Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hi. My name is Deej and...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hi. My name is Deej and...

Unread postby capsdeej » July 27th, 2006, 2:31 pm

I feel like I'm joining a 12-step program here... ;)

I've run SpyBot, then AdAware, then aSquared and finally...here is my log...

=======================

Logfile of HijackThis v1.99.1
Scan saved at 1:22:42 PM, on 7/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\bdpn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\CAP'NT~1\APPLIC~1\YMBOLS~1\POOL32~1.EXE
C:\DOCUME~1\CAP'NT~1\LOCALS~1\Temp\!update.exe
C:\PROGRA~1\COMMON~1\ICROSO~1\notepad.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20069&k=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wmblv.exe
F2 - REG:system.ini: UserInit=userinit.exe,ihiphxr.exe
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0FB9DEB0-8672-CC05-4E02-9ED3D98A323C} - C:\WINDOWS\cahkokbuf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D8DFCF6F-0078-4392-865C-A5567A6DA798} - C:\Program Files\MSN\hose.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {FBB4DFB8-BC85-4447-B0AC-AEC58B7BB2D0} - C:\Program Files\MSN\hose.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\system32\fonts\svc\msapp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe
O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe
O4 - HKCU\..\Run: [Ibt] C:\DOCUME~1\CAP'NT~1\APPLIC~1\YMBOLS~1\POOL32~1.EXE
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\ICROSO~1\notepad.exe" -vt tzt
O4 - Startup: Z_Start.lnk = C:\WINDOWS\zigi.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.cox.net/custsup/supporta ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.cox.net/custsup/supporta ... gctlsi.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... st0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0305fd35f4b ... xIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0483416765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5752504252
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/w ... tycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\dllhost.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RG9yb3RoeSBNdW55YW4\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm
Advertisement
Register to Remove

Unread postby Shaba » July 28th, 2006, 3:55 am

Hi capsdeej

Look in your control panels add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.
Reboot and delete this folder if found:
C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
Uninstaller

Tutorial for the uninstaller if needed

Reboot when done and delete this folder if found:
C:\Program Files\PurityScan

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Send:

- a fresh HijackThis log
- combofix log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby capsdeej » July 28th, 2006, 9:28 am

Shaba,

Thanks. I've completed the following:

There was nothing of the sort in Add/Remove Programs - so I used the uninstall link you provided.

I downloaded and ran combofix. It completed successfully.

The ComboFix and HijackThis logs follow:

===================================

Logfile of HijackThis v1.99.1
Scan saved at 8:19:41 AM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\bdpn.exe
C:\windows\system32\okdsregk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\okko\okkom.exe
C:\PROGRA~1\COMMON~1\okko\okkoa.exe
C:\WINDOWS\system32\nwinlpez.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0FB9DEB0-8672-CC05-4E02-9ED3D98A323C} - C:\WINDOWS\cahkokbuf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {D8DFCF6F-0078-4392-865C-A5567A6DA798} - C:\Program Files\MSN\hose.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {FBB4DFB8-BC85-4447-B0AC-AEC58B7BB2D0} - C:\Program Files\MSN\hose.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\system32\fonts\svc\msapp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [{DF-F3-30-01-ZN}] C:\windows\system32\okdsregk.exe GID002
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe
O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe
O4 - HKCU\..\Run: [okko] C:\PROGRA~1\COMMON~1\okko\okkom.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\nwinlpez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\zigi.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\systb.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\systb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.cox.net/custsup/supporta ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.cox.net/custsup/supporta ... gctlsi.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... st0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0305fd35f4b ... xIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0483416765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5752504252
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/w ... tycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

===================================

Start Time= Fri 07/28/2006 7:57:04.01
Running from: C:\Documents and Settings\Cap'nTripps\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

8:04:38.31

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\system32\gckhwr.exe
C:\WINDOWS\system32\wmblv.exe
C:\WINDOWS\SYSTEM32\ihiphxr.exe


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-07-24 21:11:58 127,488 "C:\WINDOWS\SYSTEM32\gckhwr.exe"
2006-05-03 02:56:58 127,078 "C:\WINDOWS\SYSTEM32\javaws.exe"
2006-05-03 01:19:40 53,346 "C:\WINDOWS\SYSTEM32\javaw.exe"
2006-07-25 02:39:16 38,412 "C:\WINDOWS\SYSTEM32\ssqbn.exe"
2006-07-25 02:39:02 48,193 "C:\WINDOWS\SYSTEM32\VSL13.exe"
2006-07-24 21:12:00 28,672 "C:\WINDOWS\SYSTEM32\wmblv.exe"
2006-05-19 07:59:42 148,480 "C:\WINDOWS\SYSTEM32\dnsapi.dll"
2006-05-10 00:25:22 55,808 "C:\WINDOWS\SYSTEM32\extmgr.dll"
2006-05-10 00:25:22 96,256 "C:\WINDOWS\SYSTEM32\inseng.dll"
2006-05-19 10:06:04 3,055,104 "C:\WINDOWS\SYSTEM32\mshtml.dll"
2006-05-10 00:25:22 532,480 "C:\WINDOWS\SYSTEM32\mstime.dll"
2006-05-10 00:25:22 615,424 "C:\WINDOWS\SYSTEM32\urlmon.dll"
2006-07-24 21:12:00 23,552 "C:\WINDOWS\SYSTEM32\ihiphxr.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\SYSTEM32\WgaTray.exe"
2006-05-10 00:25:20 151,040 "C:\WINDOWS\SYSTEM32\cdfview.dll"
2006-05-10 00:25:22 357,888 "C:\WINDOWS\SYSTEM32\dxtmsft.dll"
2006-05-10 00:25:22 205,312 "C:\WINDOWS\SYSTEM32\dxtrans.dll"
2006-05-10 00:25:22 251,904 "C:\WINDOWS\SYSTEM32\iepeers.dll"
2006-06-01 13:47:08 163,840 "C:\WINDOWS\SYSTEM32\jgdw400.dll"
2006-06-01 13:47:08 27,648 "C:\WINDOWS\SYSTEM32\jgpl400.dll"
2006-05-18 00:24:26 450,560 "C:\WINDOWS\SYSTEM32\jscript.dll"
2006-05-10 00:25:22 15,872 "C:\WINDOWS\SYSTEM32\jsproxy.dll"
2006-07-24 21:12:00 51,712 "C:\WINDOWS\SYSTEM32\mjjinbd.dll"
2006-05-10 00:25:22 39,424 "C:\WINDOWS\SYSTEM32\pngfilt.dll"
2006-05-14 03:44:08 181,248 "C:\WINDOWS\SYSTEM32\rasmans.dll"
2006-05-29 10:32:10 1,496,576 "C:\WINDOWS\SYSTEM32\shdocvw.dll"
2006-05-10 00:25:22 474,112 "C:\WINDOWS\SYSTEM32\shlwapi.dll"
2006-05-10 00:25:22 663,552 "C:\WINDOWS\SYSTEM32\wininet.dll"
2006-05-10 00:25:20 1,054,208 "C:\WINDOWS\SYSTEM32\danim.dll"
2006-07-27 13:10:32 127,488 "C:\WINDOWS\SYSTEM32\mayli.dat"
2006-07-28 07:54:04 421 "C:\WINDOWS\fxqon.dll"
2006-07-24 21:11:52 53 "C:\WINDOWS\bvlvlp.dat"
2006-07-24 21:11:58 127,488 "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ykvid.exe"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


07/27/2006 01:10 PM 127,488 mayli.dat.vir
07/24/2006 09:11 PM 127,488 gckhwr.exe.vir
07/24/2006 09:11 PM 127,488 ykvid.exe.vir
07/24/2006 09:11 PM 51,712 mjjinbd.dll.vir
07/24/2006 09:11 PM 28,672 wmblv.exe.vir
07/24/2006 09:11 PM 23,552 ihiphxr.exe.vir
07/24/2006 09:11 PM 53 bvlvlp.dat.vir


DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-06-19 16:19:26 304,944 "C:\WINDOWS\SYSTEM32\WgaTray.exe"
2006-05-03 02:56:58 127,078 "C:\WINDOWS\SYSTEM32\javaws.exe"
2006-05-03 01:19:40 53,346 "C:\WINDOWS\SYSTEM32\javaw.exe"
2006-07-25 02:39:16 38,412 "C:\WINDOWS\SYSTEM32\ssqbn.exe"
2006-07-25 02:39:02 48,193 "C:\WINDOWS\SYSTEM32\VSL13.exe"
2006-05-10 00:25:20 151,040 "C:\WINDOWS\SYSTEM32\cdfview.dll"
2006-05-10 00:25:22 357,888 "C:\WINDOWS\SYSTEM32\dxtmsft.dll"
2006-05-10 00:25:22 205,312 "C:\WINDOWS\SYSTEM32\dxtrans.dll"
2006-05-10 00:25:22 251,904 "C:\WINDOWS\SYSTEM32\iepeers.dll"
2006-06-01 13:47:08 163,840 "C:\WINDOWS\SYSTEM32\jgdw400.dll"
2006-06-01 13:47:08 27,648 "C:\WINDOWS\SYSTEM32\jgpl400.dll"
2006-05-18 00:24:26 450,560 "C:\WINDOWS\SYSTEM32\jscript.dll"
2006-05-10 00:25:22 15,872 "C:\WINDOWS\SYSTEM32\jsproxy.dll"
2006-05-10 00:25:22 39,424 "C:\WINDOWS\SYSTEM32\pngfilt.dll"
2006-05-14 03:44:08 181,248 "C:\WINDOWS\SYSTEM32\rasmans.dll"
2006-05-29 10:32:10 1,496,576 "C:\WINDOWS\SYSTEM32\shdocvw.dll"
2006-05-10 00:25:22 474,112 "C:\WINDOWS\SYSTEM32\shlwapi.dll"
2006-05-10 00:25:22 663,552 "C:\WINDOWS\SYSTEM32\wininet.dll"
2006-05-19 07:59:42 148,480 "C:\WINDOWS\SYSTEM32\dnsapi.dll"
2006-05-10 00:25:22 55,808 "C:\WINDOWS\SYSTEM32\extmgr.dll"
2006-05-10 00:25:22 96,256 "C:\WINDOWS\SYSTEM32\inseng.dll"
2006-05-19 10:06:04 3,055,104 "C:\WINDOWS\SYSTEM32\mshtml.dll"
2006-05-10 00:25:22 532,480 "C:\WINDOWS\SYSTEM32\mstime.dll"
2006-05-10 00:25:22 615,424 "C:\WINDOWS\SYSTEM32\urlmon.dll"
2006-05-10 00:25:20 1,054,208 "C:\WINDOWS\SYSTEM32\danim.dll"
2006-07-28 07:54:04 421 "C:\WINDOWS\fxqon.dll"


(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Bryce\Application Data\Sskcwrd.dll
C:\Documents and Settings\Bryce\Application Data\Sskknwrd.dll
C:\Documents and Settings\Bryce\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Bryce\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Ssk.log


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



8:12:04.25
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\drsmartload1.exe
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\D37R1P8U\drsmartload[1].exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\SYSTEM32\atmtd.dll.tmp
C:\Program Files\network monitor
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\WINDOWS\RG9yb3RoeSBNdW55YW4


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-28 07:54:04 421 ( A.... ) "C:\WINDOWS\fxqon.dll"
2006-07-28 07:51:36 45077 ( A.... ) "C:\WINDOWS\SYSTEM32\okdsregk.exe"
2006-07-28 07:45:54 923 ( A.... ) "C:\WINDOWS\SYSTEM32\nt68rrtc12.sys"
2006-07-28 07:45:54 923 ( A.... ) "C:\WINDOWS\SYSTEM32\nt68rrtc12.sys"
2006-07-28 07:42:40 159885 ( A.... ) "C:\WINDOWS\SYSTEM32\nwinlpez.exe"
2006-07-27 14:19:54 36864 ( A.... ) "C:\WINDOWS\ieunst.exe"
2006-07-27 14:19:50 16384 ( A.... ) "C:\WINDOWS\rgrt.exe"
2006-07-27 14:19:42 14848 ( A.... ) "C:\WINDOWS\ts.exe"
2006-07-27 14:19:36 25105 ( A.... ) "C:\WINDOWS\id.exe"
2006-07-27 14:19:30 46202 ( A.... ) "C:\fym9bvo.exe"
2006-07-27 14:19:30 45058 ( A.... ) "C:\WINDOWS\zigi.exe"
2006-07-27 14:19:12 40320 ( A.... ) "C:\WINDOWS\dollar.exe"
2006-07-27 14:19:12 32206 ( ..SH. ) "C:\Program Files\Common Files\Y1268OU.exe"
2006-07-27 14:18:52 183872 ( A.... ) "C:\WINDOWS\yazzle.exe"
2006-07-27 14:18:48 333983 ( A.... ) "C:\WINDOWS\mynexus.exe"
2006-07-27 14:18:42 254940 ( A.... ) "C:\WINDOWS\extract.exe"
2006-07-27 13:21:32 ( .D... ) "C:\Program Files\HijackThis"
2006-07-27 11:52:50 ( .D... ) "C:\Program Files\Common Files\okko"
2006-07-27 11:52:22 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\?ymbols"
2006-07-27 11:43:32 ( .D... ) "C:\Program Files\a-squared"
2006-07-27 10:34:40 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\Lavasoft"
2006-07-27 10:34:18 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-27 02:13:40 0 ( A.... ) "C:\WINDOWS\win32103-214342374.exe"
2006-07-25 02:39:16 38412 ( A.... ) "C:\WINDOWS\SYSTEM32\ssqbn.exe"
2006-07-25 02:39:02 48193 ( A.... ) "C:\WINDOWS\SYSTEM32\VSL13.exe"
2006-07-25 02:38:42 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\System Restore"
2006-07-24 21:28:50 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-24 21:12:46 143360 ( A.... ) "C:\WINDOWS\sys012143423743-2006.exe"
2006-07-24 21:12:30 183887 ( A.... ) "C:\WINDOWS\YazzleBundle-1304.exe"
2006-07-24 21:12:16 234248 ( A.... ) "C:\WINDOWS\Tagasuarus2.exe"
2006-07-24 21:12:14 28672 ( A.... ) "C:\WINDOWS\SYSTEM32\hvzead7v.exe"
2006-07-24 21:12:12 208896 ( A.... ) "C:\WINDOWS\SYSTEM32\v199.dll"
2006-07-24 21:12:10 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe"
2006-07-24 21:11:58 45056 ( A.... ) "C:\WINDOWS\zuckdha.exe"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\SYSTEM32\tsuninst.exe"
2006-07-03 10:53:22 1142784 ( A.... ) "C:\WINDOWS\SYSTEM32\bdpn.exe"
2006-06-23 21:05:16 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\Sun"
2006-06-23 20:57:22 ( .D... ) "C:\Documents and Settings\Cap'nTripps\Application Data\Google"
2006-06-23 20:57:20 ( .D... ) "C:\Program Files\Google"
2006-06-23 20:54:56 ( .D... ) "C:\Program Files\Java"
2006-06-23 20:52:22 ( .D... ) "C:\Program Files\Common Files\Java"
2006-06-23 10:22:08 9216 ( A.... ) "C:\WINDOWS\cahkokbuf.dll"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\SYSTEM32\WgaLogon.dll"
2006-05-31 12:01:28 155648 ( ..SH. ) "C:\Program Files\Common Files\Y1268OA.exe"
2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\SYSTEM32\dnsapi.dll"
2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\SYSTEM32\dhcpcsvc.dll"
2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\SYSTEM32\iphlpapi.dll"
2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\SYSTEM32\javaws.exe"
2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\SYSTEM32\javaw.exe"
2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\SYSTEM32\java.exe"
2001-07-26 17:58:46 47 ( A.... ) "C:\Program Files\ACMonitor_X73.ini"
2001-07-05 13:46:44 8116 ( A.... ) "C:\Program Files\OSLO3071b2.USB"
2001-05-11 12:39:16 53248 ( A.... ) "C:\Program Files\ACMonitor_X73.exe"
2001-05-08 17:36:42 114688 ( A.... ) "C:\Program Files\lxarscan.dll"
2001-04-23 15:22:14 1437 ( A.... ) "C:\Program Files\gtx73.ini"
2001-02-22 10:54:36 768 ( A.... ) "C:\Program Files\x73_lut.dat"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-28 07:51 45,077 C:\WINDOWS\system32\okdsregk.exe
2006-07-28 07:45 923 C:\WINDOWS\system32\nt68rrtc12.sys
2006-07-28 07:42 159,885 C:\WINDOWS\system32\nwinlpez.exe
2006-07-27 14:19 46,202 C:\fym9bvo.exe
2006-07-27 14:19 45,058 C:\WINDOWS\zigi.exe
2006-07-27 14:19 40,320 C:\WINDOWS\dollar.exe
2006-07-27 14:19 36,864 C:\WINDOWS\ieunst.exe
2006-07-27 14:19 25,105 C:\WINDOWS\id.exe
2006-07-27 14:19 16,384 C:\WINDOWS\rgrt.exe
2006-07-27 14:19 14,848 C:\WINDOWS\ts.exe
2006-07-27 14:19 127,578 C:\WINDOWS\system32\tsuninst.exe
2006-07-27 14:18 69,632 C:\WINDOWS\wupdt.exe
2006-07-27 14:18 61,440 C:\WINDOWS\getnexus.exe
2006-07-27 14:18 401,408 C:\WINDOWS\systb.dll
2006-07-27 14:18 333,983 C:\WINDOWS\mynexus.exe
2006-07-27 14:18 290,816 C:\WINDOWS\webnexus.exe
2006-07-27 14:18 254,940 C:\WINDOWS\extract.exe
2006-07-27 14:18 183,872 C:\WINDOWS\yazzle.exe
2006-07-27 02:13 0 C:\WINDOWS\win32103-214342374.exe
2006-07-27 01:54 267,468,800 C:\hiberfil.sys
2006-07-25 02:39 48,193 C:\WINDOWS\system32\VSL13.exe
2006-07-25 02:39 38,412 C:\WINDOWS\system32\ssqbn.exe
2006-07-24 21:12 45,056 C:\WINDOWS\system32tfthot.exe
2006-07-24 21:12 28,672 C:\WINDOWS\system32\hvzead7v.exe
2006-07-24 21:12 234,248 C:\WINDOWS\Tagasuarus2.exe
2006-07-24 21:12 208,896 C:\WINDOWS\system32\v199.dll
2006-07-24 21:12 183,887 C:\WINDOWS\YazzleBundle-1304.exe
2006-07-24 21:12 143,360 C:\WINDOWS\sys012143423743-2006.exe
2006-07-24 21:12 1,142,784 C:\WINDOWS\system32\bdpn.exe
2006-07-24 21:11 45,056 C:\WINDOWS\zuckdha.exe
2006-07-24 21:11 421 C:\WINDOWS\fxqon.dll
2006-06-23 20:56 53,346 C:\WINDOWS\system32\javaw.exe
2006-06-23 20:56 49,248 C:\WINDOWS\system32\java.exe
2006-06-23 20:56 127,078 C:\WINDOWS\system32\javaws.exe
2006-06-23 10:22 9,216 C:\WINDOWS\cahkokbuf.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\Wkfud.exe"
"DellTouch"="C:\\WINDOWS\\DELLMMKB.EXE"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"SandIcon"="C:\\ImageMate CompactFlash USB\\SandIcon.Exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser Mouse\\mouse32a.exe"
"Windows System Tray"="C:\\WINDOWS\\system32\\fonts\\svc\\msapp.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"QuickTime Task"="C:\\WINDOWS\\System32\\qttask.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~2\\VPTray.exe"
@=""
"StatusClient"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Apache Tomcat 4.0\\webapps\\Toolbox\\StatusClient\\StatusClient.exe /auto"
"TomcatStartup"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\hpbpsttp.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"pop06apelt"="C:\\WINDOWS\\thiselt.exe"
"kSPYv"="\"C:\\WINDOWS\\system32\\bdpn.exe\""
"TheMonitor"="C:\\WINDOWS\\CCZoop05.exe"
"ftexc"="C:\\WINDOWS\\system32\\mptft.exe"
"Win Server Updt"="C:\\WINDOWS\\wupdt.exe"
"{DF-F3-30-01-ZN}"="c:\\windows\\system32\\okdsregk.exe GID002"
"wdskctl"="C:\\WINDOWS\\wdskctl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"wallp2.exe"="C:\\WINDOWS\\system32\\wallp2.exe"
"VSL13.exe"="C:\\WINDOWS\\system32\\VSL13.exe"
"ssqbn.exe"="C:\\WINDOWS\\system32\\ssqbn.exe"
"okko"="C:\\PROGRA~1\\COMMON~1\\okko\\okkom.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Outlook Express\\kybeqiki.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Online Services\\hoxy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="C:\\Program Files\\WindowsUpdate\\kybeqiki.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ec,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="C:\\Program Files\\Internet Explorer\\hoxy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ee,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,44,03,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""




Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Files and Settings Transfer Wizard.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1068310400.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Fri 07/28/2006 8:12:20.50
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

===================================
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby Shaba » July 28th, 2006, 12:01 pm

Hi

Looking better :)

We'll need disable TeaTimer temporarily that it won't prevent fixes:

# Run Spybot-S&D in Advanced Mode.
# If it is not already set to do this Go to the Mode menu select "Advanced Mode"
# On the left hand side, Click on Tools
# Then click on the Resident Icon in the List
# Uncheck "Resident TeaTimer" and OK any prompts.
# Restart your computer.

After that:

Open HijackThis, click do a system scan only and checkmark these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll
O2 - BHO: (no name) - {0FB9DEB0-8672-CC05-4E02-9ED3D98A323C} - C:\WINDOWS\cahkokbuf.dll
O2 - BHO: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {D8DFCF6F-0078-4392-865C-A5567A6DA798} - C:\Program Files\MSN\hose.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {FBB4DFB8-BC85-4447-B0AC-AEC58B7BB2D0} - C:\Program Files\MSN\hose.dll
O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [{DF-F3-30-01-ZN}] C:\windows\system32\okdsregk.exe GID002
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\WINDOWS\system32\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINDOWS\system32\VSL13.exe
O4 - HKCU\..\Run: [ssqbn.exe] C:\WINDOWS\system32\ssqbn.exe
O4 - HKCU\..\Run: [okko] C:\PROGRA~1\COMMON~1\okko\okkom.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\nwinlpez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\zigi.exe
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\systb.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\systb.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0305fd35f4b ... xIE601.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll


Close all windows including browser and press fix checked.

Please download the Killbox.
Unzip it to the desktop

Please run Killbox.

Select "Delete on Reboot".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\v199.dll
C:\WINDOWS\cahkokbuf.dll
C:\WINDOWS\systb.dll
C:\WINDOWS\thiselt.exe
C:\WINDOWS\system32\bdpn.exe
C:\WINDOWS\CCZoop05.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\wupdt.exe
C:\windows\system32\okdsregk.exe
C:\Program Files\MSN\hose.dll
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\system32\wallp2.exe
C:\WINDOWS\system32\VSL13.exe
C:\WINDOWS\SYSTEM32\nwinlpez.exe
C:\WINDOWS\zigi.exe
C:\WINDOWS\fxqon.dll
C:\WINDOWS\ieunst.exe
C:\WINDOWS\rgrt.exe
C:\WINDOWS\ts.exe
C:\WINDOWS\id.exe
C:\fym9bvo.exe
C:\WINDOWS\dollar.exe
C:\Program Files\Common Files\Y1268OU.exe
C:\WINDOWS\yazzle.exe
C:\WINDOWS\mynexus.exe
C:\WINDOWS\win32103-214342374.exe
C:\WINDOWS\sys012143423743-2006.exe
C:\WINDOWS\YazzleBundle-1304.exe
C:\WINDOWS\Tagasuarus2.exe
C:\WINDOWS\SYSTEM32\hvzead7v.exe
C:\WINDOWS\system32tfthot.exe
C:\WINDOWS\zuckdha.exe
C:\WINDOWS\SYSTEM32\tsuninst.exe
C:\WINDOWS\SYSTEM32\bdpn.exe
C:\WINDOWS\system32\nt68rrtc12.sys

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Delete this folder:

C:\Program Files\Common Files\okko

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.


Send:

- a fresh HijackThis log
- kaspersky report
- uninstall list
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby capsdeej » July 28th, 2006, 3:04 pm

Wow...this is an amazing process. Thank you so much for your help so far.

I was able to complete all tasks as specified and the requested log files follow:

HIJACKTHIS
========
Logfile of HijackThis v1.99.1
Scan saved at 1:57:56 PM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\nwinlpez.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\system32\fonts\svc\msapp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinlpez.exe GID002
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\nwinlpez.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.cox.net/custsup/supporta ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.cox.net/custsup/supporta ... gctlsi.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... st0401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0483416765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5752504252
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/w ... tycoon.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

========
KASPERSKY
========

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, July 28, 2006 1:55:45 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 28/07/2006
Kaspersky Anti-Virus database records: 210604
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 72836
Number of viruses found: 43
Number of infected objects: 151
Number of suspicious objects: 0
Duration of the scan process: 01:43:20

Infected Object Name / Virus Name / Last Action
C:\!KillBox\v199.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40001.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40002.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01640000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\022C0000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B80000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07BC0000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07BC0001.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07BC0002.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07BC0003.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B240000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Application Data\Identities\{7C2CADAC-7DAD-4C9C-B2B3-6AEF13480E5B}\Microsoft\Outlook Express\Inbox.dbx/[From "Paypal Security" <securitycenter@paypal.com>][Date Sat, 30 Jul 2005 01:19:03 -0800]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Application Data\Identities\{7C2CADAC-7DAD-4C9C-B2B3-6AEF13480E5B}\Microsoft\Outlook Express\Inbox.dbx/[From "Paypal Security" <securitycenter@paypal.com>][Date Sat, 30 Jul 2005 01:19:03 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Application Data\Identities\{7C2CADAC-7DAD-4C9C-B2B3-6AEF13480E5B}\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\0R6FYPED\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\33YNIKHV\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\33YNIKHV\popup[1].php/packed Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\33YNIKHV\popup[1].php GZIP: infected - 1 skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\O9MV8L6B\!update-4095[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\O9MV8L6B\wallpap[1].exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\OX4J83SN\installer[1].exe/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\OX4J83SN\installer[1].exe Inno: infected - 1 skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\QRWVM50R\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[1].php/packed Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[1].php GZIP: infected - 1 skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\YD4NI1UL\fym9bvo[1].exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\YD4NI1UL\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Dorothy Munyan\Local Settings\Temp\Hbinst.exe Infected: not-a-virus:AdWare.Win32.Hotbar.a skipped
C:\fym9bvo.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\Program Files\Common Files\Y1268OA.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\Program Files\HijackThis\backups\backup-20060728-115015-643.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\Program Files\HijackThis\backups\backup-20060728-115015-647.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\Program Files\HijackThis\backups\backup-20060728-115016-350.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\Program Files\HijackThis\backups\backup-20060728-115016-364.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\Program Files\HijackThis\backups\backup-20060728-115016-466.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\Program Files\MSN\hose.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\Program Files\Outlook Express\kybeqiki.html Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\WindowsUpdate\kybeqiki.html Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\QooBox\gckhwr.exe.vir Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\QooBox\ihiphxr.exe.vir Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\QooBox\mayli.dat.vir Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\QooBox\mjjinbd.dll.vir Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\QooBox\wmblv.exe.vir Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\QooBox\ykvid.exe.vir Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\RECYCLER\S-1-5-21-3685698554-3238835185-2771580065-1008\Dc1\okkoa.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\RECYCLER\S-1-5-21-3685698554-3238835185-2771580065-1008\Dc1\okkol.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\RECYCLER\S-1-5-21-3685698554-3238835185-2771580065-1008\Dc1\okkom.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\RECYCLER\S-1-5-21-3685698554-3238835185-2771580065-1008\Dc1\okkop.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0167222.exe Infected: not-a-virus:AdWare.Win32.Hotbar.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168083.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168084.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168085.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168097.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168108.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP844\A0168212.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP844\A0168230.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168287.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168321.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168333.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168333.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168333.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168342.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168440.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168443.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168466.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168467.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168468.dll Infected: not-a-virus:AdWare.Win32.Mirar.b skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168469.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168470.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168472.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168473.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168474.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168475.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168476.exe Infected: not-a-virus:AdWare.Win32.Agent.ag skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168480.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168484.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168484.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168485.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168487.exe Infected: Trojan-Downloader.Win32.Adload.az skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0169474.exe Infected: Trojan-Downloader.Win32.OneClickNetSearch.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169484.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169485.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169488.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169489.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169490.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169495.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169496.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169506.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169508.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169511.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169524.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169525.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169526.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169527.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169528.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169529.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169536.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169537.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169559.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169560.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169593.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169594.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169600.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\WINDOWS\cahkokbuf.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\WINDOWS\cp.exe Infected: Trojan-Spy.Win32.IamBigBrother.91 skipped
C:\WINDOWS\dollar.exe Infected: Trojan-Downloader.Win32.Adload.az skipped
C:\WINDOWS\extract.exe/systb.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\WINDOWS\extract.exe/wdskctl.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\WINDOWS\extract.exe CAB: infected - 2 skipped
C:\WINDOWS\extract.exe MimarSinan: infected - 2 skipped
C:\WINDOWS\extract.exe UPX: infected - 2 skipped
C:\WINDOWS\getnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\WINDOWS\id.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\ieunst.exe Infected: not-a-virus:AdWare.Win32.Iebar.j skipped
C:\WINDOWS\mynexus.exe/getnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\WINDOWS\mynexus.exe/webnexus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\WINDOWS\mynexus.exe CAB: infected - 2 skipped
C:\WINDOWS\mynexus.exe MimarSinan: infected - 2 skipped
C:\WINDOWS\mynexus.exe UPX: infected - 2 skipped
C:\WINDOWS\rgrt.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\WINDOWS\sys012143423743-2006.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\WINDOWS\systb.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\WINDOWS\SYSTEM32\bdpn.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\WINDOWS\SYSTEM32\hvzead7v.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\WINDOWS\SYSTEM32\nwinlpez.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.q skipped
C:\WINDOWS\SYSTEM32\okdsregk.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\WINDOWS\SYSTEM32\ssqbn.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\WINDOWS\SYSTEM32\ssqbn.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\WINDOWS\SYSTEM32\ssqbn.exe NSIS: infected - 2 skipped
C:\WINDOWS\SYSTEM32\VSL13.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\WINDOWS\SYSTEM32\VSL13.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\WINDOWS\SYSTEM32\VSL13.exe NSIS: infected - 2 skipped
C:\WINDOWS\system32tfthot.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\WINDOWS\Tagasuarus2.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\Tagasuarus2.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\Tagasuarus2.exe/data0007 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\Tagasuarus2.exe NSIS: infected - 3 skipped
C:\WINDOWS\ts.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\WINDOWS\unin101.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\webnexus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\WINDOWS\wupdt.exe Infected: Trojan-Downloader.Win32.OneClickNetSearch.f skipped
C:\WINDOWS\yazzle.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\WINDOWS\yazzle.exe NSIS: infected - 1 skipped
C:\WINDOWS\YazzleBundle-1304.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\WINDOWS\YazzleBundle-1304.exe NSIS: infected - 1 skipped
C:\WINDOWS\zigi.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\WINDOWS\zuckdha.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped

Scan process completed.

========
UNINSTALL
========

Ad-Aware SE Personal
Adobe Acrobat 5.0
allTunes
a-squared Free 1.6.5
ATI Display Driver
Browser Mouse
Command
Conexant HCF V90 56K Data Fax PCI Modem
Dell Picture Studio - Image Expert 2000
Dell Solution Center
DellTouch
Enhanced Ads by Zeno removal
Forethought
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB918766)
hp instant support
hp LaserJet 1010 Series
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
ImageMate CompactFlash USB (SDDR-31) Ver. 5.05
Internet Explorer Toolbar - Intelligent Explorer
InterVideo XPack (MP3 Only)
J2SE Runtime Environment 5.0 Update 7
Kaspersky On-line Scanner
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Picture It! Publishing 2001
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MSN Messenger 7.5
Muiltmedia keyboard utility 1.1
Network Monitor
Norton WMI Update
PhoneTools
PowerDVD
Quicklinks
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Shockwave
Spybot - Search & Destroy 1.4
Symantec Client Security
TargetSaver
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Wal-Mart Music Downloads Store
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yazzle by OIN
Zeno Search Assistant removal

==========
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby Shaba » July 29th, 2006, 4:58 am

Hi

That killbox thing failed :( We'll try it again. Please follow my instructions carefully and copy all lines at the same time You copied just the first line.

Uninstall via add/remove programs (control panel):

Command
Enhanced Ads by Zeno removal
Forethought
Network Monitor
Yazzle by OIN
Zeno Search Assistant removal

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\nwinlpez.exe


Close all windows including browser and press fix checked.

Open Outlook, log in to your account and go to Inbox.

Delete this mail dated as below:

Date Sat, 30 Jul 2005 01:19:03 -0800

Empty Deleted Items folder in Outlook

Empty Norton Quarantine.

Please download ATF Cleaner by Atribune and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Please run Killbox.

Select "Delete on Reboot".

Copy the file names below to the clipboard by highlighting all of them at the same time (NOT one at a time) and pressing Control-C:

C:\fym9bvo.exe
C:\Program Files\Common Files\Y1268OA.exe
C:\Program Files\MSN\hose.dll
C:\Program Files\Outlook Express\kybeqiki.html
C:\Program Files\WindowsUpdate\kybeqiki.html
C:\QooBox\gckhwr.exe.vir
C:\QooBox\ihiphxr.exe.vir
C:\QooBox\mayli.dat.vir
C:\QooBox\mjjinbd.dll.vir
C:\QooBox\wmblv.exe.vir
C:\QooBox\ykvid.exe.vir
C:\WINDOWS\cahkokbuf.dll
C:\WINDOWS\cp.exe
C:\WINDOWS\dollar.exe
C:\WINDOWS\extract.exe
C:\WINDOWS\getnexus.exe
C:\WINDOWS\id.exe
C:\WINDOWS\ieunst.exe
C:\WINDOWS\mynexus.exe
C:\WINDOWS\rgrt.exe
C:\WINDOWS\sys012143423743-2006.exe
C:\WINDOWS\systb.dll
C:\WINDOWS\SYSTEM32\bdpn.exe
C:\WINDOWS\SYSTEM32\hvzead7v.exe
C:\WINDOWS\SYSTEM32\nwinlpez.exe
C:\WINDOWS\SYSTEM32\okdsregk.exe
C:\WINDOWS\SYSTEM32\ssqbn.exe
C:\WINDOWS\SYSTEM32\VSL13.exe
C:\WINDOWS\system32tfthot.exe
C:\WINDOWS\Tagasuarus2.exe
C:\WINDOWS\ts.exe Infected:
C:\WINDOWS\unin101.exe
C:\WINDOWS\webnexus.exe
C:\WINDOWS\wupdt.exe
C:\WINDOWS\yazzle.exe
C:\WINDOWS\YazzleBundle-1304.exe
C:\WINDOWS\zigi.exe
C:\WINDOWS\zuckdha.exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- a fresh uninstall list
- kaspersky report.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby capsdeej » July 29th, 2006, 8:39 am

Hi Shaba.

I really did copy all the lines - but I notice there is are two buttons in Killbox - one says "One File" and the other says "All Files". Maybe that's why it didn't work? Should I press the "all files" button?

Let me know and I'll complete your latest request.

Thanks!!
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby Shaba » July 29th, 2006, 8:47 am

Hi

Yes, please press "All files"-button :) I'll update that thing for myself for future.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby capsdeej » July 29th, 2006, 2:23 pm

========
HIJACKTHIS
========
Logfile of HijackThis v1.99.1
Scan saved at 1:20:33 PM, on 7/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\DELLMMKB.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\system32\fonts\svc\msapp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinlpez.exe GID002
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.cox.net/custsup/supporta ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.cox.net/custsup/supporta ... gctlsi.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... st0401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0483416765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5752504252
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/w ... tycoon.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


========
UNINSTALL
========
Ad-Aware SE Personal
Adobe Acrobat 5.0
allTunes
a-squared Free 1.6.5
ATI Display Driver
Browser Mouse
Command
Conexant HCF V90 56K Data Fax PCI Modem
Dell Picture Studio - Image Expert 2000
Dell Solution Center
DellTouch
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB918766)
hp instant support
hp LaserJet 1010 Series
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
ImageMate CompactFlash USB (SDDR-31) Ver. 5.05
Internet Explorer Toolbar - Intelligent Explorer
InterVideo XPack (MP3 Only)
J2SE Runtime Environment 5.0 Update 7
Kaspersky On-line Scanner
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Picture It! Publishing 2001
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MSN Messenger 7.5
Muiltmedia keyboard utility 1.1
Network Monitor
Norton WMI Update
PhoneTools
PowerDVD
Quicklinks
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)


========
KASPERSKY
========
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, July 29, 2006 1:16:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 29/07/2006
Kaspersky Anti-Virus database records: 209781
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 69192
Number of viruses found: 41
Number of infected objects: 190
Number of suspicious objects: 0
Duration of the scan process: 01:42:51

Infected Object Name / Virus Name / Last Action
C:\!KillBox\bdpn.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\!KillBox\cahkokbuf.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\!KillBox\cp.exe Infected: Trojan-Spy.Win32.IamBigBrother.91 skipped
C:\!KillBox\dollar.exe Infected: Trojan-Downloader.Win32.Adload.az skipped
C:\!KillBox\extract.exe/systb.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\!KillBox\extract.exe/wdskctl.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\!KillBox\extract.exe CAB: infected - 2 skipped
C:\!KillBox\extract.exe MimarSinan: infected - 2 skipped
C:\!KillBox\extract.exe UPX: infected - 2 skipped
C:\!KillBox\fym9bvo.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\!KillBox\gckhwr.exe.vir Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\!KillBox\getnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\!KillBox\hose.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\!KillBox\hvzead7v.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\!KillBox\id.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\!KillBox\ieunst.exe Infected: not-a-virus:AdWare.Win32.Iebar.j skipped
C:\!KillBox\ihiphxr.exe.vir Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\!KillBox\kybeqiki.html Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\!KillBox\kybeqiki.html( 1) Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\!KillBox\mayli.dat.vir Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\!KillBox\mjjinbd.dll.vir Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\!KillBox\mynexus.exe/getnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\!KillBox\mynexus.exe/webnexus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\!KillBox\mynexus.exe CAB: infected - 2 skipped
C:\!KillBox\mynexus.exe MimarSinan: infected - 2 skipped
C:\!KillBox\mynexus.exe UPX: infected - 2 skipped
C:\!KillBox\nwinlpez.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.q skipped
C:\!KillBox\okdsregk.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\!KillBox\rgrt.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\!KillBox\ssqbn.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\!KillBox\ssqbn.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\!KillBox\ssqbn.exe NSIS: infected - 2 skipped
C:\!KillBox\sys012143423743-2006.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\!KillBox\systb.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\!KillBox\system32tfthot.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\!KillBox\Tagasuarus2.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\!KillBox\Tagasuarus2.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\!KillBox\Tagasuarus2.exe/data0007 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\!KillBox\Tagasuarus2.exe NSIS: infected - 3 skipped
C:\!KillBox\unin101.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\!KillBox\v199.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\!KillBox\VSL13.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\!KillBox\VSL13.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\!KillBox\VSL13.exe NSIS: infected - 2 skipped
C:\!KillBox\webnexus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\!KillBox\wmblv.exe.vir Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\!KillBox\wupdt.exe Infected: Trojan-Downloader.Win32.OneClickNetSearch.f skipped
C:\!KillBox\yazzle.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\!KillBox\yazzle.exe NSIS: infected - 1 skipped
C:\!KillBox\YazzleBundle-1304.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\!KillBox\YazzleBundle-1304.exe NSIS: infected - 1 skipped
C:\!KillBox\ykvid.exe.vir Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\!KillBox\zigi.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\!KillBox\zuckdha.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40001.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40002.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01640000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\022C0000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07500000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07B80000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07BC0000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07BC0001.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07BC0002.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07BC0003.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B240000.VBN Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\20HU3RBA\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\O9MV8L6B\!update-4095[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\OX4J83SN\installer[1].exe/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\OX4J83SN\installer[1].exe Inno: infected - 1 skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\QRWVM50R\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[1].php/packed Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[1].php GZIP: infected - 1 skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[2].php/packed Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[2].php GZIP: infected - 1 skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\YD4NI1UL\fym9bvo[1].exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\YD4NI1UL\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Program Files\HijackThis\backups\backup-20060728-115015-643.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\Program Files\HijackThis\backups\backup-20060728-115015-647.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\Program Files\HijackThis\backups\backup-20060728-115016-350.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\Program Files\HijackThis\backups\backup-20060728-115016-364.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\Program Files\HijackThis\backups\backup-20060728-115016-466.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0167222.exe Infected: not-a-virus:AdWare.Win32.Hotbar.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168083.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168084.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168085.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168097.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168108.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP844\A0168212.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP844\A0168230.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168287.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168321.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168333.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168333.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168333.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168342.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168440.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168443.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168466.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168467.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168468.dll Infected: not-a-virus:AdWare.Win32.Mirar.b skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168469.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168470.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168472.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168473.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168474.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168475.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168476.exe Infected: not-a-virus:AdWare.Win32.Agent.ag skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168480.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168484.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168484.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168485.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168487.exe Infected: Trojan-Downloader.Win32.Adload.az skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0169474.exe Infected: Trojan-Downloader.Win32.OneClickNetSearch.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169484.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169485.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169488.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169489.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169490.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169495.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169496.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169506.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169508.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169511.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169524.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169525.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169526.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169527.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169528.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169529.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169536.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169537.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169559.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169560.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169593.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169594.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169600.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169628.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169632.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169636.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169638.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169641.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169642.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169643.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169644.exe Infected: Trojan-Spy.Win32.IamBigBrother.91 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169645.exe Infected: Trojan-Downloader.Win32.Adload.az skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169646.exe/systb.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169646.exe/wdskctl.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169646.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169646.exe MimarSinan: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169646.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169647.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169648.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169649.exe Infected: not-a-virus:AdWare.Win32.Iebar.j skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169650.exe/getnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169650.exe/webnexus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169650.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169650.exe MimarSinan: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169650.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169651.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169652.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169653.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169654.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169655.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169656.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.q skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169657.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169658.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169658.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169658.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169659.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169659.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169659.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169660.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169661.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169661.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169661.exe/data0007 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169661.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169662.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169663.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169664.exe Infected: Trojan-Downloader.Win32.OneClickNetSearch.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169665.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169665.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169666.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169666.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169667.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169668.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\WINDOWS\ts.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

Scan process completed.




THANKS!!!!
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby capsdeej » July 29th, 2006, 2:40 pm

I forget to inlude in my previous post...

I was unable to uninstall the following items as I got errors when attempting to uninstall via Add/Remove Programs:

Network Monitor: Can not find script file "C:\WINDOWS\uninstall_nmon.vbs".

Command: Can not find script file "C:\WINDOWS\RG9yb...\l36Vv...qb.vbs".
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby Shaba » July 30th, 2006, 5:03 am

Hi

That's ok, combofix deleted those files; that's why you can't uninstall them. These names are just on that list, programs are gone :)

Open HijackThis, click do a system scan only and checkmark this:

O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinlpez.exe GID002

Close all windows including browser and press fix checked.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\20HU3RBA\popup[1].htm
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\O9MV8L6B\!update-4095[1].0000
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\OX4J83SN\installer[1].exe
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\QRWVM50R\popup[1].htm
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[1].htm
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[1].php
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[2].htm
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[2].php
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\YD4NI1UL\fym9bvo[1].exe
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\YD4NI1UL\popup[1].htm
C:\WINDOWS\ts.exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Boot in safe mode -> http://www.pchell.com/support/safemode.shtml

Empty these folders:

C:\!KillBox
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

Empty recycle bin

Reboot

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby capsdeej » July 31st, 2006, 3:23 am

Shaba,

I'm already noticing a difference - thanks so much for your help thus far!

========
Kaspersky
========
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, July 31, 2006 2:19:32 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 31/07/2006
Kaspersky Anti-Virus database records: 210931
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 70010
Number of viruses found: 39
Number of infected objects: 210
Number of suspicious objects: 0
Duration of the scan process: 01:39:59

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\0R6FYPED\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\0R6FYPED\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\0R6FYPED\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\0R6FYPED\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\20HU3RBA\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\20HU3RBA\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\20HU3RBA\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\44YC7OL5\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\4DYBKXUV\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\4DYBKXUV\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\4DYBKXUV\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\AV07Z81W\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\AV07Z81W\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\AV07Z81W\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\D37R1P8U\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\D37R1P8U\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\D37R1P8U\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\D37R1P8U\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\D37R1P8U\popup[5].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\G75JRLLX\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\G75JRLLX\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\G75JRLLX\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\O9MV8L6B\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\O9MV8L6B\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\OX4J83SN\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\OX4J83SN\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\OX4J83SN\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\QRWVM50R\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\SNHZAEZD\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\SXY301E7\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\SXY301E7\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\SXY301E7\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\SXY301E7\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\SXY301E7\popup[5].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\SXY301E7\popup[6].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\SXY301E7\popup[7].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UP8NQXG9\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UP8NQXG9\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UP8NQXG9\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UP8NQXG9\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UP8NQXG9\popup[5].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UP8NQXG9\popup[6].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\UT1EFIP8\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\YD4NI1UL\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\YD4NI1UL\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\YD4NI1UL\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Content.IE5\YD4NI1UL\popup[5].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Program Files\HijackThis\backups\backup-20060728-115015-643.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\Program Files\HijackThis\backups\backup-20060728-115015-647.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\Program Files\HijackThis\backups\backup-20060728-115016-350.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\Program Files\HijackThis\backups\backup-20060728-115016-364.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\Program Files\HijackThis\backups\backup-20060728-115016-466.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0167222.exe Infected: not-a-virus:AdWare.Win32.Hotbar.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168083.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168084.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168085.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168097.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0168108.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP844\A0168212.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP844\A0168230.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168287.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168321.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168333.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168333.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168333.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168342.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168440.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168443.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168466.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168467.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168468.dll Infected: not-a-virus:AdWare.Win32.Mirar.b skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168469.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168470.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168472.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168473.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168474.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168475.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168476.exe Infected: not-a-virus:AdWare.Win32.Agent.ag skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168480.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168484.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168484.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168485.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168487.exe Infected: Trojan-Downloader.Win32.Adload.az skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0169474.exe Infected: Trojan-Downloader.Win32.OneClickNetSearch.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169484.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169485.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169488.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169489.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169490.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169495.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169496.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169506.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169508.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169511.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169524.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169525.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169526.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169527.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169528.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169529.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169536.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169537.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169559.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169560.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169593.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169594.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169600.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169628.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169632.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169634.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169636.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169638.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169641.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169642.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169643.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169644.exe Infected: Trojan-Spy.Win32.IamBigBrother.91 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169645.exe Infected: Trojan-Downloader.Win32.Adload.az skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169646.exe/systb.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169646.exe/wdskctl.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169646.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169646.exe MimarSinan: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169646.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169647.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169648.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169649.exe Infected: not-a-virus:AdWare.Win32.Iebar.j skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169650.exe/getnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169650.exe/webnexus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169650.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169650.exe MimarSinan: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169650.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169651.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169652.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169653.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169654.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169655.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169656.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.q skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169657.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169658.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169658.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169658.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169659.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169659.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169659.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169660.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169661.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169661.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169661.exe/data0007 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169661.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169662.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169663.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169664.exe Infected: Trojan-Downloader.Win32.OneClickNetSearch.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169665.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169665.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169666.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169666.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169667.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169668.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169720.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169727.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169728.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169729.exe Infected: Trojan-Spy.Win32.IamBigBrother.91 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169730.exe Infected: Trojan-Downloader.Win32.Adload.az skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169731.exe/systb.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169731.exe/wdskctl.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169731.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169731.exe MimarSinan: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169731.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169732.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169733.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169734.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169735.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169736.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169737.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169738.exe Infected: not-a-virus:AdWare.Win32.Iebar.j skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169739.exe/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169739.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169740.exe/getnexus.exe Infected: not-a-virus:AdWare.Win32.SurfSide.s skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169740.exe/webnexus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169740.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169740.exe MimarSinan: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169740.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169741.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.q skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169742.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169743.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169744.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169744.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169744.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169745.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169746.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169747.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169748.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169748.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169748.exe/data0007 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169748.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169749.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169750.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169751.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169752.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169752.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169752.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169753.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169754.exe Infected: Trojan-Downloader.Win32.OneClickNetSearch.f skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169755.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169755.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169756.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169756.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169757.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169758.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped

Scan process completed.


========
HighjackThis
========
Logfile of HijackThis v1.99.1
Scan saved at 2:20:01 AM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\system32\fonts\svc\msapp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.cox.net/custsup/supporta ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.cox.net/custsup/supporta ... gctlsi.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... st0401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0483416765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5752504252
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/w ... tycoon.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby Shaba » July 31st, 2006, 3:33 am

Hi

HijackThis log is clean but something still on temporary internet files.

Follow these instructions -> http://support.microsoft.com/default.as ... -us;260897

Also, please keep surfing on internet minimum until you´re clean :)
Those are files that have come after yesterday kaspersky scan.

After that, re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby capsdeej » July 31st, 2006, 9:21 am

I can't seem to get the files deleted. Files just reappear - even with no browsers open. Is that what you expected?
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby Shaba » July 31st, 2006, 10:42 am

Ok, then there's something hiding from us.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
      Note: If the Update now option is grayed out, follow the steps below.
      • Click on Update on the toolbar.
      • Under Manual update, click on the Start Update button.
      • Wait until you see the Update succesfull message.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Download WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard as a reply to where you are receiving help.

Send:

- ewido report
- winpfind log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware