1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Tracking Cookie following Vundo fix

Discussion in 'Virus & Other Malware Removal' started by Deedan, Jul 25, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Deedan

    Deedan Thread Starter

    Joined:
    Jul 25, 2007
    Messages:
    6
    Hi,

    Our computer was recently infected with Trojan Vundo virus which I fixed using vundofix. I am still getting a tracking cookie warning in NAV and Spywareterminator. In short I need an expert to look at the HJT log and let me know the next step.

    Thanks!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:36:02 PM, on 7/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\AOL\1180368198\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\Program Files\Webshots\WebshotsTray.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Documents and Settings\Dan\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/wind.main/welcome.htm?ver=1925&
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180368198\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-3317669182-2694622919-3201031879-1006\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'amelia')
    O4 - HKUS\S-1-5-21-3317669182-2694622919-3201031879-1006\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'amelia')
    O4 - HKUS\S-1-5-21-3317669182-2694622919-3201031879-1006\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (User 'amelia')
    O4 - HKUS\S-1-5-21-3317669182-2694622919-3201031879-1006\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" (User 'amelia')
    O4 - HKUS\S-1-5-21-3317669182-2694622919-3201031879-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'amelia')
    O4 - HKUS\S-1-5-21-3317669182-2694622919-3201031879-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'amelia')
    O4 - HKUS\S-1-5-21-3317669182-2694622919-3201031879-501\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Guest')
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm340YYUS
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?c4941ba7988a4f8fa8a1efbf2d14f3fd
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?c4941ba7988a4f8fa8a1efbf2d14f3fd
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O15 - Trusted Zone: http://care.alltel.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/WINDSTREAM/static/controls/WebflowActiveXInstaller_2-0-0.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - Winlogon Notify: nnvxtygn - C:\WINDOWS\
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 13115 bytes
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Run HijackThis and click Open the Misc Tools section
    • Click Open Uninstall Manager
    • Save list
    • click on the Desktop icon or select to save the list on the desktop
    • then click save.

    Open the file and copy/paste the contents back here in your next reply.
     
  3. Deedan

    Deedan Thread Starter

    Joined:
    Jul 25, 2007
    Messages:
    6
    Hi,

    Here is the Uninstall list from HTJ.

    Adobe Download Manager 1.2 (Remove Only)
    Adobe Flash Player 9 ActiveX
    Adobe Reader 6.0.1
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Uninstaller (Choose which Products to Remove)
    AppCore
    ArcSoft Panorama Maker 3
    ATI Control Panel
    ATI Display Driver
    AV
    Bonus
    CC_ccProxyExt
    ccCommon
    ccPxyCore
    CIB
    Clifford Reading
    Cyberchase Carnival Chaos
    Easy CD Creator 5 Basic
    Edmark - Thinkin' Things 1
    Edmark - Zap
    Edmark Mighty Math Number Heroes (remove)
    Edmark Mighty Math Zoo Zillions
    Edmark Thinkin' Science
    EuroTalk Talk Now Plus!
    Games Add-in for MSNĀ® Search Toolbar
    GearDrvs
    Generic SoftK56 Data Fax Voice CARP
    Google Toolbar for Internet Explorer
    HijackThis 2.0.2
    HP Image Zone 3.5
    HP PSC & OfficeJet 3.5
    HP Software Update
    HydraVision
    InterActual Player
    iPod Updater 2004-11-15
    iTunes
    Kid Pix Deluxe 3
    Learn2 Player (Uninstall Only)
    Lernout & Hauspie TruVoice American English TTS Engine
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Mall Tycoon
    Math Missions Grades 3-5
    Memories Disc Creator 2.0
    Microsoft .NET Framework 1.1
    Microsoft Data Access Components KB870669
    Microsoft Office Professional Edition 2003
    Microsoft Office XP Media Content
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft Windows Journal Viewer
    Mind Power(TM) Math - Pre Algebra
    MSN Search Toolbar
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 Parser and SDK
    Nickelodeon Toon Twister 3-D
    Nikon Message Center
    Norton 360
    Norton 360
    Norton 360
    Norton 360 (Symantec Corporation)
    Norton 360 Help
    Norton Add-on Pack (Symantec Corporation)
    Norton AntiSpam
    Norton AntiSpam
    Norton Confidential Browser Component
    Norton Confidential Web Authentification Component
    Norton Confidential Web Protection Component
    Norton Internet Security Bonus Pack
    OTOY
    Parental Control
    PictureProject
    PictureProject In Touch Downloader 1.0
    PowerDVD
    QuickTime
    RealArcade
    RealPlayer Basic
    Rhapsody Player Engine
    Roll
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    SoundMAX
    SPBBC 32bit
    SpongeBob SquarePants Typing
    Spyware Terminator
    SuppSoft
    SurfNavigator
    Symantec Real Time Storage Protection Component
    Symantec Technical Support Controls
    SymNet
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB936357)
    Viewpoint Media Player
    Virtual Engine Calculator 2.20j
    WeatherBug
    Webshots!
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    Windstream Broadband Check-up Center
    Yahoo! Toolbar
    Zoo Empire
    Zoombinis Logical Journey(TM)
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Go to add/remove programs and remove: WeatherBug



    Run HJT again and put a check in the following:

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKUS\S-1-5-21-3317669182-2694622919-3201031879-1006\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'amelia')
    O4 - HKUS\S-1-5-21-3317669182-2694622919-3201031879-1006\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (User 'amelia')
    O4 - HKUS\S-1-5-21-3317669182-2694622919-3201031879-1006\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" (User 'amelia')
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm340YYUS
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
    O20 - Winlogon Notify: nnvxtygn - C:\WINDOWS\

    Close all applications and browser windows before you click "fix checked".


    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  5. Deedan

    Deedan Thread Starter

    Joined:
    Jul 25, 2007
    Messages:
    6
    Ok, I've followed your instructions and am posting the new HTJ. I'll post the Combofix log in the next post.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:58:31 PM, on 7/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\AOL\1180368198\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\Program Files\Webshots\WebshotsTray.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Dan\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/wind.main/welcome.htm?ver=1925&
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180368198\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?c4941ba7988a4f8fa8a1efbf2d14f3fd
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?c4941ba7988a4f8fa8a1efbf2d14f3fd
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://care.alltel.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/WINDSTREAM/static/controls/WebflowActiveXInstaller_2-0-0.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 11449 bytes
     
  6. Deedan

    Deedan Thread Starter

    Joined:
    Jul 25, 2007
    Messages:
    6
    The Combofix log follows:

    "Dan" - 2007-07-28 14:49:54 [GMT -5:00] - ComboFix 07-07-24 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\amnfpdft.dll
    C:\WINDOWS\system32\atgbeavt.dll
    C:\WINDOWS\system32\awjmdkmx.dll
    C:\WINDOWS\system32\bvubewpr.dll
    C:\WINDOWS\system32\cjykxkbk.dll
    C:\WINDOWS\system32\cqxohkwr.dll
    C:\WINDOWS\system32\cvpddxsq.dll
    C:\WINDOWS\system32\demhmywu.dll
    C:\WINDOWS\system32\dqqbzllu.dll
    C:\WINDOWS\system32\egoskhek.dll
    C:\WINDOWS\system32\enkvrnko.dll
    C:\WINDOWS\system32\fcigukey.dll
    C:\WINDOWS\system32\gsjykiym.dll
    C:\WINDOWS\system32\iixvvbvk.dll
    C:\WINDOWS\system32\ipypgxhb.dll
    C:\WINDOWS\system32\jbkopaee.dll
    C:\WINDOWS\system32\jmdvlyng.dll
    C:\WINDOWS\system32\jriocnqu.dll
    C:\WINDOWS\system32\lauqmhhg.dll
    C:\WINDOWS\system32\lavdknqy.dll
    C:\WINDOWS\system32\lddiwkbn.dll
    C:\WINDOWS\system32\ltwqogik.dll
    C:\WINDOWS\system32\mfhihitt.dll
    C:\WINDOWS\system32\mgaciini.dll
    C:\WINDOWS\system32\mhbfyotv.dll
    C:\WINDOWS\system32\myuzlesr.dll
    C:\WINDOWS\system32\nllajewg.dll
    C:\WINDOWS\system32\nnvxtygn.dll
    C:\WINDOWS\system32\pvkflbgf.dll
    C:\WINDOWS\system32\qozqsskl.dll
    C:\WINDOWS\system32\qszblhmn.dll
    C:\WINDOWS\system32\rdmoanaf.dll
    C:\WINDOWS\system32\rhaeotty.dll
    C:\WINDOWS\system32\rtvttqte.dll
    C:\WINDOWS\system32\shctmnpa.dll
    C:\WINDOWS\system32\sihrxbno.dll
    C:\WINDOWS\system32\skurmmto.dll
    C:\WINDOWS\system32\skxsnpgt.dll
    C:\WINDOWS\system32\ssytgpzf.dll
    C:\WINDOWS\system32\stpcnhjw.dll
    C:\WINDOWS\system32\toovnzsf.dll
    C:\WINDOWS\system32\tybmnick.dll
    C:\WINDOWS\system32\ubovzvnd.dll
    C:\WINDOWS\system32\ubvmlgxm.dll
    C:\WINDOWS\system32\uqgpafvt.dll
    C:\WINDOWS\system32\uvjekgkx.dll
    C:\WINDOWS\system32\vglgcgrq.dll
    C:\WINDOWS\system32\vgwvbwqq.dll
    C:\WINDOWS\system32\wgdfoyeh.dll
    C:\WINDOWS\system32\wkwtkuio.dll
    C:\WINDOWS\system32\wpwzgoku.dll
    C:\WINDOWS\system32\wzbwouxy.dll
    C:\WINDOWS\system32\xiygoteb.dll
    C:\WINDOWS\system32\xolvkfgq.dll
    C:\WINDOWS\system32\xzbcokpm.dll
    C:\WINDOWS\system32\ybxxayup.dll
    C:\WINDOWS\system32\ycboaohm.dll
    C:\WINDOWS\system32\yiqbxxjk.dll
    C:\WINDOWS\system32\yjrmdlnd.dll
    C:\WINDOWS\system32\yoxzinxq.dll
    C:\WINDOWS\system32\zenxomsd.dll
    C:\WINDOWS\system32\zrrghpoc.dll
    C:\WINDOWS\system32\abqejwie.exe
    C:\WINDOWS\system32\bsofqncw.exe
    C:\WINDOWS\system32\dtmaxuux.exe
    C:\WINDOWS\system32\edqhwgdf.exe
    C:\WINDOWS\system32\gquutqju.exe
    C:\WINDOWS\system32\hbpgkfly.exe
    C:\WINDOWS\system32\hogmnmhs.exe
    C:\WINDOWS\system32\jcfaxbrt.exe
    C:\WINDOWS\system32\kyhxaoyb.exe
    C:\WINDOWS\system32\lrynpqoo.exe
    C:\WINDOWS\system32\mfycgvww.exe
    C:\WINDOWS\system32\mlsixtjv.exe
    C:\WINDOWS\system32\mokhlexe.exe
    C:\WINDOWS\system32\najrycyc.exe
    C:\WINDOWS\system32\njdnvmti.exe
    C:\WINDOWS\system32\nogqqfyv.exe
    C:\WINDOWS\system32\nppxpvvo.exe
    C:\WINDOWS\system32\ntjwfutg.exe
    C:\WINDOWS\system32\nvyqchuq.exe
    C:\WINDOWS\system32\okkgjitv.exe
    C:\WINDOWS\system32\olbkoubs.exe
    C:\WINDOWS\system32\ovurqdmx.exe
    C:\WINDOWS\system32\rfshcejf.exe
    C:\WINDOWS\system32\rledjmbv.exe
    C:\WINDOWS\system32\srsreego.exe
    C:\WINDOWS\system32\thuejypo.exe
    C:\WINDOWS\system32\udytjjlo.exe
    C:\WINDOWS\system32\utmbkjie.exe
    C:\WINDOWS\system32\veqdqqlg.exe
    C:\WINDOWS\system32\vtlcaqgn.exe
    C:\WINDOWS\system32\yayixmdf.exe


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Dan\Desktop.\internet explorer.lnk
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\PopSwatr\History\allowed
    C:\Program Files\FunWebProducts\PopSwatr\History\notallow
    C:\Program Files\FunWebProducts\ScreenSaver\Images\00114F07.urr
    C:\Program Files\FunWebProducts\ScreenSaver\Images\01B328C1.urr
    C:\Program Files\FunWebProducts\ScreenSaver\Images\01D1140F.urr
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\res100.html
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    C:\Program Files\Hammer.dll
    C:\setup.exe
    C:\WINDOWS\system32\f3PSSavr.scr


    ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))


    2007-07-28 14:43 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-18 08:49 138,368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2007-07-16 17:56 <DIR> d-------- C:\VundoFix Backups
    2007-07-13 21:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-07-13 21:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-07-13 21:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-07-13 19:27 <DIR> d-------- C:\Program Files\Spyware Terminator
    2007-07-13 19:27 <DIR> d-------- C:\DOCUME~1\Dan\APPLIC~1\Spyware Terminator
    2007-07-13 19:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
    2007-07-10 20:11 2,904 --a------ C:\WINDOWS\system32\tmp.reg
    2007-07-03 11:45 356,416 --a------ C:\WINDOWS\system32\drqmhbcb.exe
    2007-07-03 11:14 356,416 --a------ C:\WINDOWS\system32\koioyaqu.exe
    2007-07-02 16:41 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-07-02 11:34 356,416 --a------ C:\WINDOWS\system32\aosngktb.exe
    2007-07-01 21:24 315,456 --a------ C:\WINDOWS\system32\wiywhear.dll
    2007-07-01 21:24 315,456 --a------ C:\WINDOWS\system32\nvjtwxjl.dll
    2007-07-01 21:24 315,456 --a------ C:\WINDOWS\system32\ivxcvgte.dll
    2007-07-01 21:21 315,456 --a------ C:\WINDOWS\system32\cdndovmp.dll
    2007-07-01 21:18 315,456 --a------ C:\WINDOWS\system32\upbbqcob.dll
    2007-07-01 21:17 315,456 --a------ C:\WINDOWS\system32\wqcddwsa.dll
    2007-07-01 21:17 315,456 --a------ C:\WINDOWS\system32\mvdxnuxu.dll
    2007-07-01 21:17 315,456 --a------ C:\WINDOWS\system32\djfckoin.dll
    2007-07-01 21:14 315,456 --a------ C:\WINDOWS\system32\nwebaqct.dll
    2007-07-01 21:14 315,456 --a------ C:\WINDOWS\system32\iftjyytm.dll
    2007-07-01 21:11 315,456 --a------ C:\WINDOWS\system32\ykvgordg.dll
    2007-07-01 21:10 315,456 --a------ C:\WINDOWS\system32\rhnepnse.dll
    2007-07-01 21:07 315,456 --a------ C:\WINDOWS\system32\qdxtqpbi.dll
    2007-07-01 21:04 315,456 --a------ C:\WINDOWS\system32\jyirrlqn.dll
    2007-07-01 21:01 315,456 --a------ C:\WINDOWS\system32\plsginpr.dll
    2007-07-01 21:01 315,456 --a------ C:\WINDOWS\system32\arlybfjw.dll
    2007-07-01 20:58 315,456 --a------ C:\WINDOWS\system32\enpratwf.dll
    2007-07-01 20:57 315,456 --a------ C:\WINDOWS\system32\ayrewprw.dll
    2007-07-01 20:54 315,456 --a------ C:\WINDOWS\system32\rolwqbnh.dll
    2007-07-01 20:54 315,456 --a------ C:\WINDOWS\system32\nwdmxivw.dll
    2007-07-01 20:54 315,456 --a------ C:\WINDOWS\system32\mfwyrusg.dll
    2007-07-01 20:54 315,456 --a------ C:\WINDOWS\system32\inuuxcbv.dll
    2007-07-01 20:54 315,456 --a------ C:\WINDOWS\system32\fpsopiii.dll
    2007-07-01 20:54 315,456 --a------ C:\WINDOWS\system32\esydhoca.dll
    2007-07-01 20:53 315,456 --a------ C:\WINDOWS\system32\cdepkwhr.dll
    2007-07-01 20:50 315,456 --a------ C:\WINDOWS\system32\pcwxkpmq.dll
    2007-07-01 20:50 315,456 --a------ C:\WINDOWS\system32\hseygvyq.dll
    2007-07-01 20:50 315,456 --a------ C:\WINDOWS\system32\defrvrsq.dll
    2007-07-01 20:47 315,456 --a------ C:\WINDOWS\system32\xlcsvhdc.dll
    2007-07-01 20:44 315,456 --a------ C:\WINDOWS\system32\oreqlbuv.dll
    2007-07-01 20:43 315,456 --a------ C:\WINDOWS\system32\vljrfgnj.dll
    2007-07-01 20:43 315,456 --a------ C:\WINDOWS\system32\qnuchrxd.dll
    2007-07-01 20:43 315,456 --a------ C:\WINDOWS\system32\kwixcfna.dll
    2007-07-01 20:43 315,456 --a------ C:\WINDOWS\system32\ffgnimep.dll
    2007-07-01 20:41 315,456 --a------ C:\WINDOWS\system32\qaqrnhta.dll
    2007-07-01 14:17 315,456 --a------ C:\WINDOWS\system32\wqdupdyk.dll
    2007-07-01 14:17 315,456 --a------ C:\WINDOWS\system32\rxadplqw.dll
    2007-07-01 14:14 315,456 --a------ C:\WINDOWS\system32\ktktqoyc.dll
    2007-07-01 14:11 315,456 --a------ C:\WINDOWS\system32\ysrljqum.dll
    2007-07-01 14:11 315,456 --a------ C:\WINDOWS\system32\gvinpngh.dll
    2007-07-01 14:08 315,456 --a------ C:\WINDOWS\system32\sshmiynx.dll
    2007-07-01 14:04 315,456 --a------ C:\WINDOWS\system32\vphecbhh.dll
    2007-07-01 14:04 315,456 --a------ C:\WINDOWS\system32\nqaujrkw.dll
    2007-07-01 14:04 315,456 --a------ C:\WINDOWS\system32\dsxoixrk.dll
    2007-07-01 14:01 315,456 --a------ C:\WINDOWS\system32\myuyapgg.dll
    2007-07-01 14:01 315,456 --a------ C:\WINDOWS\system32\mckiytqb.dll
    2007-07-01 13:58 315,456 --a------ C:\WINDOWS\system32\bbrsyvgm.dll
    2007-07-01 13:57 315,456 --a------ C:\WINDOWS\system32\vbotqexf.dll
    2007-07-01 13:54 315,456 --a------ C:\WINDOWS\system32\yitwitcv.dll
    2007-07-01 13:54 315,456 --a------ C:\WINDOWS\system32\onuyskbq.dll
    2007-07-01 13:54 315,456 --a------ C:\WINDOWS\system32\hfjyoqnx.dll
    2007-07-01 13:51 315,456 --a------ C:\WINDOWS\system32\rcffcotp.dll
    2007-07-01 13:48 315,456 --a------ C:\WINDOWS\system32\kwlceuwi.dll
    2007-07-01 13:48 315,456 --a------ C:\WINDOWS\system32\fnelxoch.dll
    2007-07-01 13:47 315,456 --a------ C:\WINDOWS\system32\xjoiyjqf.dll
    2007-07-01 13:44 315,456 --a------ C:\WINDOWS\system32\vctvcywd.dll
    2007-07-01 13:41 315,456 --a------ C:\WINDOWS\system32\xwkaxqbd.dll
    2007-07-01 11:11 315,456 --a------ C:\WINDOWS\system32\cwenhlns.dll
    2007-07-01 11:04 315,456 --a------ C:\WINDOWS\system32\tdxyjbkb.dll
    2007-07-01 11:04 315,456 --a------ C:\WINDOWS\system32\mfsudvhx.dll
    2007-07-01 11:04 315,456 --a------ C:\WINDOWS\system32\ifvrbhrn.dll
    2007-07-01 11:04 315,456 --a------ C:\WINDOWS\system32\fwacqctf.dll
    2007-07-01 11:03 315,456 --a------ C:\WINDOWS\system32\ypgrjbkw.dll
    2007-07-01 11:03 315,456 --a------ C:\WINDOWS\system32\pvivgtcq.dll
    2007-07-01 11:03 315,456 --a------ C:\WINDOWS\system32\bbdcwgjj.dll
    2007-07-01 11:02 315,456 --a------ C:\WINDOWS\system32\wnucdbbc.dll
    2007-07-01 10:59 315,456 --a------ C:\WINDOWS\system32\nidkikao.dll
    2007-07-01 10:56 315,456 --a------ C:\WINDOWS\system32\qryarqxw.dll
    2007-07-01 10:56 315,456 --a------ C:\WINDOWS\system32\kvwldyyx.dll
    2007-07-01 10:56 315,456 --a------ C:\WINDOWS\system32\ckbwhqhu.dll
    2007-07-01 10:53 315,456 --a------ C:\WINDOWS\system32\dixoveji.dll
    2007-07-01 10:50 315,456 --a------ C:\WINDOWS\system32\ryffobfx.dll
    2007-07-01 10:49 315,456 --a------ C:\WINDOWS\system32\nkyrldaw.dll
    2007-07-01 10:46 315,456 --a------ C:\WINDOWS\system32\fgqomyhc.dll
    2007-07-01 10:43 315,456 --a------ C:\WINDOWS\system32\wuwhuimc.dll
    2007-07-01 10:43 315,456 --a------ C:\WINDOWS\system32\olatxykv.dll
    2007-07-01 10:43 315,456 --a------ C:\WINDOWS\system32\cihblfoi.dll
    2007-07-01 10:40 315,456 --a------ C:\WINDOWS\system32\ejieqaah.dll
    2007-07-01 10:39 315,456 --a------ C:\WINDOWS\system32\upkbntjb.dll
    2007-07-01 10:39 315,456 --a------ C:\WINDOWS\system32\nscxooyf.dll
    2007-07-01 10:19 315,456 --a------ C:\WINDOWS\system32\gboylngp.dll
    2007-07-01 10:16 315,456 --a------ C:\WINDOWS\system32\tyaafglo.dll
    2007-07-01 10:16 315,456 --a------ C:\WINDOWS\system32\mmnfhmng.dll
    2007-07-01 10:15 315,456 --a------ C:\WINDOWS\system32\wafddool.dll
    2007-07-01 10:15 315,456 --a------ C:\WINDOWS\system32\iokrgsum.dll
    2007-07-01 10:12 315,456 --a------ C:\WINDOWS\system32\ogoathyf.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-28 19:35:56 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-07-24 20:59:36 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\MSNGames
    2007-07-23 20:12:33 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\WeatherBug
    2007-07-17 17:21:38 186,256 ----a-w C:\WINDOWS\system32\SymNPPWA.dll
    2007-07-16 03:37:02 -------- d-----w C:\Program Files\Yahoo!
    2007-07-04 18:19:17 -------- d-----w C:\Program Files\Norton 360
    2007-06-27 16:56:07 243,639 ----a-w C:\WINDOWS\system32\mlljg.dll
    2007-06-27 16:40:57 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\AdobeUM
    2007-06-09 06:26:16 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\Symantec
    2007-06-09 04:38:18 1,822,182 --sha-w C:\WINDOWS\system32\tvvwa.ini2
    2007-06-09 03:52:40 -------- d-----w C:\Program Files\Symantec
    2007-06-09 03:52:39 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-06-09 03:52:39 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-06-09 03:52:39 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-06-09 03:52:39 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-06-09 03:02:32 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\Messaging-Names
    2007-06-08 20:06:05 1,836,086 --sha-w C:\WINDOWS\system32\tvvwa.bak2
    2007-06-03 20:03:52 1,583,854 --sha-w C:\WINDOWS\system32\tvvwa.bak1
    2007-06-03 19:58:35 -------- d-----w C:\Program Files\MSN Messenger
    2007-05-30 16:48:57 3,091 ----a-w C:\WINDOWS\EntPack.dat
    2007-05-28 16:34:06 -------- d-----w C:\Program Files\Common Files\Nikon
    2007-05-28 16:30:06 -------- d-----w C:\Program Files\PictureProject In Touch Downloader
    2007-05-28 16:28:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-28 16:28:19 -------- d-----w C:\Program Files\Common Files\muvee Technologies
    2007-05-28 16:28:05 -------- d-----w C:\Program Files\Nikon
    2007-05-28 16:27:29 -------- d-----w C:\Program Files\Common Files\InstallShield
    2007-05-28 16:26:59 -------- d-----w C:\Program Files\QuickTime
    2007-05-28 16:24:55 -------- d-----w C:\Program Files\ArcSoft
    2007-05-28 16:03:31 -------- d-----w C:\Program Files\Common Files\AOL
    2007-05-28 16:03:17 -------- d-----w C:\Program Files\Common Files\aolshare
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2004-11-18 03:48:49 70,376 ----a-w C:\DOCUME~1\Dan\APPLIC~1\GDIPFONTCACHEV1.DAT


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 19:36]
    "ATIPTA"="atiptaxx.exe" []
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-08-01 02:14]
    "CARPService"="carpserv.exe" [2001-12-23 06:02 C:\WINDOWS\system32\carpserv.exe]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-09-27 20:43]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 16:04]
    "Motive SmartBridge"="C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe" [2004-11-09 11:32]
    "HostManager"="C:\Program Files\Common Files\AOL\1180368198\ee\AOLSoftware.exe" [2006-04-13 15:36]
    "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 10:57]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-07 18:08]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 22:10]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

    C:\Documents and Settings\Dan\Start Menu\Programs\Startup\
    Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2003-09-27 21:34:27]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]
    NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-05-28 11:28:20]
    Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 18:10:04]
    Windstream Broadband Check-up Center.lnk - C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe [2007-01-26 17:40:27]

    R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    R1 Cdralw2k;Cdralw2k;C:\WINDOWS\system32\drivers\Cdralw2k.sys
    R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
    R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
    R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.SYS
    R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
    R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys
    R2 SoftFax;SoftFax;C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
    R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
    R3 ENETHUSB;Speedstream Ethernet USB Adapter;C:\WINDOWS\system32\DRIVERS\enethusb.sys
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
    R3 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
    R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
    S3 AON325;AOpen AON-325 10/100M Fast Ethernet PCI Adapter Driver;C:\WINDOWS\system32\DRIVERS\AON325.SYS
    S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
    S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS

    *Newly Created Service* - COMHOST

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-28 14:55:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\}\x203a\xf5w\x201d\xb6\1]
    "DisplayName"="\t"
    "DeviceDesc"="\t"
    "ProviderName"=""
    "MFG"="\xeec"
    "ReinstallString"="2002, 6.13.10.6102"
    "DeviceInstanceIds"=str(7):""

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-28 14:59:46 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-28 14:59

    --- E O F ---
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  8. Deedan

    Deedan Thread Starter

    Joined:
    Jul 25, 2007
    Messages:
    6
    The SuperAntiSpyware & HJT logs follow:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/29/2007 at 04:34 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3275
    Trace Rules Database Version: 1286

    Scan type : Complete Scan
    Total Scan Time : 01:34:23

    Memory items scanned : 595
    Memory threats detected : 0
    Registry items scanned : 5938
    Registry threats detected : 3
    File items scanned : 76544
    File threats detected : 102

    Adware.MyWay
    HKU\S-1-5-21-3317669182-2694622919-3201031879-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}
    HKU\S-1-5-21-3317669182-2694622919-3201031879-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}

    Unclassified.Unknown Origin
    HKU\S-1-5-21-3317669182-2694622919-3201031879-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{11A69AE4-FBED-4832-A2BF-45AF82825583}

    Adware.Tracking Cookie
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][2].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\amelia\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lizzy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Lizzy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lizzy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Lizzy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Lizzy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Lizzy\Cookies\[email protected][2].txt

    Adware.Vundo Variant
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\HAMMER.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ATGBEAVT.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AWJMDKMX.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DQQBZLLU.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EGOSKHEK.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IPYPGXHB.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JBKOPAEE.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JMDVLYNG.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LDDIWKBN.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LTWQOGIK.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NLLAJEWG.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QSZBLHMN.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RDMOANAF.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RTVTTQTE.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SKXSNPGT.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TOOVNZSF.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UBOVZVND.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UBVMLGXM.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UQGPAFVT.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VGWVBWQQ.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WGDFOYEH.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WKWTKUIO.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WZBWOUXY.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XIYGOTEB.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XOLVKFGQ.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XZBCOKPM.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YBXXAYUP.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YIQBXXJK.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YJRMDLND.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YOXZINXQ.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002169.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002172.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002173.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002179.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002180.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002185.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002186.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002187.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002191.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002192.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002197.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002201.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002202.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002204.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002208.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002211.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002213.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002214.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002215.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002218.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002219.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002220.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002222.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002223.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002224.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002225.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002226.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002228.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002229.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D69D391-61F0-4525-B17A-0FBF6C1C8ACE}\RP11\A0002230.DLL
    C:\VUNDOFIX BACKUPS\GFDQFELL.DLL.BAD
    C:\VUNDOFIX BACKUPS\SHGILMUM.DLL.BAD

    Trojan.Downloader-Gen/SwampDonk
    C:\VUNDOFIX BACKUPS\XXYXVTT.DLL.BAD

    Trojan.WinFixer
    C:\WINDOWS\SYSTEM32\MLLJG.DLL


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:41:28 PM, on 7/29/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\AOL\1180368198\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
    C:\Program Files\Webshots\WebshotsTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
    C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Dan\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/wind.main/welcome.htm?ver=1925&
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180368198\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?c4941ba7988a4f8fa8a1efbf2d14f3fd
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?c4941ba7988a4f8fa8a1efbf2d14f3fd
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://care.alltel.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/WINDSTREAM/static/controls/WebflowActiveXInstaller_2-0-0.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 11557 bytes
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    How is it running now?
     
  10. Deedan

    Deedan Thread Starter

    Joined:
    Jul 25, 2007
    Messages:
    6
    It's running great! Haven't had a tracking cookie warning pop up either.

    Do I need to do anything further?

    Thanks for everything!!
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I would like one last look if you don't mind.

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

    Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Processes group click ALL
    • In the Win32 Services group click ALL
    • In the Driver Services group click ALL
    • In the Registry group click ALL
    • In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED
    • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is UNCHECKED
    • In the File String Search group select ALL
    • in the Additional scans sections please press select ALL
    • Now click the Run Scan button on the toolbar.
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.
    Please post the resulting log here as an attachment.

    • Click on the orange Post a Reply! button
    • scroll down to Manage Attachments
    • Click in the box that says Upload File from your Computer
    • Click the Browse... button and find the file then click open
    • Click the Upload button
    • Wait until you see Current Attachment and your file name
    • Click on Close this window
    • Then submit the reply.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/600673

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice