Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

spyware, viruses, and constant popups.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

spyware, viruses, and constant popups.

Unread postby RagnarokIXI » November 21st, 2007, 3:38 pm

I have used many different spyware and anti virus programs to try to get rid of it but have failed. I'm not very good with computers so I pretty much have no idea what is good or bad in terms of antivirus programs. My computer keeps saying I have a spyware.cyberlogX and networm virus.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:24 PM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1124325675

\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Documents and Settings\Alan\My Documents\My

Archives\AlienGUIse\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express My

Scrapbook 2.0\calcheck.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\NovaStor\NovaBackup\7\NbkCtrl.exe
C:\Program Files\Common

Files\LapLink\Scheduler\LLSCHENG.EXE
C:\Program Files\Phoenix Technologies

Ltd\RecoverPro_XP\VBPTASK.EXE
C:\Program Files\Common Files\AOL\1124325675

\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1124325675

\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Common Files\AOL\1124325675

\ee\aolsoftware.exe
C:\Program

Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\OpenOffice.org1.0\program\soffice.exe
C:\Program Files\limewire\limewire.exe
c:\program files\common files\aol\1124325675\ee\anotify.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\psrxwnft.exe
C:\WINDOWS\System32\dllhost.exe
C:\DOCUME~1\Alan\LOCALS~1\Temp\snapsnet.exe
C:\DOCUME~1\Alan\APPLIC~1\ASEMBL~1\scanregw.exe
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\system32\W?nSxS\n?tdde.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Bar =

http://red.clientapps.yahoo.com/customi ... ults/sb/ym

sgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,

(Default) =

http://red.clientapps.yahoo.com/customi ... ults/su/ym

sgr6/*http://www.yahoo.com
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-

43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar

2.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage",

"http://www.v2premier.com"); (C:\Documents and

Settings\ALAN\Application

Data\Mozilla\Profiles\default\fn0fh120.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%

5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and

Settings\ALAN\Application

Data\Mozilla\Profiles\default\fn0fh120.slt\prefs.js)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-

905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-

AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0

\aoltb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-

45AF82825583} - C:\WINDOWS\system32\zrulbdkw.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program

Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program

Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker]

C:\Program Files\Ulead Systems\Ulead Photo Express My

Scrapbook 2.0\calcheck.exe
O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program

Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
O4 - HKLM\..\Run: [NovaBackup 7.0 Tray Control] "C:\Program

Files\NovaStor\NovaBackup\7\NbkCtrl.exe"
O4 - HKLM\..\Run: [Atari Launcher 2] C:\Program

Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari

icon.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program

Files\Infogrames\Atari Anniversary Edition\Volume 2

\Banner.exe" /0
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1

\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix

Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [PinnacleDriverCheck]

C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1124325675\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common

Files\AOL\1124325675\ee\services\safetyCore\ver210_5_4_1

\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common

Files\AOL\1124325675\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program

Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program

Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program

Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Host Process]

C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe

61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88

33201749139
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7

\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32

\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program

Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program

Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

/dropdisc
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1

\Weather.EXE 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!

\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe"

/d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WinAble] C:\Program

Files\WinAble\winable.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1

\AMERIC~1.0A\AOL.EXE" -b
O4 - HKCU\..\Run: [Ltho] "C:\DOCUME~1\Alan\APPLIC~1

\ASEMBL~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Hbyfyaxk] C:\WINDOWS\system32\W?nSxS\n?

tdde.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1

\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1

\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1

\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1

\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.0.lnk =

C:\Program Files\OpenOffice.org1.0\program\quickstart.exe

(User 'Default user')
O4 - Startup: OpenOffice.org 1.0.lnk = C:\Program

Files\OpenOffice.org1.0\program\quickstart.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program

Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &AIM Search -

res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search -

c:\program files\aol\aol toolbar 2.0\resources\en-

US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-

B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0

\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-

00010333D0AD} - C:\Program Files\Yahoo!

\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-

4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!

\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-

00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-

00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910

-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-

B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .UVR: C:\Program Files\Internet

Explorer\Plugins\NPUPano.dll
O15 - Trusted IP range: http://192.168.1.1
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}

(Support.com Configuration Class) -

https://activatemyfios.verizon.net/sdcC ... load/FIOS/

tgctlcm.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -

http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

https://objects.aol.com/mcafee/molbin/s ... insctl/en-

us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

https://objects.aol.com/mcafee/molbin/s ... cgdmgr/en-

us/1,0,0,20/McGDMgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC

- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) -

America Online, Inc - C:\Program Files\Common

Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) -

AOL LLC - C:\Program Files\Common Files\AOL\1124325675

\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -

GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32

\psrxwnft.exe
O23 - Service: CA Pest Patrol Realtime Protection Service

(ITMRTSVC) - CA, Inc. - C:\Program

Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark

International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. -

C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: NsEngine - Unknown owner - C:\Program

Files\NovaStor\NovaBackup\7\NSENGINE.exe
O23 - Service: Phoenix VCD Service (PhnxVCDService) -

Phoenix Technologies Ltd. - C:\WINDOWS\System32

\PhnxCDSvr.exe
O23 - Service: SmartLinkService (SLService) - -

C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) -

LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: WAN Miniport (ATW) Service

(WANMiniportService) - America Online, Inc. -

C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program

Files\Online Services\rtejeja.html

--
End of file - 11715 bytes
RagnarokIXI
Active Member
 
Posts: 6
Joined: November 21st, 2007, 2:50 pm
Advertisement
Register to Remove

Re: spyware, viruses, and constant popups.

Unread postby Scotty » November 21st, 2007, 4:48 pm

Hi! Welcome to the MWR forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.

Please be patient as my posts to you have to be checked before I reply, so they make take longer.



  • You have word wrap turned on, this is making your logs difficult to read
  • Run notepad
  • Goto Format and untick Word Wrap
  • Now post a new HijackThis log, please.


Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: spyware, viruses, and constant popups.

Unread postby RagnarokIXI » December 1st, 2007, 2:40 am

2003 Grolier Multimedia Encyclopedia
3D-Album
ABBYY FineReader 5.0 Sprint Plus
Ability Photopaint Studio 2002
Adobe Acrobat 5.0
Adobe Image Viewer Plugin 4.0
Adobe Photoshop Album Starter Edition
Adobe Reader 6.0.1
AIM 6.0
AlienGUIse
AMV Studio Utilites
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Explorer
AOL Instant Messenger
AOL Toolbar 2.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Atari Anniversary Edition
ATECH FLASH PRO-Gear
AVG 7.5
CA Pest Patrol Realtime Protection
ContextTool
Digital Lifeline
Discover PC and Windows Basics
EasyTranslator 4
ExpensAble 6
Express Burn
Express Rip
EZ Plug-N-Go
EZPhoto Browser
EZPhoto Panorama
EZPhoto Tools
EZShowtime MMS
EZSuite For BestOn
EZVideo Mail
FormTool v5
GOM Player
HijackThis 2.0.2
Home Improvement 1-2-3
INFOtrac Core Files
INFOtrac Personal 2003
InterVideo WinDVD
Java(TM) 6 Update 2
LapLink Gold
Learn2 Player (Uninstall Only)
Lexmark X6100 Series
LimeWire 4.14.10
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
Mavis Beacon Teaches Typing 15
McAfee® Desktop Security
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Excel Viewer 97
Microsoft Web Publishing Wizard 1.52
MixPad
Monopoly Casino
MSN Music Assistant
MSXML 4.0 SP2 (KB936181)
NASCAR Heat
Netscape (7.02)
NovaBackup 7
OpenOffice.org 1.0
Peachtree First Accounting 2004
Personal RecordKeeper
Phoenix FirstWare Vault
Pinnacle InstantCD/DVD Suite
Print to Fax
Pure Networks Port Magic
Quicken 2003 New User Edition
Quicken Legal Business Pro 2004
Quicken WillMaker Plus 2004
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Recover Pro
RingCentral EasyFax
S3 S3Chromo
S3 S3Config3D
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3 S3RefreshLock
S3 S3TrayPlus
Safety and Security Center Uninstaller
Sapi
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Shockwave
Slice Uninstall
Smart Attorney 8.0
Smart Business Plan 8.0
Smart Link 56K Voice Modem
SoundTap Uninstall
Stamp Uninstall
Stamps.com Internet Postage
StuffIt Standard
Switch
Take-it MV300
The Print Shop 20
The Rosetta Stone
Theme Manager
Thief 2
Trillian
TurboProject v.4
Ulead Photo Explorer 8.0 SE Basic
Ulead Photo Express My Scrapbook 2.0
Ulead VideoStudio 7 SE Basic
UniChrome Pro IGP Display Driver and Utilities
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VIA Integrated Setup Wizard
VIA Rhine-Family Fast Ethernet Adapter
Visviva Animation Player
Vorton Financial Power Tools
WavePad Uninstall
WeatherBug
WildTangent Web Driver
Winamp3 (remove only)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Woman's Day
WordPerfect Office 11
WriteExpress 3,001 Business & Sales Letters
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Zoner Draw 3
RagnarokIXI
Active Member
 
Posts: 6
Joined: November 21st, 2007, 2:50 pm

Re: spyware, viruses, and constant popups.

Unread postby Scotty » December 3rd, 2007, 6:44 am

Hi

You are operating your computer with multiple Anti Virus programs running in memory at once:
AVG and McAfee Desktop Security

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.

Please disable one or the other so they do not conflict, before you continue with the next steps.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back in your next reply.



Download and Save ComboFix

  • Download this file from below:

    Here
  • Save it to your Desktop.
  • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
  • Click Start>Run copy/paste or type "%userprofile%\desktop\combofix.exe" /killall into the Run box and click OK.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.

Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task-Manager use the Processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply post:
ComboFix.txt
New HijackThis log taken after the above scan has run
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: spyware, viruses, and constant popups.

Unread postby RagnarokIXI » December 16th, 2007, 7:54 pm

SDFix: Version 1.118

Run by Alan on Sun 12/16/2007 at 02:38 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Alan\Desktop\sdfix\SDFix

Safe Mode:
Checking Services:

Name:
Network Monitor
Network Monitor

Path:

Network Monitor - Deleted
Network Monitor - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Z.DAT - Deleted
C:\X.DAT - Deleted
C:\PROGRA~1\ONLINE~1\RTEJEJ~1.HTM - Deleted
C:\PROGRA~1\ONLINE~1\QUZATE - Deleted
C:\Documents and Settings\Alan\Favorites\Online Security Guide.lnk - Deleted
C:\Documents and Settings\Alan\x.dat - Deleted
C:\Documents and Settings\Alan\z.dat - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\abW9\tPho.log - Deleted
C:\Program Files\Insider\Insider.exe - Deleted
C:\Program Files\Insider\UnInstall.exe - Deleted
C:\Program Files\Temporary\wininstall.exe - Deleted
C:\Documents and Settings\Alan\Application Data\Install.dat - Deleted
C:\DOCUME~1\Alan\LOCALS~1\Temp\removalfile.bat - Deleted
C:\n.bat - Deleted
C:\services.exe - Deleted
C:\uniq - Deleted
C:\x.dat - Deleted
C:\z.dat - Deleted
C:\WINDOWS\system32\cmd.com - Deleted
C:\WINDOWS\system32\netstat.com - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\ping.com - Deleted
C:\WINDOWS\system32\taskkill.com - Deleted
C:\WINDOWS\system32\tasklist.com - Deleted
C:\WINDOWS\system32\tracert.com - Deleted
C:\Documents and Settings\Alan\Desktop\sdfix\SDFix\backups_old1\Online Security Guide.lnk - Deleted
C:\Documents and Settings\Alan\Desktop\sdfix\SDFix\backups_old1\x.dat - Deleted
C:\Documents and Settings\Alan\Desktop\sdfix\SDFix\backups_old1\z.dat - Deleted

x.dat and z.dat data copied to \SDFix\Data.txt


Folder C:\Program Files\Insider - Removed
Folder C:\Program Files\Network Monitor - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\WinAble - Removed
Folder C:\Temp\abW9 - Removed
Folder C:\Temp\1cb - Removed
Folder C:\WINDOWS\Fonts\' - Removed
Folder C:\WINDOWS\system32\f1 - Removed
Folder C:\WINDOWS\system32\h2 - Removed
Folder C:\WINDOWS\system32\r2 - Removed
Folder C:\WINDOWS\system32\rMa18yy - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 16:40:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AMERIC~1.0"
"C:\\Program Files\\Common Files\\AOL\\1124325675\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1124325675\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\AOL\\1124325675\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1124325675\\EE\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\psrxwnft.exe"="C:\\WINDOWS\\system32\\psr"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1124325675\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1124325675\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Alan\Desktop\sdfix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 15 Nov 2007 20,810 ..SH. --- "C:\WINDOWS\system32\kyfgpvmj.dllbox"
Wed 21 Nov 2007 20,810 ..SH. --- "C:\WINDOWS\system32\zrulbdkw.dllbox"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Thu 27 May 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Thu 27 May 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Thu 27 May 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Tue 12 Jul 2005 54,872 A..H. --- "C:\Program Files\America Online 9.0a\AOLphx.exe"
Tue 12 Jul 2005 31,832 A..H. --- "C:\Program Files\America Online 9.0a\rbm.exe"
Sun 21 Jul 2002 418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"
Thu 18 Jul 2002 390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Thu 18 Jul 2002 574,464 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Mon 19 Aug 2002 430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Mon 22 Jul 2002 390,656 ...HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 ...HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Sun 1 Dec 2002 431,616 ...HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Mon 12 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 15 Aug 2002 266,240 A..H. --- "C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\Mavis Beacon Teaches Typing.exe"
Wed 21 Nov 2007 72,704 A.SH. --- "C:\System Volume Information\_restore{DF152975-DD42-4818-8A23-3EA97D01F299}\RP533\A0145914.exe"
Thu 1 Nov 2007 230,400 A.SH. --- "C:\System Volume Information\_restore{DF152975-DD42-4818-8A23-3EA97D01F299}\RP534\A0146388.exe"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8C2.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8C3.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8C4.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8C5.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico98F.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico990.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8C6.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8CF.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8D0.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8D1.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8D2.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8D3.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico917.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8DE.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8DF.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8E0.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8E1.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8E2.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico991.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico992.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8E3.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico993.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico918.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico919.tmp"
Sun 22 Apr 2007 512 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\PFT6B6.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8E4.tmp"
Sun 22 Apr 2007 512 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\PFT6C6.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8E5.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8E6.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8E7.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico951.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico91A.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico91B.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico93B.tmp"
Sun 23 Sep 2007 512 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\PFT849.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico9BF.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico93C.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico93D.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico93E.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico93F.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico952.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico953.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico954.tmp"
Sun 18 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico955.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8D4.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8D5.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8D6.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8D7.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8D8.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8E8.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8E9.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8EA.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8EB.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8EC.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8FE.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8FF.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico900.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico901.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico902.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico912.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico913.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico914.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico915.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico91C.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico923.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico924.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico925.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico926.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico927.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico936.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico928.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico929.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico937.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico92A.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico92B.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico92C.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico938.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico939.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico93A.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico9C2.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico944.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico945.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico946.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico947.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico948.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico950.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico956.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico957.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico958.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico959.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico9E3.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico9E4.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico95B.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico95C.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico95D.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico95E.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico95F.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico960.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico961.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico962.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico963.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico964.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico9C3.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico9C4.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico965.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico966.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico967.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico968.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico969.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico9C5.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico9E5.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico96A.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico96B.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico96C.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico96D.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico96E.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico9E6.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico9E7.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico96F.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico970.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico971.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico972.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico973.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico974.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico975.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico976.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico977.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico978.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA08.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico979.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico97A.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico97B.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico97C.tmp"
Mon 19 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico97D.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8C7.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8C8.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8C9.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8CA.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8CB.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA09.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA0A.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8DA.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8DB.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8DC.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8DD.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8ED.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA0B.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8F2.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8F3.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8F4.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8F5.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8F6.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA0C.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8FB.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8FC.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico8FD.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico903.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico904.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA32.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA33.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico905.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico906.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico907.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico908.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico909.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA34.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico90A.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico90B.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico90C.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico90D.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico90E.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA35.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA36.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico90F.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico910.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico911.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico916.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico91D.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA48.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA49.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico920.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico921.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico922.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico92D.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico92E.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA4A.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA4B.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico940.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico941.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico942.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico943.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico949.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico94A.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico94B.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico94C.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico94D.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico94E.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA4C.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico94F.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico95A.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico97E.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico97F.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\ico980.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA63.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA64.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA65.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA66.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA67.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA81.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA82.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA83.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA84.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoA85.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoAAC.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoAAD.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoAAE.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoAAF.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoAB0.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoAC5.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoAC6.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoAC7.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoAC8.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoAC9.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoADB.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoADC.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoADD.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoADE.tmp"
Wed 21 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Alan\Local Settings\Temp\icoADF.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\af772f1b25b38c833ba730dad6e4877d\download\BIT934.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da70638ee8e6f6c7eff37e755cd6f449\download\BIT932.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\download\BIT933.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\download\BIT935.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b54528191e99a817679c5ba3ee641572\download\BIT936.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\download\BIT93A.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c79a760b77d34ccd877ca1bd959fe478\download\BIT939.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\299966e551b4462ae94e39e251e277b6\download\BIT937.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\download\BIT938.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1230492412c0d92c55a03b0de671f167\download\BIT941.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\download\BIT944.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\download\BIT943.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\download\BIT940.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\download\BIT942.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\BIT945.tmp"
Sun 18 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\feba56dcf41a925dcdd58101f4bd971d\download\BIT946.tmp"

Finished!
RagnarokIXI
Active Member
 
Posts: 6
Joined: November 21st, 2007, 2:50 pm

Re: spyware, viruses, and constant popups.

Unread postby RagnarokIXI » December 16th, 2007, 9:57 pm

ComboFix 07-12-16.4 - Alan 2007-12-16 18:05:31.1 - FAT32x86
Running from: C:\Documents and Settings\Alan\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Alan\Application Data\ASEMBL~1
C:\Documents and Settings\Alan\Application Data\ASEMBL~1\a?sembly\
C:\Documents and Settings\Alan\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Alan\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Alan\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\outlook
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bnpixel.dll
C:\WINDOWS\system32\kyfgpvmj.dllbox
C:\WINDOWS\system32\rMa14yy
C:\WINDOWS\system32\wnscpsv32.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\zrulbdkw.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 )))))))))))))))))))))))))))))))
.

2007-12-16 02:10 . 2007-12-16 02:10 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-23 00:27 . 2006-08-21 03:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-23 00:27 . 2006-08-21 03:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-23 00:27 . 2006-08-21 06:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-23 00:23 . 2007-11-23 00:23 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-23 00:23 . 2004-08-04 02:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-21 18:38 . 2007-11-21 18:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-21 12:34 . 2007-11-21 12:34 <DIR> dr-h----- C:\$VAULT$.AVG
2007-11-21 12:30 . 2007-11-21 12:30 <DIR> d-------- C:\New Folder
2007-11-21 12:19 . 2007-11-21 12:19 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\AVG7
2007-11-21 12:18 . 2007-11-21 12:18 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-11-21 12:17 . 2007-11-21 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-21 12:17 . 2007-11-21 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-21 12:10 . 2007-11-21 12:10 2,238 --a------ C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
2007-11-21 11:54 . 2007-11-21 11:54 686,201 ---hs---- C:\WINDOWS\system32\uphtyett.ini
2007-11-19 17:25 . 2007-11-21 11:54 928,522 ---hs---- C:\WINDOWS\system32\pvpqaqew.ini
2007-11-19 16:31 . 2007-07-09 07:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-18 12:55 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-18 00:18 . 2007-11-18 00:22 0 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-17 23:02 . 2007-11-19 16:06 678,283 ---hs---- C:\WINDOWS\system32\sjfaowcl.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 00:34 437,256 --sha-w C:\WINDOWS\system32\kjkkj.ini2
2007-11-16 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2007-11-16 23:09 --------- d-----w C:\Documents and Settings\Alan\Application Data\GRETECH
2007-11-15 12:31 --------- d-----w C:\Program Files\GRETECH
2007-11-14 23:57 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-11-11 18:03 --------- d-----w C:\Program Files\ContextTool
2007-11-10 23:45 --------- d-----w C:\Program Files\Verizon
2007-10-28 23:11 --------- d-----w C:\Documents and Settings\Alan\Application Data\LimeWire
2007-10-28 23:09 --------- d-----w C:\Program Files\Java
2007-10-28 23:08 --------- d-----w C:\Program Files\LimeWire
2007-10-28 23:08 --------- d-----w C:\Program Files\Common Files\Java
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-23 21:20 --------- d-----w C:\Program Files\DO
2007-10-23 21:19 11,376 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-04-27 00:33 0 ----a-w C:\Program Files\secure32.html
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B5B19BE-4CAE-4F88-87D1-45D25A637A7B}]
C:\Program Files\Outlook Express\meno4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
2007-06-27 14:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12A03130-D563-48E6-B313-9943B57E91AC}]
C:\Program Files\Outlook Express\meno83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1cf98981-7eb9-4b2d-8e76-aa4765c6c956}]
C:\WINDOWS\system32\ndtsywiw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587C3C68-E734-49E1-CE93-08952BE55E48}]
C:\Program Files\Online Services\quzate.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8F17087-487D-473F-ABC6-23D1921C78AA}]
C:\WINDOWS\system32\jkkjk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"InstantTray"="C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2003-10-22 15:03]
"IW_Drop_Icon"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2004-02-26 15:00]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2004-09-09 17:35]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-12-08 13:55]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 09:29]
"Ltho"="C:\DOCUME~1\Alan\APPLIC~1\ASEMBL~1\scanregw.exe" []
"Hbyfyaxk"="C:\WINDOWS\system32\W?nSxS\n?tdde.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 00:54 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2004-05-27 13:09 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2004-06-08 04:58 C:\WINDOWS\system32\VTTrayp.exe]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-09-02 21:33]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-02 21:34]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-04-20 22:38]
"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe" [2003-09-19 20:23]
"LapLink Scheduler"="C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE" [2003-06-18 16:56]
"NovaBackup 7.0 Tray Control"="C:\Program Files\NovaStor\NovaBackup\7\NbkCtrl.exe" [2003-01-14 18:37]
"Atari Launcher 2"="C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe" [2001-05-22 18:13]
"AtariBanner"="C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" [2001-05-22 18:17]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-27 11:47]
"farstone"="" []
"RestoreIT!"="C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-02-06 16:00]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06]
"HostManager"="C:\Program Files\Common Files\AOL\1124325675\ee\AOLSoftware.exe" [2006-09-25 18:52]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1124325675\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe" [2007-01-25 15:35]
"sscRun"="C:\Program Files\Common Files\AOL\1124325675\ee\SSCRun.exe" [2007-01-25 15:34]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2006-07-28 11:43]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2006-07-28 11:43]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2004-03-22 19:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-21 12:17]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-21 12:17]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Online Services\rtejeja.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifffec]
iifffec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Documents and Settings\Alan\My Documents\My Archives\AlienGUIse\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Documents and Settings\Alan\My Documents\My Archives\AlienGUIse\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zrulbdkw]
zrulbdkw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys
R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys
R1 tsircmir;LapLink Mirror Driver Miniport;C:\WINDOWS\system32\Drivers\tsircmir.sys
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys
R2 TSIREGMO;tsiregmo;C:\WINDOWS\system32\drivers\tsiregmo.sys
R2 TSISER;TSISER;C:\WINDOWS\system32\drivers\TSISER.sys
R2 TSISTRMX;Traveling Software Stream Driver;C:\WINDOWS\system32\drivers\TSISTRMX.sys
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys
R3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys
R3 PhnxVcd;PhnxVcd;C:\WINDOWS\system32\Drivers\PhnxVcd.sys
R3 TSIKBF5;Traveling Software Keyboard Filter Driver;C:\WINDOWS\system32\drivers\TSIKBF5.sys
R3 TSIMSF5;Traveling Software Mouse Filter Driver;C:\WINDOWS\system32\drivers\TSIMSF5.sys
S1 TSIRCINK;Traveling Software Install Driver;C:\WINDOWS\system32\drivers\TSIRCINK.sys
S2 Ca536av;Take-it DV Series;C:\WINDOWS\system32\Drivers\Ca536av.sys
S2 FBAPI;FBAPI;\??\C:\WINDOWS\System32\drivers\FBAPI.sys
S3 USBCamera;Take-it DSC Series;C:\WINDOWS\system32\Drivers\Bulk536.sys

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 18:21:13
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-16 18:30:08 - machine was rebooted
.
2007-11-23 06:50:29 --- E O F ---
RagnarokIXI
Active Member
 
Posts: 6
Joined: November 21st, 2007, 2:50 pm

Re: spyware, viruses, and constant popups.

Unread postby RagnarokIXI » December 16th, 2007, 9:58 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:16 PM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1124325675\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Documents and Settings\Alan\My Documents\My Archives\AlienGUIse\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE
C:\Program Files\Common Files\LapLink\Scheduler\LLSCHENG.EXE
C:\Program Files\NovaStor\NovaBackup\7\NbkCtrl.exe
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\Program Files\Common Files\AOL\1124325675\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1124325675\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\1124325675\ee\SSCEvtHdlr.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OpenOffice.org1.0\program\soffice.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\AOL\1124325675\ee\aolsoftware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\New Folder\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.v2premier.com"); (C:\Documents and Settings\ALAN\Application Data\Mozilla\Profiles\default\fn0fh120.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ALAN\Application Data\Mozilla\Profiles\default\fn0fh120.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5B19BE-4CAE-4F88-87D1-45D25A637A7B} - C:\Program Files\Outlook Express\meno4444.dll (file missing)
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-1.dll
O2 - BHO: (no name) - {12A03130-D563-48E6-B313-9943B57E91AC} - C:\Program Files\Outlook Express\meno83122.dll (file missing)
O2 - BHO: {659c6c56-74aa-67e8-d2b4-9be718989fc1} - {1cf98981-7eb9-4b2d-8e76-aa4765c6c956} - C:\WINDOWS\system32\ndtsywiw.dll (file missing)
O2 - BHO: 0 - {587C3C68-E734-49E1-CE93-08952BE55E48} - C:\Program Files\Online Services\quzate.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8F17087-487D-473F-ABC6-23D1921C78AA} - C:\WINDOWS\system32\jkkjk.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Program Files\Common Files\LapLink\Scheduler\LLSCHED.EXE"
O4 - HKLM\..\Run: [NovaBackup 7.0 Tray Control] "C:\Program Files\NovaStor\NovaBackup\7\NbkCtrl.exe"
O4 - HKLM\..\Run: [Atari Launcher 2] C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124325675\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1124325675\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1124325675\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Ltho] "C:\DOCUME~1\Alan\APPLIC~1\ASEMBL~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Hbyfyaxk] C:\WINDOWS\system32\W?nSxS\n?tdde.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.0.lnk = C:\Program Files\OpenOffice.org1.0\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 1.0.lnk = C:\Program Files\OpenOffice.org1.0\program\quickstart.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted IP range: http://192.168.1.1
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... gctlcm.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/s ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/s ... cGDMgr.cab
O20 - Winlogon Notify: iifffec - iifffec.dll (file missing)
O20 - Winlogon Notify: zrulbdkw - zrulbdkw.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1124325675\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: NsEngine - Unknown owner - C:\Program Files\NovaStor\NovaBackup\7\NSENGINE.exe
O23 - Service: Phoenix VCD Service (PhnxVCDService) - Phoenix Technologies Ltd. - C:\WINDOWS\System32\PhnxCDSvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\rtejeja.html

--
End of file - 12305 bytes
RagnarokIXI
Active Member
 
Posts: 6
Joined: November 21st, 2007, 2:50 pm

Re: spyware, viruses, and constant popups.

Unread postby Scotty » December 18th, 2007, 4:03 pm

Hi

The bad news first.
Two of the files SDFix deleted are used to steal password information. SDFix has retrieved what information may have been taken and you can look for yourself by reading this file.
C:\SDFix\Data.txt (located at Start>My Computer>Local Drive ( C ) )
Importantly though, especially if you use your computer for banking or other sensitive matters, I would change all passwords and check monetary accounts for irregularities.

P2P Warning!
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
Additional information on the safety of Peer to Peer programs themselves is here :
Clean/Infected P2P Programs
Please refrain from using your Limewire during the course of your fix, so you dont risk inviting more malware onto your computer.


I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system including
  1. Operating System Version
  2. CPU Type and Speed
  3. Memory Amount
    Video Card type and Driver Version
  4. Sound Card type and Driver Version
  5. DirectX Version
    Location that the Web Driver was installed from
  6. It is also a MAJOR resource hog.
For more information, see WildTangent Removal Instructions and Help and Inside Wild Tangent-Delivering High-End 3-D Content To A Web Site Near You.
Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent: To uninstall Wild Tangent:
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight Wild Tangent, click Remove.
  4. Close the Add or Remove Programs and the Control Panel windows.


WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com). There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is spyware, and by the definition used here, it is not, as it does not leak information back to its controlling servers. However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it unsolicited, and since it is installed to raise money for its creators through the built-in ads it is certainly commercial. So it does meet the definition for parasite unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately. WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

I recommend that you uninstall WeatherBugand choose one of these alternatives:
Weather Pulse
Weather Watcher
or
Get mozilla Firefox and then get FORECASTFOX!!!
or check the weather at these websites:
Weather Street: US Weather
Intellicast
To uninstall WeatherBug:
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight WeatherBug, click Remove.
  4. Close the Add or Remove Programs and the Control Panel windows.

You are still running two anti-virus scanners. It's important you disable one. Post a new HijackThis log to show me you have done so before we can proceed with cleaning you up.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: spyware, viruses, and constant popups.

Unread postby Scotty » December 23rd, 2007, 6:36 am

Stilll need help here?
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: spyware, viruses, and constant popups.

Unread postby RagnarokIXI » December 29th, 2007, 11:08 pm

Sorry i went on a trip for a week and i just got back. ive tried to turn off one of my virus scanners but i cant figure out how other than uninstalling one, how do i turn one off?
RagnarokIXI
Active Member
 
Posts: 6
Joined: November 21st, 2007, 2:50 pm

Re: spyware, viruses, and constant popups.

Unread postby Scotty » December 30th, 2007, 9:21 am

Hi

Hope you had a good trip. :D

It is probably easier to uninstall one of the anti-viruses.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: spyware, viruses, and constant popups.

Unread postby Scotty » January 5th, 2008, 11:51 am

Still needing help here?
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: spyware, viruses, and constant popups.

Unread postby silver » January 7th, 2008, 9:45 pm

This topic is now closed due to inactivity. If you wish it to be reopened, please send an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 16 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware