Okay, here we go
SmitFraudFix v2.123
Scan done at 11:47:57.18, Thu 11/23/2006
Run from C:\Documents and Settings\test\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\Program Files\VirusBursters\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
test - 06-11-23 14:19:05.65 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\test\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{00006D4D-0A6A-1033-0106-050818040001}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\test\Application Data\WNSXS~1
C:\QooBox\Purity\Program Files\STEM32~1
C:\QooBox\Purity\Program Files\Common Files\TSKS~1
C:\QooBox\Purity\Program Files\STEM32~1\??stem32
C:\QooBox\Purity\WINDOWS\system32\ICROSO~1
((((((((((((((((((((((((((((((( Files Created from 2006-10-23 to 2006-11-23 ))))))))))))))))))))))))))))))))))
2006-11-23 11:36 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-21 18:40 3,454 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-21 18:39 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-21 18:39 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-21 18:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-21 18:39 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-20 19:40 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2006-11-20 19:40 <DIR> d-------- C:\Program Files\Zone Labs
2006-11-20 19:38 <DIR> d-------- C:\WINDOWS\Internet Logs
2006-11-20 19:35 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-20 19:34 <DIR> d-------- C:\Documents and Settings\test\Application Data\AVG7
2006-11-20 19:33 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-20 19:33 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-20 19:33 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-20 19:33 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-20 19:33 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-20 19:33 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-20 19:33 <DIR> d-------- C:\Program Files\Grisoft
2006-11-20 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-20 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-11-19 22:03 1,492 --a------ C:\WINDOWSvundofix.reg
2006-11-19 22:02 <DIR> d-------- C:\VundoFix Backups
2006-11-19 20:56 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-19 20:53 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-19 20:50 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-19 20:44 94,208 --a------ C:\WINDOWS\system32\exclgse.dll
2006-11-19 20:44 71,168 --a------ C:\WINDOWS\system32\bkracun.dll
2006-11-19 18:06 94,208 --a------ C:\WINDOWS\system32\cpktepe.dll
2006-11-19 18:06 71,680 --a------ C:\WINDOWS\system32\tcdenj.dll
2006-11-17 06:27 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-11-16 06:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-16 06:01 <DIR> d-------- C:\628afec30667c8ee3c460b
2006-11-09 18:33 110,612 --a------ C:\WINDOWS\system32\jkclwifk.exe
2006-11-09 18:33 <DIR> d-------- C:\Program Files\VSAdd-in
2006-11-09 18:19 93,696 --a------ C:\WINDOWS\system32\ybzxmpd.dll
2006-11-09 18:19 72,704 --a------ C:\WINDOWS\system32\bgnhove.dll
2006-11-08 22:00 877,568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2006-11-08 22:00 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2006-11-08 22:00 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2006-11-08 22:00 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2006-11-08 22:00 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2006-11-08 22:00 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2006-11-08 22:00 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2006-11-08 22:00 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2006-11-08 22:00 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2006-11-08 22:00 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2006-11-08 22:00 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2006-11-08 22:00 126,464 --a------ C:\WINDOWS\system32\lame_enc.dll
2006-11-08 22:00 <DIR> d-------- C:\WINDOWS\system32\RMBin
2006-11-08 22:00 <DIR> d-------- C:\Program Files\AliveMedia
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-04 23:18 <DIR> d-------- C:\Program Files\iTunes
2006-11-04 23:15 <DIR> d--hs---- C:\Config.Msi
2006-11-04 23:15 <DIR> d-------- C:\Program Files\QuickTime
2006-11-04 23:14 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 19:31 <DIR> d-------- C:\Documents and Settings\test\Application Data\Opera
2006-11-02 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2006-11-02 18:34 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-11-02 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-02 18:24 <DIR> d-------- C:\Program Files\DAEMON Tools
2006-11-02 16:30 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-11-01 14:51 <DIR> d-------- C:\Program Files\Morpheus Toolbar
2006-10-31 15:44 <DIR> d--h----- C:\WINDOWS\PIF
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-23 14:20 -------- d-a------ C:\Program Files\Common Files
2006-11-22 09:25 -------- d-------- C:\Program Files\Lesmd
2006-11-21 18:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-19 21:02 -------- d-a------ C:\Program Files\Internet Explorer
2006-11-19 21:02 -------- d-------- C:\Program Files\WinRAR
2006-11-19 16:15 -------- d-------- C:\Program Files\PeDevice
2006-11-19 15:19 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-12 13:35 -------- d-------- C:\Program Files\Morpheus
2006-11-07 21:03 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 23:18 -------- d-------- C:\Program Files\iPod
2006-11-03 15:30 -------- d-------- C:\Documents and Settings\test\Application Data\Adobe
2006-11-02 18:39 -------- d-------- C:\Program Files\Adobe
2006-11-02 18:36 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-28 09:27 -------- d-------- C:\Program Files\AWS
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --a------ C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --a------ C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --a------ C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --a------ C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /Minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Media Connect 2"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=dword:00000003
"Schedule"=dword:00000002
"SamSs"=dword:00000002
"RasMan"=dword:00000003
"ERSvc"=dword:00000002
"NVSvc"=dword:00000002
"IDriverT"=dword:00000003
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20061123-113004-130
O20 - Winlogon Notify: winlvv32 - winlvv32.dll (file missing)
backup-20061123-111904-675
O20 - Winlogon Notify: mllmk - C:\WINDOWS\system32\mllmk.dll (file missing)
backup-20061123-111904-814
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
backup-20061123-111904-682
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\fishcwke.dll (file missing)
backup-20061123-111904-547
O2 - BHO: (no name) - {2BC144DF-8FC7-453F-AE9A-CBF6B3EFE2A2} - C:\WINDOWS\system32\mllmk.dll (file missing)
backup-20061123-111904-911
O2 - BHO: (no name) - {18DB85FD-A93B-B90C-C753-016BF42A3EEA} - C:\WINDOWS\system32\bkracun.dll
backup-20061123-111904-889
O2 - BHO: (no name) - {0F049168-504A-C193-0DF2-079B217A8CE9} - C:\WINDOWS\system32\bgnhove.dll
backup-20061123-111904-299
O2 - BHO: (no name) - {07535D90-164F-0432-F98E-0AAAC88D266F} - C:\WINDOWS\system32\tcdenj.dll
backup-20061123-111904-506
O2 - BHO: (no name) - {00EB110D-5E8E-4D70-9AA4-6E91BB57F1A3} - C:\WINDOWS\system32\ddcya.dll (file missing)
backup-20061119-211407-747
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30006D4D-0A6A-1033-0106-050818040001}\888.dll
backup-20061119-211350-658
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30006D4D-0A6A-1033-0106-050818040001}\888.dll
backup-20061119-211350-727
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll
backup-20061119-211246-515
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvgod.dll,startup
backup-20061119-211246-714
O4 - HKLM\..\Run: [exclgse.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\exclgse.dll,givigpe
backup-20061119-211138-881
O11 - Options group: [INTERNATIONAL] International*
backup-20061119-211138-405
R3 - URLSearchHook: (no name) - {AF99759F-A96C-DDBD-7000-CC891F2833C2} - C:\WINDOWS\system32\suikfybh.dll
backup-20061119-211138-245
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{30006D4D-0A6A-1033-0106-050818040001}\888.dll
backup-20061119-211138-849
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20061119-192909-281
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
backup-20061119-185011-671
O4 - Startup: iexplore.exe
backup-20061119-185011-360
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
backup-20061119-185011-443
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
backup-20061119-184716-427
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 9185928859
backup-20061119-184716-605
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
backup-20061119-184716-259
O4 - Startup: iexplore.exe
backup-20061119-184716-678
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
backup-20061119-184716-864
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
backup-20061119-184716-573
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId= ... .xbox.com/
backup-20061119-181351-446
O4 - Startup: iexplore.exe
backup-20061119-181351-826
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20061119-181351-179
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
backup-20061119-181351-326
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId= ... r.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
backup-20061119-181351-616
R3 - URLSearchHook: (no name) - {7DEB0398-8C34-A8EC-7955-B9CE6BCFEDC9} - C:\WINDOWS\system32\potjvd.dll
backup-20061119-181351-836
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20061119-150743-265
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - C:\WINDOWS\system32\cfltygd.dll
backup-20061119-150743-260
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
backup-20061119-150743-781
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
backup-20061119-150743-169
R3 - URLSearchHook: (no name) - {C97B0B9C-D56C-F5B9-2DE0-B29EFE4652C0} - C:\WINDOWS\system32\zbhbm.dll
backup-20061119-150743-364
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
backup-20061119-150743-898
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
backup-20061119-150743-262
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
backup-20061119-150743-866
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20061119-150743-165
O4 - HKLM\..\Run: [ybzxmpd.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ybzxmpd.dll,fnnccue
backup-20060325-161159-368
O11 - Options group: [INTERNATIONAL] International*
backup-20060325-161159-816
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
backup-20060325-161158-139
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
backup-20050619-215254-347
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
backup-20050619-215254-264
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
backup-20050619-214837-300
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
backup-20050619-214837-340
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
backup-20050619-214837-406
O15 - Trusted Zone: *.media-motor.net
backup-20050619-214837-968
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
backup-20050619-214837-827
O15 - Trusted Zone: *.popuppers.com
backup-20050619-214837-383
O4 - HKCU\..\RunOnce: [qf2x7.exe] C:\WINDOWS\System32\qf2x7.exe /k
backup-20050619-214837-105
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
backup-20050619-214837-988
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
backup-20050619-214837-155
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
backup-20050619-214837-745
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
backup-20050619-214837-606
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
backup-20050619-214837-603
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
backup-20050619-214837-568
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
backup-20050619-214837-546
O4 - HKLM\..\Run: [Pparexcq] C:\Program Files\Lesmd\Lolk.exe
backup-20050619-214837-613
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
backup-20050619-214837-621
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
backup-20050619-214837-211
O4 - HKLM\..\Run: [zanu] c:\program files\zangoclient\zanu.exe
backup-20050619-214837-944
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
backup-20050619-214837-361
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
backup-20050619-214837-354
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
backup-20050619-214837-293
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
backup-20050619-214837-275
O4 - HKLM\..\RunOnce: [qf2x7.exe] C:\WINDOWS\System32\qf2x7.exe /k
backup-20050619-214837-435
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
backup-20050619-214837-780
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\cb2rqfk.dll (file missing)
backup-20050619-214837-385
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\system32\brg.dll
backup-20050619-214837-123
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
backup-20050512-205208-989
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
backup-20050512-204706-126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50245
backup-20050512-204706-120
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
backup-20050512-204706-458
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50245
backup-20050512-204617-314
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.websearch.com/ie.aspx?tb_id=50245
backup-20050512-204602-869
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50245
backup-20050512-204602-859
O15 - Trusted Zone: *.popuppers.com
backup-20050512-204602-681
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
backup-20050512-204602-649
O15 - Trusted Zone: *.media-motor.net
backup-20050512-204602-952
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50245
backup-20050510-163038-130
O15 - Trusted Zone: *.popuppers.com
backup-20050510-163038-827
O15 - Trusted Zone: *.media-motor.net
backup-20050510-163015-809
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) -
http://www.mt-download.com/MediaTickets ... refid=3160
backup-20050510-163015-698
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
backup-20050510-163015-175
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
backup-20050510-163014-735
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) -
http://cabs.media-motor.net/cabs/alien.cab
backup-20050510-163014-247
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/Media ... ge-c18.cab
backup-20050510-163014-158
O15 - Trusted Zone: *.media-motor.net
backup-20050510-163014-480
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
backup-20050510-163014-343
O8 - Extra context menu item: Web Rebates -
file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
backup-20050510-163014-948
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
backup-20050510-163014-980
O15 - Trusted Zone: *.popuppers.com
backup-20050510-163014-750
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20050505-225717-167
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
backup-20050505-225633-362
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
backup-20050505-225633-539
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
backup-20050505-225633-194
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
backup-20050505-225633-143
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\cb2rqfk.dll
backup-20050505-225633-238
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
backup-20050505-225633-321
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: 06-11-23 14:22:30.37
C:\ComboFix.txt ... 06-11-23 14:22
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:08:01 PM 11/23/2006
+ Scan result:
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP128\A0009668.dll -> Adware.Aws : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Adware.Delfin : Cleaned with backup (quarantined).
HKU\S-1-5-21-3482209959-4056040374-1449709486-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\test\Desktop\OiUninstaller.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP147\A0011940.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP154\A0012159.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP163\A0012895.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{00006D4D-0A6A-1033-0106-050818040001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{00006D4D-0A6A-1033-0106-050818040001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP147\A0011929.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP148\A0011979.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP148\A0011983.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP148\A0011984.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP155\A0012263.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\system32\efcyaax.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\geebyvs.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ssqrsst.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP163\A0012936.exe -> Adware.VirusBurst.c : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP140\A0011510.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP147\A0011933.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP149\A0011989.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP140\A0011509.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP147\A0011932.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP149\A0011990.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP140\A0011512.exe -> Downloader.Zlob.avv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP140\A0011513.exe -> Downloader.Zlob.avv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP145\A0011677.exe -> Downloader.Zlob.axt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP154\A0012252.exe -> Downloader.Zlob.axt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP155\A0012274.exe -> Downloader.Zlob.axt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP159\A0012445.exe -> Downloader.Zlob.axt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP159\A0012457.exe -> Downloader.Zlob.axt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP160\A0012559.exe -> Downloader.Zlob.axt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP160\A0012574.exe -> Downloader.Zlob.axt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP161\A0012742.exe -> Downloader.Zlob.axt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP163\A0012904.exe -> Downloader.Zlob.axt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP163\A0012915.exe -> Downloader.Zlob.axt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP163\A0012927.exe -> Downloader.Zlob.axt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP138\A0011462.exe -> Hijacker.VB.qb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP148\A0011954.exe -> Hijacker.VB.qb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP161\A0012731.exe -> Hijacker.VB.qb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP161\A0012732.exe -> Hijacker.VB.qb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP161\A0012733.exe -> Hijacker.VB.qb : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.81:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.82:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.111:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.112:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.113:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.114:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.115:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.118:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.25:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.133:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.116:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.117:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.119:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.22:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.25:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.70:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.71:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.72:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.73:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.74:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.75:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.76:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.77:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.78:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.29:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.30:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.31:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.32:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.33:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.129:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.145:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.146:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.147:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.148:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.152:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.60:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.61:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.62:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.37:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.38:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.39:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.87:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.88:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.89:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.90:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.91:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.92:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.158:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.140:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.141:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.142:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.22:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.23:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.24:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.33:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.34:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.40:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.41:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.42:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\0i6scip8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.18:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.19:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.20:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.21:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\9cn7jobc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP146\A0011703.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\HijackThis\backups\backup-20050505-225633-143.dll -> Trojan.Delf.cf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP161\A0012730.dll -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP161\A0012735.sys -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP161\A0012737.dll -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP161\A0012744.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP161\A0012747.sys -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP161\A0012741.exe -> Trojan.Kolweb.d : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DFE557A5-2C84-4D33-8CD3-74AF8D857803}\RP161\A0012734.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 2:26:12 PM, on 11/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\Scanner.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe