEM32\DDCYXXX.DLL
    C:\WINDOWS\SYSTEM32\DDCYXXX.DLL
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddcyxxx
    C:\WINDOWS\SYSTEM32\DDCYVTQ.DLL
    C:\WINDOWS\SYSTEM32\RQRRQOM.DLL
    C:\WINDOWS\SYSTEM32\VTURRQN.DLL
    C:\WINDOWS\SYSTEM32\WVUSRRQ.DLL
    C:\WINDOWS\SYSTEM32\YAYAWXV.DLL

    Trojan.Downloader-SysMon
    C:\WINDOWS\RLAJSCL.EXE
    C:\WINDOWS\RLAJSCL.EXE

    Trojan.Downloader-Gen/RetAd
    C:\WINDOWS\RETADPU2000219.EXE
    C:\WINDOWS\RETADPU2000219.EXE
    [runner1] C:\WINDOWS\RETADPU2000219.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 ]
    C:\WINDOWS\RETADPU1000106.EXE
    C:\WINDOWS\Prefetch\RETADPU2000219.EXE-2F7A3452.pf

    Adware.SysMon
    C:\WINDOWS\RLAJSCLA.EXE
    C:\WINDOWS\RLAJSCLA.EXE
    [rlajsclA] C:\WINDOWS\RLAJSCLA.EXE
    C:\WINDOWS\SYSTEM32\F1\BK53.EXE
    C:\WINDOWS\Prefetch\BK53.EXE-339EFB05.pf
    C:\WINDOWS\Prefetch\RLAJSCLA.EXE-1C0AD116.pf

    Adware.SearchClickAds
    C:\WINDOWS\CFG32.EXE
    C:\WINDOWS\CFG32.EXE
    C:\WINDOWS\CFG32A.EXE
    C:\WINDOWS\CFG32A.EXE
    [Configuration Manager] C:\WINDOWS\CFG32.EXE
    HKLM\Software\Classes\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
    HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
    HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
    HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}#AppID
    HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\InprocServer32
    HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\InprocServer32#ThreadingModel
    HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\ProgID
    HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\Programmable
    HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\TypeLib
    HKCR\CLSID\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}\VersionIndependentProgID
    C:\WINDOWS\CFG32O.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F59898}
    HKLM\SOFTWARE\zAbstract
    HKLM\SOFTWARE\zAbstract#r
    HKLM\SOFTWARE\zAbstract#App1
    HKLM\SOFTWARE\zAbstract#App3
    HKLM\SOFTWARE\zAbstract#App4
    HKLM\SOFTWARE\zAbstract#App5
    HKLM\SOFTWARE\zAbstract#Version
    HKLM\SOFTWARE\zAbstract#BundleID
    HKLM\SOFTWARE\zAbstract#Parent
    HKLM\SOFTWARE\zAbstract#App2
    HKLM\SOFTWARE\zAbstract#CList
    C:\WINDOWS\CFG32R.DLL
    C:\WINDOWS\CFG32S.DLL
    C:\WINDOWS\STUB_MMA2.EXE
    C:\WINDOWS\Prefetch\CFG32.EXE-2CD5C964.pf
    C:\WINDOWS\Prefetch\CFG32A.EXE-0AC98EBC.pf
    C:\WINDOWS\Prefetch\STUB_MMA2.EXE-281977E7.pf

    Trojan.ZenoSearch
    [{ZN}] C:\WINDOWS\ITPB_11.EXE
    C:\WINDOWS\ITPB_11.EXE
    C:\WINDOWS\system32\msnav32.ax
    C:\DOCUMENTS AND SETTINGS\JESSE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\09MFCXYZ\DT[1].EXE
    C:\WINDOWS\SYSTEM32\KWINONDT.EXE
    C:\WINDOWS\Prefetch\ITPB_11.EXE-03DA9B57.pf

    Adware.ClickSpring/Outer Info Network
    HKLM\Software\Classes\CLSID\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}
    HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}
    HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}\InprocServer32
    HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}\InprocServer32#ThreadingModel
    HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}\Programmable
    HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}\TypeLib
    C:\PROGRAM FILES\OUTERINFO\OUTERINFO.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}
    C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Outerinfo

    Trojan.WinFixer
    HKLM\Software\Classes\CLSID\{7D912A87-F750-4426-B00B-5CB22F239577}
    HKCR\CLSID\{7D912A87-F750-4426-B00B-5CB22F239577}
    HKCR\CLSID\{7D912A87-F750-4426-B00B-5CB22F239577}\InprocServer32
    HKCR\CLSID\{7D912A87-F750-4426-B00B-5CB22F239577}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D912A87-F750-4426-B00B-5CB22F239577}
    C:\WINDOWS\SYSTEM32\PMNLK.DLL

    Adware.Mirar/NetNucleus
    HKLM\Software\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Version
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BuildName
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Affiliate
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Show3X
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#ShowType
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#PopupCount
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BlockEnable
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#WalkThrough
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
    C:\WINDOWS\SYSTEM32\WINNB58.DLL
    HKLM\Software\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR
    HKU\S-1-5-21-558834497-3157352443-2344169147-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32#ThreadingModel
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\ProgID
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Programmable
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\TypeLib
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\VersionIndependentProgID
    C:\WINDOWS\SYSTEM32\WINATS.DLL
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CLSID
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CurVer
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1\CLSID
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#UninstallString
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#SystemComponent
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#Installer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files#C:\WINDOWS\system32\WinATS.dll
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#CODEBASE
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#INF
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion#LastModified
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System32\WinATS.dll [  ]
    C:\WINDOWS\Downloaded Program Files\WinATS.inf
    C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\Q9ABUMEO\WINATS[1].CAB

    Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726}
    HKCR\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726}
    HKCR\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726}\InprocServer32
    HKCR\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{DC192567-65F9-4AB6-ADB7-E13575F81726}
    HKCR\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726}

    Trojan.ZQuest
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2327A512-BFE2-48FB-A1BE-6783753D4D31}
    HKCR\CLSID\{2327A512-BFE2-48FB-A1BE-6783753D4D31}
    HKCR\CLSID\{2327A512-BFE2-48FB-A1BE-6783753D4D31}
    HKCR\CLSID\{2327A512-BFE2-48FB-A1BE-6783753D4D31}\InProcServer32
    HKCR\CLSID\{2327A512-BFE2-48FB-A1BE-6783753D4D31}\InProcServer32#ThreadingModel
    C:\PROGRAM FILES\INTERNET EXPLORER\HONEPA83122.DLL

    Browser Hijacker.Internet Explorer Zone Hijack
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#http
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#http
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#http
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#http
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https

    Trojan.Unknown Origin
    HKLM\System\ControlSet001\Services\Windows Overlay Components
    HKLM\System\ControlSet003\Services\Windows Overlay Components
    HKLM\System\CurrentControlSet\Services\Windows Overlay Components

    Adware.Tracking Cookie
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected]interax[2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected]=0_[2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected]=0_[3].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][2].txt
    C:\Documents and Settings\Jesse\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][3].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][1].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt
    C:\Documents and Settings\root\Cookies\[email protected][2].txt

    Trojan.Windows Overlay Components/SysMon
    HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#Type
    HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#Start
    HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ErrorControl
    HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ImagePath
    HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#DisplayName
    HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components#ObjectName
    HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Security
    HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Security#Security
    HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum
    HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#0
    HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#Count
    HKLM\SYSTEM\CurrentControlSet\Services\Windows Overlay Components\Enum#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000#DeviceDesc
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000\Control
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000\Control#ActiveService
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#UninstallString
    C:\WINDOWS\offun.exe

    Adware.BookedSpace
    HKCR\AppID\Scaggy.DLL
    HKCR\AppID\Scaggy.DLL#AppID
    HKCR\Scaggy.Insert
    HKCR\Scaggy.Insert\CLSID
    HKCR\Scaggy.Insert\CurVer
    HKCR\Scaggy.Insert.1
    HKCR\Scaggy.Insert.1\CLSID
    HKCR\AppID\{90A52F08-64AC-4DC6-9D7D-451667029898}
    HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}
    HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0
    HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\0
    HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\0\win32
    HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\FLAGS
    HKCR\TypeLib\{90A52F08-64AC-4DC6-9D7D-451667029898}\1.0\HELPDIR

    Adware.Web Buying
    HKU\S-1-5-21-558834497-3157352443-2344169147-1008\Software\WebBuying

    Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\TEMP\ICD1.TMP\UWA7P_0001_N91M0809NETINSTALLER.EXE
    C:\DOCUMENTS AND SETTINGS\JESSE\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WWXAPQ8L.DEFAULT\CACHE\A23E4567D01
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UWA7P_0001_N91M0809NETINSTALLER.EXE
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWA7P_0001_N91M0809NETINSTALLER.EXE
    C:\WINDOWS\Prefetch\UWA7P_0001_N91M0809NETINSTALL-0A7249E2.pf
    C:\WINDOWS\Prefetch\UWA7P_0001_N91M0809NETINSTALL-37605A5E.pf

    Adware.RAC
    C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\XDKFVKR4\ACDT-PID67N[1].EXE
    C:\DOCUMENTS AND SETTINGS\JESSE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\KDYR8L6F\ACDT-PID67N[1].EXE

    Adware.ClickSpring/Yazzle
    C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE
    C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE
    C:\WINDOWS\PREFETCH\YAZZLE1281OINADMIN.EXE-27312430.PF

    Adware.k8l
    C:\PROGRAM FILES\WINDOWSUPDATE\PROJYWUINE.HTML

    Unclassified.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP215\A0094728.NFO

    Adware.WhenU
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP225\A0110120.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP226\A0110167.EXE

    Adware.eZula
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP226\A0110169.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP226\A0110170.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP226\A0110179.EXE
    C:\WINDOWS\SYSTEM32\NIKSHKVL.EXE
    C:\WINDOWS\SYSTEM32\UGNFXSUK.EXE

    Adware.ClickSpring/Resident
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP227\A0110304.DLL

    Adware.WebBuying-Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP227\A0110305.EXE

    Trojan.Downloader-WebBuying/PopEngine
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP227\A0110306.DLL

    Adware.WebBuying Assistant-Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP227\A0110307.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP227\A0110308.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP227\A0110332.EXE

    Spyware.RelevantKnowledge
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP227\A0110324.EXE
    C:\WINDOWS\ITPB_3.EXE
    C:\WINDOWS\Prefetch\ITPB_3.EXE-04B4C769.pf

    Trojan.Downloader-Gen/BasicMath
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP227\A0110331.EXE

    Trojan.Rootkit-TnCore
    C:\WINDOWS\SYSTEM32\DRIVERS\CORE.SYS

    Trojan.Rootkit-TnCore/Installer
    C:\WINDOWS\SYSTEM32\F4\WEN2.EXE
    C:\WINDOWS\Prefetch\WEN2.EXE-30F138D2.pf

    Trojan.Downloader-SpyTool
    C:\WINDOWS\SYSTEM32\HUWWPUTA.DLL

    Adware.ZenoSearch
    C:\WINDOWS\SYSTEM32\MNDSREGM.EXE

    Trojan.Downloader-Gen/BundleBase
    C:\WINDOWS\SYSTEM32\O02PREZ\O02PREZ1065.EXE
    C:\WINDOWS\Prefetch\O02PREZ1065.EXE-12A37521.pf

    Trojan.Downloader-Gen/Blah
    C:\WINDOWS\SYSTEM32\RQRQRPO.DLL

    Trojan.Downloader-Gen
    C:\WINDOWS\SYSTEM32\WINPFZ32.SYS

    Adware.ClickSpring/PuritySCAN
    C:\WINDOWS\SYSTEM32\WNSCPSU.EXE

    Adware.Unknown Origin
    C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG
     
  4. BSUmerc

    BSUmerc Thread Starter

    Joined:
    Jul 1, 2007
    Messages:
    4
    And the rest of the log - it wouldn't fit in the 30,000 character limit.

    Trace.Known Threat Sources
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDKFVKR4\managers[1].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\STLYN3PQ\cache[1].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\STLYN3PQ\ico2[1].gif
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\STLYN3PQ\styles[1].css
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDKFVKR4\checksoft[1].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDKFVKR4\ctxad-555[1].0005
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDKFVKR4\bundle[1].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDKFVKR4\campaigns7[1].encrypted
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q9ABUMEO\addisplay[1].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q9ABUMEO\ctxad-555[1].0004
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\STLYN3PQ\client_settings_3[1].bin
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q9ABUMEO\top_pic_new[1].gif
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NTBY6VYN\ico4[1].gif
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDKFVKR4\button2[1].gif
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NTBY6VYN\bundle[1].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q9ABUMEO\cache[1].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\STLYN3PQ\config[2].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NTBY6VYN\ctxad-555[1].0003
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\STLYN3PQ\index[1].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NTBY6VYN\ctxad-555[1].0006
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q9ABUMEO\ico5[1].gif
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q9ABUMEO\ctxad-555[1].0001
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q9ABUMEO\index[1].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDKFVKR4\ctxad-555[1].0002
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NTBY6VYN\cache[1].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDKFVKR4\config[1].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\NTBY6VYN\spacer[1].gif
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q9ABUMEO\bundle[1].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\STLYN3PQ\top1[1].gif
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDKFVKR4\logo[1].gif
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\STLYN3PQ\cache[2].htm
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDKFVKR4\ico3[1].gif
    C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\S1YR8XU7\sp2_b[1].gif
    C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\KDYR8L6F\index[2].htm
    C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\KDYR8L6F\visual[1].gif
    C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\41E3CT2Z\buttons[1].gif
    C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\S1YR8XU7\functions.js[1].htm
    C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\KDYR8L6F\scanner[1].htm


    and the HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:09:47 AM, on 7/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Nero\Nero 7\Nero 7\InCD\InCDsrv.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\DISC\DISCover.exe
    C:\Program Files\DISC\DiscUpdateMgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1141524304\ee\AOLSoftware.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Nero\Nero 7\Nero 7\InCD\InCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Tor\Vidalia\vidalia.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Tor\Privoxy\privoxy.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DISC\DiscStreamHub.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\Real\RealPlayer\realplay.exe
    C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://launch.yahoo.com/launchcast/member.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
    O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141524304\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Tor\Vidalia\vidalia.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\itpb_11.exe
    O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Privoxy.lnk = C:\Program Files\Tor\Privoxy\privoxy.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.trymedia.com (HKLM)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173591164184
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache Tomcat 4.1 - Alexandria Software Consulting - C:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\InCD\InCDsrv.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

    I don't know if I'm done, but the torrent of pop-up ads has stemmed its flow.
     
  5. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  6. BSUmerc

    BSUmerc Thread Starter

    Joined:
    Jul 1, 2007
    Messages:
    4
    I'm not sure what the problem is, but even after I choose "yes" on the ActiveX prompt, the text still asks me to click on the currently nonexistant IE bar to download another (or the same) ActiveX program.
     
  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Try this one instead

    * Go here and do the BitDefender online virus scan.
    • Click "I Agree" to agree to the EULA.
    • Allow the ActiveX control to install when prompted.
    • Click "Click here to scan" to begin the scan.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on "Click here to export the scan results"
    • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Multiple Infestation
  1. Dano2
    Replies:
    0
    Views:
    408
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/590762

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice