Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help.......I've hurt my computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help.......I've hurt my computer

Unread postby vicki_marie » September 14th, 2007, 10:32 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:40 AM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\program files\dell\traytool.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Dottie Sisley\Local Settings\Temporary Internet Files\Content.IE5\49AJ85EN\HiJackThis[1].exe
Z:\envision.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7FEDD7AC-0842-4339-9F56-354CA62CC4FF} - C:\WINDOWS\system32\pmnnn.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\aqmdnfhf.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolExe] c:\program files\dell\traytool.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\kwintndt.exe CHD003
O4 - HKLM\..\Run: [{53-34-47-75-ZN}] C:\WINDOWS\system32\msdsrngn.exe CHD003
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\snqbojxe.dll",forkonce
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mystery P.I. - The Lottery Ticket\Images\stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/defaul ... 0.0.87.cab
O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} -
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/defaul ... uncher.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c6/v1 ... boax10.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - https://accounting.quickbooks.com/c6/v13.095/qboax8.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mystery P.I. - The Lottery Ticket\Images\armhelper.ocx
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33FE5D9A-D24D-457F-977A-62D8137B6792}: NameServer = 128.186.6.103,128.186.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{33FE5D9A-D24D-457F-977A-62D8137B6792}: NameServer = 128.186.6.103,128.186.8.8
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7135 bytes
vicki_marie
Active Member
 
Posts: 7
Joined: September 14th, 2007, 10:28 am
Advertisement
Register to Remove

Unread postby Scotty » September 14th, 2007, 6:02 pm

Hi! Welcome to the MWR forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


Please be patient as my posts to you have to be checked before I reply, so they make take longer.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby vicki_marie » September 17th, 2007, 7:33 am

Here you go. Thank you ever so much for your assistance.


Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe Shockwave Player
ArcSoft Panorama Maker 3
Big Fish Games Client
Broadcom Advanced Control Suite 2
Dell Printer Software Uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows XP (KB896344)
Intel(R) Graphics Media Accelerator Driver
iWin Games (remove only)
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
LiveUpdate 2.0 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveX Control Pad
Microsoft Office Professional Edition 2003
Mozilla Firefox (2.0.0.6)
Nikon Message Center
NoAdware v5.0
PictureProject
PictureProject In Touch Downloader 1.0
PowerDVD 5.1
QuickBooks Online Edition
QuickTime
RealArcade
Safe Cracker 2.08
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Symantec AntiVirus
Time Zone Data Update Tool for Microsoft Office Outlook
TrojanHunter 4.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893086
vicki_marie
Active Member
 
Posts: 7
Joined: September 14th, 2007, 10:28 am

Unread postby Scotty » September 17th, 2007, 2:47 pm

Hi

You are running HijackThis from a temporary folder. It's most likely we will clean that folder out during the course of the fixing so any backups created will be lost.

I will provide an instruction to download the Installer version of Trend Micros HJT. It will create a folder for itself in Program Files, and give you a Desktop icon to run the application from.

Click here to download HJTsetup.exe

  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby vicki_marie » September 17th, 2007, 3:04 pm

Okay - this is it:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:02 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\program files\dell\traytool.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
Z:\envision.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolExe] c:\program files\dell\traytool.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\kwintndt.exe CHD003
O4 - HKLM\..\Run: [{53-34-47-75-ZN}] C:\WINDOWS\system32\msdsrngn.exe CHD003
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\udmxklrp.dll",forkonce
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c6/v1 ... boax10.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - https://accounting.quickbooks.com/c6/v13.095/qboax8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33FE5D9A-D24D-457F-977A-62D8137B6792}: NameServer = 128.186.6.103,128.186.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{33FE5D9A-D24D-457F-977A-62D8137B6792}: NameServer = 128.186.6.103,128.186.8.8
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6036 bytes
vicki_marie
Active Member
 
Posts: 7
Joined: September 14th, 2007, 10:28 am

Unread postby Scotty » September 17th, 2007, 3:24 pm

Hi

Rename HijackThis
There is a possibility an infection which is hiding part of the HijackThis log because it's called hijackthis.exe.
Please rename hijackthis.exe to hello.exe by right-clicking on the Desktop icon and selecting Rename.

Now scan again and post a new log, please.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby vicki_marie » September 17th, 2007, 3:34 pm

Thank you!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:29 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\program files\dell\traytool.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
Z:\envision.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\hello.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7FEDD7AC-0842-4339-9F56-354CA62CC4FF} - C:\WINDOWS\system32\pmnnn.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\aphdedvd.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolExe] c:\program files\dell\traytool.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\kwintndt.exe CHD003
O4 - HKLM\..\Run: [{53-34-47-75-ZN}] C:\WINDOWS\system32\msdsrngn.exe CHD003
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\udmxklrp.dll",forkonce
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c6/v1 ... boax10.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - https://accounting.quickbooks.com/c6/v13.095/qboax8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33FE5D9A-D24D-457F-977A-62D8137B6792}: NameServer = 128.186.6.103,128.186.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{33FE5D9A-D24D-457F-977A-62D8137B6792}: NameServer = 128.186.6.103,128.186.8.8
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6342 bytes
vicki_marie
Active Member
 
Posts: 7
Joined: September 14th, 2007, 10:28 am

Unread postby Scotty » September 17th, 2007, 3:56 pm

Hello

Download and Run ComboFix

  • Download this file from below:

    Here
  • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.

Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby vicki_marie » September 18th, 2007, 7:29 am

Here's the ComboFix file:


ComboFix 07-09-18 - "Dottie Sisley" 2007-09-17 16:23:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.24 [GMT -4:00]
Script execution time was exceeded on script "C:\ComboFix\restore_pt.vbs".
Script execution was terminated.
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\DOTTIE~1\MYDOCU~1\RACLE~1
C:\temp\0b9
C:\temp\0b9\tmpFF.log
C:\temp\0b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\system32\aphdedvd.dll
C:\WINDOWS\system32\bidsenbr.exe
C:\WINDOWS\system32\blnquxdy.ini
C:\WINDOWS\system32\bphljril.ini
C:\WINDOWS\system32\cgiwluwf.exe
C:\WINDOWS\system32\dfprjxdi.exe
C:\WINDOWS\system32\djnplwen.dll
C:\WINDOWS\system32\effpqqnu.exe
C:\WINDOWS\system32\exjobqns.ini
C:\WINDOWS\system32\gnvhjkoc.exe
C:\WINDOWS\system32\ixuxfrwr.exe
C:\WINDOWS\system32\jsovjgam.exe
C:\WINDOWS\system32\krwmskww.ini
C:\WINDOWS\system32\lirjlhpb.dll
C:\WINDOWS\system32\mhxmsknp.dll
C:\WINDOWS\system32\mnuisbls.ini
C:\WINDOWS\system32\mylhrdui.exe
C:\WINDOWS\system32\newlpnjd.ini
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.bak2
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\nnnmp.tmp
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pnksmxhm.ini
C:\WINDOWS\system32\prlkxmdu.ini
C:\WINDOWS\system32\rukepswu.ini
C:\WINDOWS\system32\shioshmc.exe
C:\WINDOWS\system32\slbsiunm.dll
C:\WINDOWS\system32\snqbojxe.dll
C:\WINDOWS\system32\udmxklrp.dll
C:\WINDOWS\system32\uhmpxijd.exe
C:\WINDOWS\system32\uwspekur.dll
C:\WINDOWS\system32\uytggtdt.exe
C:\WINDOWS\system32\V1
C:\WINDOWS\system32\wwksmwrk.dll
C:\WINDOWS\system32\ydxuqnlb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18 )))))))))))))))))))))))))))))))
.

2007-09-18 16:28 125,504 --a------ C:\WINDOWS\system32\qeubrqxr.dll
2007-09-17 16:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 15:02 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-14 12:42 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-14 11:28 <DIR> d-------- C:\Program Files\TrojanHunter 4.0
2007-09-14 09:59 <DIR> d-------- C:\VundoFix Backups
2007-09-14 08:19 <DIR> d-------- C:\Program Files\bfgclient
2007-09-13 12:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-13 10:58 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-09-11 13:49 <DIR> d-------- C:\Program Files\WinAble
2007-09-11 13:39 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-09-11 13:01 <DIR> d--hs---- C:\WINDOWS\RG90dGllIFNpc2xleQ
2007-09-11 13:01 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-14 15:11 --------- d-------- C:\DOCUME~1\DOTTIE~1\APPLIC~1\My Games
2007-09-14 14:14 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-14 10:16 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-13 09:29 --------- d-------- C:\Program Files\QuickTime
2007-09-13 08:12 --------- d-------- C:\Program Files\Oracle
2007-09-12 15:18 --------- d-------- C:\Program Files\Games
2007-09-10 08:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
2007-09-07 14:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-08-31 13:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScreenSeven
2007-08-08 09:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Joyboost
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-07 09:16 --------- d-------- C:\Program Files\MSN Games
2007-08-02 09:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
2007-07-26 11:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friday's games
2007-07-19 07:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
2007-07-18 12:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\7Wonders2
2006-07-18 10:15 774144 --a------ C:\Program Files\RngInterstitial.dll
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\RG90dGllIFNpc2xleQ\l36Xx355KIhDwZU5yk.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 21:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"ToolExe"="c:\program files\dell\traytool.exe" [2003-04-18 14:45]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 21:41]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 15:07]
"{53-34-47-75-ZN}"="C:\WINDOWS\system32\msdsrngn.exe" []
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"THGuard"="C:\Program Files\TrojanHunter 4.0\THGuard.exe" [2004-09-02 14:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinAble"="C:\Program Files\WinAble\winable.exe" []

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-11-10 09:26:23]

S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 16:32:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-18 16:33:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-18 16:33
.
--- E O F ---


and here's the HJT file:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:35 AM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\program files\dell\traytool.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\hello.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolExe] c:\program files\dell\traytool.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [{53-34-47-75-ZN}] C:\WINDOWS\system32\msdsrngn.exe CHD003
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c6/v1 ... boax10.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - https://accounting.quickbooks.com/c6/v13.095/qboax8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33FE5D9A-D24D-457F-977A-62D8137B6792}: NameServer = 128.186.6.103,128.186.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{33FE5D9A-D24D-457F-977A-62D8137B6792}: NameServer = 128.186.6.103,128.186.8.8
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5574 bytes
vicki_marie
Active Member
 
Posts: 7
Joined: September 14th, 2007, 10:28 am

Unread postby Scotty » September 18th, 2007, 12:11 pm

Hi

Remove programs from Add/Remove Programs List
Please go to:
  • Start
  • Control Panel
  • Add/Remove Programs
Find and remove these programs (if they are present)

  • J2SE Runtime Environment 5.0 Update 4
  • J2SE Runtime Environment 5.0 Update 6
  • Java 2 Runtime Environment, SE v1.4.2_03



Open Notepad and Copy/Paste the text in the codebox below into it:

Code: Select all
File:: 
C:\WINDOWS\system32\qeubrqxr.dll 
C:\WINDOWS\system32\msdsrngn.exe 

Folder:: 
C:\Program Files\WinAble 
C:\VundoFix Backups 
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon 
C:\WINDOWS\RG90dGllIFNpc2xleQ 
C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon 
C:\Program Files\NoAdware5.0

Registry:: 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"{53-34-47-75-ZN}"=- 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"WinAble"=-
 


Save this as "CFScript"

Image


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Download Superantispyware (SAS) free home version.

SAS Free

Install it and double-click the icon on your desktop to run it.
� It will ask if you want to update the program definitions, click Yes.
� Under Configuration and Preferences, click the Preferences button.
� Click the Scanning Control tab.
� Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Terminate memory threats before quarantining.
  • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
� On the main screen, under Scan for Harmful Software click Scan your computer.
� On the left check C:\Fixed Drive.
� On the right, under Complete Scan, choose Perform Complete Scan.
� Click Next to start the scan. Please be patient while it scans your computer.
� After the scan is complete a summary box will appear. Click OK.
� Make sure everything in the white box has a check next to it, then click Next.
� It will quarantine what it found and if it asks if you want to reboot, click Yes.
� To retrieve the removal information for me please do the following:
  • After reboot, double-click the SUPERAntispyware icon on your desktop.
  • Click Preferences. Click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • It will open in your default text editor (such as Notepad/Wordpad).
  • Please highlight everything in the notepad, then right-click and choose copy.

� Click close and close again to exit the program.
� Please paste that information here for me with a new HijackThis log.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby vicki_marie » September 18th, 2007, 1:33 pm

Alrighty then.....


Here's the log from CFScript after it was run through ComboFix:

ComboFix 07-09-18 - "Dottie Sisley" 2007-09-19 12:33:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.184 [GMT -4:00]
* Created a new restore point

FILE::
C:\WINDOWS\system32\qeubrqxr.dll
C:\WINDOWS\system32\msdsrngn.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon
C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\log.txt
C:\Program Files\NoAdware5.0
C:\Program Files\NoAdware5.0\noadware4_010907.na
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\Program Files\NoAdware5.0\nutils.dll
C:\Program Files\NoAdware5.0\unins000.dat
C:\Program Files\NoAdware5.0\unins000.exe
C:\Program Files\WinAble
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\WINDOWS\RG90dGllIFNpc2xleQ
C:\WINDOWS\RG90dGllIFNpc2xleQ\l36Xx355KIhDwZU5yk.vbs
C:\WINDOWS\system32\qeubrqxr.dll
C:\WINDOWS\system32\rxqrbueq.ini

.
((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
.

2007-09-19 10:27 <DIR> d-------- C:\Program Files\iWin.com
2007-09-17 16:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-17 15:02 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-14 12:42 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-14 11:28 <DIR> d-------- C:\Program Files\TrojanHunter 4.0
2007-09-14 08:19 <DIR> d-------- C:\Program Files\bfgclient
2007-09-13 12:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 12:36 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-19 10:47 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-14 15:11 --------- d-------- C:\DOCUME~1\DOTTIE~1\APPLIC~1\My Games
2007-09-13 09:29 --------- d-------- C:\Program Files\QuickTime
2007-09-13 08:12 --------- d-------- C:\Program Files\Oracle
2007-09-12 15:18 --------- d-------- C:\Program Files\Games
2007-09-10 08:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
2007-09-07 14:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
2007-08-31 13:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScreenSeven
2007-08-08 09:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Joyboost
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-07 09:16 --------- d-------- C:\Program Files\MSN Games
2007-08-02 09:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
2007-07-26 11:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friday's games
2007-07-19 07:48 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
2006-07-18 10:15 774144 --a------ C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
2007-01-31 05:58 78848 --a------ C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 21:55]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 09:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"ToolExe"="c:\program files\dell\traytool.exe" [2003-04-18 14:45]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 21:41]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 15:07]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"THGuard"="C:\Program Files\TrojanHunter 4.0\THGuard.exe" [2004-09-02 14:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-11-10 09:26:23]

S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 12:36:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-19 12:37:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-19 12:37
C:\ComboFix2.txt ... 2007-09-18 16:33
.
--- E O F ---


Here's the log from SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/19/2007 at 01:23 PM

Application Version : 3.9.1008

Core Rules Database Version : 3308
Trace Rules Database Version: 1314

Scan type : Complete Scan
Total Scan Time : 00:38:06

Memory items scanned : 372
Memory threats detected : 0
Registry items scanned : 5725
Registry threats detected : 9
File items scanned : 41088
File threats detected : 328

Adware.IWinGames
HKLM\Software\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32#ThreadingModel
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ProgID
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\Programmable
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\VersionIndependentProgID
C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}
C:\PROGRAM FILES\IWIN GAMES\IWINGAMESHOOKIE.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ads.pointroll[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@tribalfusion[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@winantispyware[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.winantispyware[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@edge.ru4[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@sexbuddies[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.clickondetroit[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.burstnet[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ehg-globalgamingleague.hitbox[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adbrite[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.adtrak[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@serving-sys[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@collective-media[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@advertising[5].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ezzs.valueclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@servlet[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@tremor.adbureau[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@4.adbrite[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@fastclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@zedo[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@sales.liveperson[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@media.adrevolver[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@hitbox[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@atdmt[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@winantivirus[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@msnportal.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ads.adbrite[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ads.digitalmedianet[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ad.yieldmanager[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adinterax[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@interclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@atwola[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ads.cnn[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@statse.webtrendslive[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@casalemedia[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@reduxads.valuead[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@eas.apm.emediate[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@stats.mycokerewards[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@bidzcom.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adprofile[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@stats1.reliablestats[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@microsoftwlsearchcrm.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adrevolver[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[14].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@server.iad.liveperson[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@a1.interclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ads.k8l[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@specificclick[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@eyewonder[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@cbs.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@1068832749[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ehg-yahoo.hitbox[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.burstbeacon[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.clickmanage[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@bs.serving-sys[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@stat.onestat[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@bluestreak[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@tacoda[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@pro-market[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@buycom.122.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[14].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@clickondetroit[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@partner2profit[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ads.realtechnetwork[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@freecodesource.advertserve[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@cpvfeed[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@drivecleaner[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@anat.tacoda[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@67.15.239[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@secure.revenuepilot[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@cgi-bin[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adrevolver[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@doubleclick[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@realmedia[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@apmebf[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@goclick[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.gamestats[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@mediaplex[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@overture[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@classifiedventures1.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[7].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@anad.tacoda[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@64910672[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@statcounter[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@questionmarket[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@valueclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@brightcove.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@revsci[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@digitalmediaonline.us.intellitxt[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@amaena[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@image.masterstats[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.tqlkg[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@viamtvcom.112.2o7[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@clicksfeed[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.screensavers[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@login.tracking101[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adserver[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adopt.specificclick[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@comcast.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ads.komli[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@1068302520[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@localsrv[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@track.bestbuy[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@epilot[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@nextstat[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adopt.euroclick[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@67.15.239[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@data4.perf.overture[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@gamestats[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@chappel.pro-gmedia[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ehg-idgentertainment.hitbox[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@enhance[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@stats.drivecleaner[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@1070254509[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@clicktracks.aristotle[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adtech[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@67.15.239[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adserve.webtoolcafe[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.winantiviruspro[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@pch.122.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@1068455745[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@klik.klikadvertising[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@server.cpmstar[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@1072697670[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@burstnet[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@richmedia.yahoo[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.pstats[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@1072712419[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@stats.rubbermaidcloset[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@e-2dj6wblygiazwlo.stats.esomniture[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@entrepreneur[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@trafficmp[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@perf.overture[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@57386690[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ehg-closetmaid.hitbox[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@2o7[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adopt.specificclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adrevolver[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ads.cnn[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adserver[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@adultfriendfinder[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@advertising[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@advertising[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@advertising[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@aff.primaryads[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@atdmt[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@atwola[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[5].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@azjmp[6].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@bizrate[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@bs.serving-sys[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@buzznet.112.2o7[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@casalemedia[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@clickondetroit[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@cpvfeed[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@doubleclick[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@drivecleaner[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@edge.ru4[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@ehg-pcsecurityshield.hitbox[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@entrepreneur[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@fastclick[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@hitbox[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[10].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[11].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[12].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[13].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[5].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[6].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[7].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[8].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@i.screensavers[9].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@interclick[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@mediaplex[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@questionmarket[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@questionmarket[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@revsci[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[10].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[11].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[12].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[13].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[4].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[5].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[6].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[7].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[8].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@screensavers[9].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@serving-sys[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@sexbuddies[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@specificclick[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@statcounter[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@statcounter[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@statse.webtrendslive[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@tacoda[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@tacoda[3].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@winantispyware[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@winantivirus[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.burstnet[2].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@www.clickondetroit[1].txt
C:\Documents and Settings\Dottie Sisley\Cookies\dottie sisley@zedo[1].txt
C:\Documents and Settings\LocalService\Cookies\system@enhance[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[2].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\QOOBOX\QUARANTINE\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NETINSTALLER.EXE.VIR

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\RG90DGLLIFNPC2XLEQ\L36XX355KIHDWZU5YK.VBS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061730.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062020.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075141.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP640\A0076218.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077416.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077484.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077559.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP653\A0078108.VBS

Adware.eZula
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BIDSENBR.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CGIWLUWF.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DFPRJXDI.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EFFPQQNU.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GNVHJKOC.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IXUXFRWR.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JSOVJGAM.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SHIOSHMC.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UHMPXIJD.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UYTGGTDT.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP643\A0077223.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077395.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077478.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077480.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077483.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077486.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077487.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077488.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077489.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077490.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077595.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077596.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077597.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077598.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077599.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077600.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077601.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077602.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0077603.EXE

Trojan.Downloader-Gen/TStamp
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MYLHRDUI.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP641\A0076474.EXE

Adware.WebBuying-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP553\A0061651.EXE

Adware.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061704.CFG
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075130.CFG

Adware.ClickSpring-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061727.EXE

Adware.ClickSpring/Resident
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061728.DLL

Adware.ClickSpring
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061729.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063399.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP637\A0075102.EXE

Trojan.Downloader-WebBuying/PopEngine
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061735.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061930.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063422.DLL

Adware.SearchClickAds
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061749.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061750.EXE

Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061931.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP555\A0061932.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0061974.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063414.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063423.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063425.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063429.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075148.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP639\A0075199.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP639\A0075200.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP639\A0076198.EXE

Adware.ZenoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062009.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062014.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063418.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063426.EXE

Trojan.Downloader-Gen/WinPop
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062011.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063412.EXE

Trojan.ZenoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062013.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075131.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP641\A0076470.EXE

Adware.SysMon
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062017.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062025.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063428.EXE

Trojan.Downloader-VisFX
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062019.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063421.EXE

Trojan.Downloader-Gen/BundleBase
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062026.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062040.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP573\A0063151.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063401.EXE

Trojan.Downloader-Gen/Blah
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062032.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077454.DLL

Trojan.WinAntiSpyware 2007
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062033.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075144.EXE

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062038.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062039.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0062052.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075147.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077447.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077448.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077449.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077451.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077452.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077453.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077455.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077457.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077473.DLL

Trojan.ZQuest
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP576\A0063415.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075129.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077413.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077414.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077415.DLL

Adware.ZenoSearch-NVON
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0075135.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP641\A0076469.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077475.EXE

Adware.WebBuying Assistant/Resident
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP639\A0075198.DLL

Trojan.Net-Wintouch/V2
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP641\A0076420.EXE

Adware.Adservs
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP644\A0077496.EXE


And here's the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:52 PM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\program files\dell\traytool.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\hello.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolExe] c:\program files\dell\traytool.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c6/v1 ... boax10.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} - https://accounting.quickbooks.com/c6/v13.095/qboax8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33FE5D9A-D24D-457F-977A-62D8137B6792}: NameServer = 128.186.6.103,128.186.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{33FE5D9A-D24D-457F-977A-62D8137B6792}: NameServer = 128.186.6.103,128.186.8.8
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5696 bytes


- and may I say I'm very glad all of this means something to you
vicki_marie
Active Member
 
Posts: 7
Joined: September 14th, 2007, 10:28 am

Unread postby Scotty » September 18th, 2007, 2:28 pm

Hi

Delete the Combofix icon from your Desktop, then navigate to, and delete, the following folders. (if they are present)
C:\Combofix
C:\Qoobox

You can uninstall SuperAntiSpyware through Start>Control Panel>Add/Remove Programs if you do not wish to keep it, though I do recommend you have a realtime anti-spyware monitor on your computer as well as an anti-virus. I will also recommend an alternative to SAS below in the shape of Spybot S&D.

I would advise updating Adobe Reader, as the latest version clears up any vulnerabilities of previous versions.
First uninstall the version you have on your computer then download and install Adobe Reader 8.1.

This is my usual speech for when you are clean, which you appear to be.

Please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore.

It's also a good idea to Flush your System Restore points after ridding yourself of malware:

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.


This will remove all previous restore points except the newly created one.

Here are some free programs, I recommend.

Spybot Search and Destroy
Download it from here . Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"


Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby vicki_marie » September 18th, 2007, 2:49 pm

You are my hero!!!

I am eternally grateful for your time and help.
vicki_marie
Active Member
 
Posts: 7
Joined: September 14th, 2007, 10:28 am

Unread postby Elrond » September 24th, 2007, 1:19 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware