Jump to content


Photo

Need to save my computer...


  • This topic is locked This topic is locked
32 replies to this topic

#1 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 25 May 2007 - 10:31 PM

From this spyware/adware garbage that seems to have taken over my computer. I seem to be having the same problems as many other people. Out of nowhere my computer is slower than normal, and I'm getting IE popups for sites like maniatv.com. I use Firefox as my main browser.

Here's my HijackThis log. I really hope someone can help. I'm not the most computer savvy person, but I'll take whatever help I can get.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:29:54 PM, on 5/25/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\System32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINNT\bsgbzso.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\Explorer.EXE
E:\WINNT\TPPALDR.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\WINNT\bsgbzsoA.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\WINNT\system32\wuauclt.exe
E:\Program Files\AIM\aim.exe
E:\Program Files\iTunes\iTunes.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
E:\Documents and Settings\Rich Chalfin\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.us/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll
O2 - BHO: (no name) - {13CBDC75-23B7-4676-BD48-34A43BAA1C69} - (no file)
O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - E:\WINNT\system32\cbxxywu.dll
O2 - BHO: PsapiAnalyzer Object - {489263D0-1E71-4B29-B4D1-46DAA5856DF7} - e:\winnt\driver cache\dnsurl.dll
O2 - BHO: (no name) - {49AA6527-CF40-50E7-D577-64550CF32B41} - (no file)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - E:\WINNT\system32\efpcnyxq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {95F44196-1612-47E4-8A5E-103CD1DAC730} - E:\WINNT\system32\taeqwphx.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {C5D02014-0D16-4354-BB0C-9186E1236BA3} - E:\WINNT\system32\vtuts.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Optimum Online] E:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [LaCie USB2 Auto Loader] E:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPP Auto Loader] E:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Windows Media Utility] wmediautil.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] E:\WINNT\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638EE323A15806F9DA6EF604776CA6C1637F811E3C28222142CCE7003
O4 - HKLM\..\Run: [ntdll.dll] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bsgbzsoA] E:\WINNT\bsgbzsoA.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "E:\WINNT\system32\cexvpjll.dll",realset
O4 - HKLM\..\RunServices: [Windows Media Utility] wmediautil.exe
O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [A00F91F13.exe] E:\DOCUME~1\RICHCH~1\LOCALS~1\Temp\_A00F91F13.exe
O4 - HKCU\..\Run: [A00F930CC.exe] E:\DOCUME~1\RICHCH~1\LOCALS~1\Temp\_A00F930CC.exe
O4 - HKCU\..\Run: [A00F94067.exe] E:\DOCUME~1\RICHCH~1\LOCALS~1\Temp\_A00F94067.exe
O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - E:\WINNT\system32\shdocvw.dll (HKCU)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O20 - Winlogon Notify: cbxxywu - E:\WINNT\SYSTEM32\cbxxywu.dll
O20 - Winlogon Notify: CLSID - E:\WINNT\
O20 - Winlogon Notify: dnsurl - e:\winnt\driver cache\dnsurl.dll
O20 - Winlogon Notify: vtuts - E:\WINNT\system32\vtuts.dll
O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat
O20 - Winlogon Notify: __c009AA40 - E:\WINNT\system32\__c009AA40.dat
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINNT\system32\browseui.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Net Agent - Unknown owner - E:\WINNT\dls0523pmw.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Overlay Components - Unknown owner - E:\WINNT\bsgbzso.exe
O24 - Desktop Component 0: (no name) - E:\Documents and Settings\Rich Chalfin\My Documents\My Pictures\dad.bmp

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 28 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 31 May 2007 - 03:54 AM

Hi,

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Please also post a fresh HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#4 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 10 June 2007 - 06:50 PM

Hello...sorry about the wait. I had been away, and just saw today that you responded to my post. My HiJack This log has changed since the last one, since I tried to fix some problems I knew of. I need ot know if I should follow the directions in your last post, or start over with different instructions.

Logfile of HijackThis v1.99.1
Scan saved at 7:50:02 PM, on 6/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\System32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\system32\j4271839.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\wuauclt.exe
E:\WINNT\TPPALDR.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\WINNT\sosi42.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINNT\svchost.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINNT\explorer.exe
E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll
O2 - BHO: (no name) - {4789D0A2-78F3-4F40-A27B-322659AA0B37} - E:\Program Files\Windows NT\hokeno.dll
O2 - BHO: PsapiAnalyzer Object - {489263D0-1E71-4B29-B4D1-46DAA5856DF7} - e:\winnt\driver cache\dnsurl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {826C4E55-7C35-4905-A4F1-30266D9BF5B7} - E:\WINNT\system32\ljhif.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - E:\WINNT\system32\fccyyaa.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {95F44196-1612-47E4-8A5E-103CD1DAC730} - E:\WINNT\system32\dklsmhsw.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - E:\WINNT\system32\mokyfcwi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LaCie USB2 Auto Loader] E:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPP Auto Loader] E:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sosi42] E:\WINNT\sosi42
O4 - HKLM\..\Run: [{ZN}] E:\Documents and Settings\Rich Chalfin\Local Settings\Temp\TICHD003.exe CHD003
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "E:\WINNT\system32\iagvilwp.dll",realset
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [xrunwin] E:\WINNT\svchost.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: TA_Start.lnk = E:\Documents and Settings\Rich Chalfin\Local Settings\Temp\TICHD003.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/c...::/xpreload.ocx
O20 - Winlogon Notify: dnsurl - e:\winnt\driver cache\dnsurl.dll
O20 - Winlogon Notify: fccyyaa - E:\WINNT\SYSTEM32\fccyyaa.dll
O20 - Winlogon Notify: ljhif - E:\WINNT\system32\ljhif.dll
O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#5 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 11 June 2007 - 02:39 AM

Hi again,

Yes, run DrWeb as above, but after you have done that please do this:

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Then post the CureIt report and the ComboFix report.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#6 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 11 June 2007 - 09:53 PM

I did everything you asked, and when once ComboFix finished searching, all my desktop icons and start bar disappeared. I had to restart just to get it back to normal. Also, my CureIt log is huge...but this is what I came up with.

tichd003.exe;e:\documents and settings\rich chalfin\local settings\temp;Adware.ZenoSearch;Incurable.Moved.;
lavuhaxo.dll;e:\program files\microsoft office;Trojan.StartPage.19992;Deleted.;
dnsurl.dll;e:\winnt\driver cache;Trojan.Virtumod;Will be cured after reboot.;
sosi42.exe;e:\winnt;Modification of BackDoor.Generic.987;Moved.;
svchost.exe;e:\winnt;Trojan.Proxy.1821;Deleted.;
__c00896f4.dat;e:\winnt\system32;Trojan.DownLoader.22964;Will be cured after reboot.;
dklsmhsw.dll;e:\winnt\system32;Adware.Crew;Incurable.Moved.;
core.sys;e:\winnt\system32\drivers;Trojan.NtRootKit.239;Deleted.;
ljhif.dll;e:\winnt\system32;Trojan.Virtumod;Will be cured after reboot.;
mokyfcwi.dll;e:\winnt\system32;Trojan.Virtumod;Deleted.;
U.exe;C:\;Trojan.DownLoader.21580;Deleted.;
v29.exe;E:\Documents and Settings\All Users\Application Data\Pribi;Trojan.MulDrop.3206;Deleted.;
backup-20070531-223400-198.dll;E:\Documents and Settings\Rich Chalfin\Desktop\backups;Adware.Crew;Incurable.Moved.;
backup-20070531-223400-484.dll;E:\Documents and Settings\Rich Chalfin\Desktop\backups;Trojan.Virtumod;Deleted.;
backup-20070531-223400-730.dll;E:\Documents and Settings\Rich Chalfin\Desktop\backups;Trojan.Virtumod;Deleted.;
backup-20070531-224627-490.dll;E:\Documents and Settings\Rich Chalfin\Desktop\backups;Trojan.Virtumod;Deleted.;
129A4DFFd01\javascript.14;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\129A4DFFd01;VBS.Psyme.377;;
129A4DFFd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
362F1C59d01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\362F1C59d01;VBS.Psyme.377;;
362F1C59d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
5FCB37FFd01\javascript.8;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\5FCB37FFd01;VBS.Psyme.377;;
5FCB37FFd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
7C330256d01\javascript.7;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\7C330256d01;VBS.Psyme.377;;
7C330256d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
866CCF4Dd01\javascript.15;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\866CCF4Dd01;VBS.Psyme.377;;
866CCF4Dd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
B0BE8668d01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\B0BE8668d01;VBS.Psyme.377;;
B0BE8668d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
B48F178Fd01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\B48F178Fd01;VBS.Psyme.377;;
B48F178Fd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
B7FE855Cd01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\B7FE855Cd01;VBS.Psyme.377;;
B7FE855Cd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
B9FA6A67d01\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\B9FA6A67d01;VBS.Psyme.377;;
B9FA6A67d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
BA171E72d01\javascript.11;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\BA171E72d01;VBS.Psyme.377;;
BA171E72d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
BA4FBB8Fd01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\BA4FBB8Fd01;VBS.Psyme.377;;
BA4FBB8Fd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
CC25B0C4d01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\CC25B0C4d01;VBS.Psyme.377;;
CC25B0C4d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
CF60B7D5d01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\CF60B7D5d01;VBS.Psyme.377;;
CF60B7D5d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
DB080BB6d01\javascript.15;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\DB080BB6d01;VBS.Psyme.377;;
DB080BB6d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
E113F635d01\javascript.15;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\E113F635d01;VBS.Psyme.377;;
E113F635d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
E837B7BCd01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\E837B7BCd01;VBS.Psyme.377;;
E837B7BCd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
EF536466d01\javascript.3;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\EF536466d01;VBS.Psyme.377;;
EF536466d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
FB3F5AE4d01\javascript.7;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\FB3F5AE4d01;VBS.Psyme.377;;
FB3F5AE4d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
FB4F5AE4d01\javascript.8;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\FB4F5AE4d01;VBS.Psyme.377;;
FB4F5AE4d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;
TICHD003.exe;E:\Documents and Settings\Rich Chalfin\Local Settings\Temp;Adware.ZenoSearch;;
wr-1-2000219.exe;E:\Documents and Settings\Rich Chalfin\Local Settings\Temp;Trojan.DownLoader.22968;Deleted.;
click[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5FU3ZVCZ\click[1].htm;VBS.Psyme.377;;
click[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5FU3ZVCZ;Archive contains infected objects;Moved.;
1[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\1[1].htm;VBS.Psyme.377;;
1[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
3385202[1]\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\3385202[1];VBS.Psyme.377;;
3385202[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
click[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\click[1].htm;VBS.Psyme.377;;
click[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
enter.sexlist[1].htm\javascript.7;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\enter.sexlist[1].htm;VBS.Psyme.377;;
enter.sexlist[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
freeppc[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\freeppc[1].htm;VBS.Psyme.377;;
freeppc[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
index[1].htm\javascript.6;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\index[1].htm;VBS.Psyme.377;;
index[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
isearch[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\isearch[1].htm;VBS.Psyme.377;;
isearch[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
isearch[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\isearch[2].htm;VBS.Psyme.377;;
isearch[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[1].htm;VBS.Psyme.377;;
searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[2].htm;VBS.Psyme.377;;
searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[3].htm;VBS.Psyme.377;;
searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
searchbbr545[4].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[4].htm;VBS.Psyme.377;;
searchbbr545[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
searchbbr545[5].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[5].htm;VBS.Psyme.377;;
searchbbr545[5].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
searchbbr545[6].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[6].htm;VBS.Psyme.377;;
searchbbr545[6].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
searchbbr545[7].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[7].htm;VBS.Psyme.377;;
searchbbr545[7].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
start.xxxcounter[1].htm\javascript.7;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\start.xxxcounter[1].htm;VBS.Psyme.377;;
start.xxxcounter[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;
p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CDEFK16B\p[1].htm;VBS.Psyme.377;;
p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CDEFK16B;Archive contains infected objects;Moved.;
saidthings[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CDEFK16B\saidthings[1].htm;VBS.Psyme.377;;
saidthings[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CDEFK16B;Archive contains infected objects;Moved.;
5kcertbops[1].aspx\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CJCVIN47\5kcertbops[1].aspx;VBS.Psyme.377;;
5kcertbops[1].aspx;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CJCVIN47;Archive contains infected objects;Moved.;
p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CJCVIN47\p[1].htm;VBS.Psyme.377;;
p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CJCVIN47;Archive contains infected objects;Moved.;
3385308[1]\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\3385308[1];VBS.Psyme.377;;
3385308[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
62tt[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\62tt[1].htm;VBS.Psyme.377;;
62tt[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
AIM_UAC[1].adp\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\AIM_UAC[1].adp;VBS.Psyme.377;;
AIM_UAC[1].adp;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
a[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\a[1].htm;VBS.Psyme.377;;
a[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
a[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\a[2].htm;VBS.Psyme.377;;
a[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
a[3].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\a[3].htm;VBS.Psyme.377;;
a[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
index-1[1].htm\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\index-1[1].htm;VBS.Psyme.377;;
index-1[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
isearch[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\isearch[1].htm;VBS.Psyme.377;;
isearch[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
isearch[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\isearch[2].htm;VBS.Psyme.377;;
isearch[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
moomain[1].htm\javascript.3;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\moomain[1].htm;VBS.Psyme.377;;
moomain[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\p[1].htm;VBS.Psyme.377;;
p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\searchbbr545[1].htm;VBS.Psyme.377;;
searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\searchbbr545[2].htm;VBS.Psyme.377;;
searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
start.outster[1].htm\javascript.7;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\start.outster[1].htm;VBS.Psyme.377;;
start.outster[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;
p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR\p[1].htm;VBS.Psyme.377;;
p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR;Archive contains infected objects;Moved.;
p[3].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR\p[3].htm;VBS.Psyme.377;;
p[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR;Archive contains infected objects;Moved.;
p[4].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR\p[4].htm;VBS.Psyme.377;;
p[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR;Archive contains infected objects;Moved.;
watch[1]\javascript.10;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR\watch[1];VBS.Psyme.377;;
watch[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR;Archive contains infected objects;Moved.;
99981[1]\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\99981[1];VBS.Psyme.377;;
99981[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
NULL[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\NULL[1].htm;VBS.Psyme.377;;
NULL[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
NULL[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\NULL[2].htm;VBS.Psyme.377;;
NULL[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\p[1].htm;VBS.Psyme.377;;
p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
p[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\p[2].htm;VBS.Psyme.377;;
p[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
searchbbr545[10].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[10].htm;VBS.Psyme.377;;
searchbbr545[10].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[1].htm;VBS.Psyme.377;;
searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[2].htm;VBS.Psyme.377;;
searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[3].htm;VBS.Psyme.377;;
searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
searchbbr545[4].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[4].htm;VBS.Psyme.377;;
searchbbr545[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
searchbbr545[5].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[5].htm;VBS.Psyme.377;;
searchbbr545[5].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
searchbbr545[6].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[6].htm;VBS.Psyme.377;;
searchbbr545[6].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
searchbbr545[7].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[7].htm;VBS.Psyme.377;;
searchbbr545[7].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
searchbbr545[8].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[8].htm;VBS.Psyme.377;;
searchbbr545[8].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
searchbbr545[9].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[9].htm;VBS.Psyme.377;;
searchbbr545[9].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;
actdkpubid67[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\actdkpubid67[1].htm;VBS.Psyme.377;;
actdkpubid67[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
bxbex[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\bxbex[1].htm;VBS.Psyme.377;;
bxbex[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\bxbex[1].htm;VBS.Psyme.377;;
bxbex[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
click[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\click[1].htm;VBS.Psyme.377;;
click[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
ff2[1].htm\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\ff2[1].htm;VBS.Psyme.377;;
ff2[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\p[1].htm;VBS.Psyme.377;;
p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[1].htm;VBS.Psyme.377;;
searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[2].htm;VBS.Psyme.377;;
searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[3].htm;VBS.Psyme.377;;
searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
searchbbr545[4].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[4].htm;VBS.Psyme.377;;
searchbbr545[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
searchbbr545[5].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[5].htm;VBS.Psyme.377;;
searchbbr545[5].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
searchbbr545[6].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[6].htm;VBS.Psyme.377;;
searchbbr545[6].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
searchbbr545[7].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[7].htm;VBS.Psyme.377;;
searchbbr545[7].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
zone[1]\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\zone[1];VBS.Psyme.377;;
zone[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;
1270243[1]\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\1270243[1];VBS.Psyme.377;;
1270243[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
2pol[1].htm\javascript.3;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\2pol[1].htm;VBS.Psyme.377;;
2pol[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
AIM_text[1].adp\javascript.3;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\AIM_text[1].adp;VBS.Psyme.377;;
AIM_text[1].adp;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
CA3AXOXT\javascript.5;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\CA3AXOXT;VBS.Psyme.377;;
CA3AXOXT;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
easyloanapptips[1]\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\easyloanapptips[1];VBS.Psyme.377;;
easyloanapptips[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
index[3].htm\javascript.4;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\index[3].htm;VBS.Psyme.377;;
index[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
OridOMSPrep[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\OridOMSPrep[1].htm;VBS.Psyme.377;;
OridOMSPrep[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\searchbbr545[1].htm;VBS.Psyme.377;;
searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\searchbbr545[2].htm;VBS.Psyme.377;;
searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\searchbbr545[3].htm;VBS.Psyme.377;;
searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
start.sextracker[1].htm\javascript.7;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\start.sextracker[1].htm;VBS.Psyme.377;;
start.sextracker[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
videoflashgame[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\videoflashgame[1].htm;VBS.Psyme.377;;
videoflashgame[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
zone[4]\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\zone[4];VBS.Psyme.377;;
zone[4];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;
a[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\L3A7BL7S\a[1].htm;VBS.Psyme.377;;
a[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\L3A7BL7S;Archive contains infected objects;Moved.;
watch[1]\javascript.10;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\L3A7BL7S\watch[1];VBS.Psyme.377;;
watch[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\L3A7BL7S;Archive contains infected objects;Moved.;
eayx[1].htm\javascript.5;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\eayx[1].htm;VBS.Psyme.377;;
eayx[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
freeppc[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\freeppc[1].htm;VBS.Psyme.377;;
freeppc[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
freeppc[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\freeppc[2].htm;VBS.Psyme.377;;
freeppc[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
healthxnd[1].htm\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\healthxnd[1].htm;VBS.Psyme.377;;
healthxnd[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
isearch[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\isearch[1].htm;VBS.Psyme.377;;
isearch[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
searchbbr545[10].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[10].htm;VBS.Psyme.377;;
searchbbr545[10].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
searchbbr545[11].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[11].htm;VBS.Psyme.377;;
searchbbr545[11].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[1].htm;VBS.Psyme.377;;
searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[2].htm;VBS.Psyme.377;;
searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[3].htm;VBS.Psyme.377;;
searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
searchbbr545[4].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[4].htm;VBS.Psyme.377;;
searchbbr545[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
searchbbr545[5].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[5].htm;VBS.Psyme.377;;
searchbbr545[5].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
searchbbr545[6].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[6].htm;VBS.Psyme.377;;
searchbbr545[6].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
searchbbr545[7].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[7].htm;VBS.Psyme.377;;
searchbbr545[7].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
searchbbr545[8].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[8].htm;VBS.Psyme.377;;
searchbbr545[8].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
searchbbr545[9].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[9].htm;VBS.Psyme.377;;
searchbbr545[9].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
zone[1]\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\zone[1];VBS.Psyme.377;;
zone[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;
cursive-dorothy-at-forty-guitar-tabs_W0QQfkrZ1QQfnuZ1QQsatitleZcursiveQ20Q22dorothyQ20atQ20fortyQ22Q20guitarQ20tabsQQxpufuZx[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ULM1Y9GV\cursive-dorothy-at-forty-gu;VBS.Psyme.377;;
cursive-dorothy-at-forty-guitar-tabs_W0QQfkrZ1QQfnuZ1QQsatitleZcursiveQ20Q22dorothyQ20atQ20fortyQ22Q20guitarQ20tabsQQxpufuZx[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ULM1Y9GV;Archive contains infected objects;Moved.;
mysmallclaim[1]\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ULM1Y9GV\mysmallclaim[1];VBS.Psyme.377;;
mysmallclaim[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ULM1Y9GV;Archive contains infected objects;Moved.;
p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ULM1Y9GV\p[1].htm;VBS.Psyme.377;;
p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ULM1Y9GV;Archive contains infected objects;Moved.;
a[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\a[1].htm;VBS.Psyme.377;;
a[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
businesslawdot[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\businesslawdot[1].htm;VBS.Psyme.377;;
businesslawdot[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
debbieruston[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\debbieruston[1].htm;VBS.Psyme.377;;
debbieruston[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
ff2[1].htm\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\ff2[1].htm;VBS.Psyme.377;;
ff2[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
freeppc[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\freeppc[1].htm;VBS.Psyme.377;;
freeppc[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
isearch[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\isearch[1].htm;VBS.Psyme.377;;
isearch[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
NULL[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\NULL[1].htm;VBS.Psyme.377;;
NULL[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
NULL[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\NULL[2].htm;VBS.Psyme.377;;
NULL[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[1].htm;VBS.Psyme.377;;
searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[2].htm;VBS.Psyme.377;;
searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[3].htm;VBS.Psyme.377;;
searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
searchbbr545[4].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[4].htm;VBS.Psyme.377;;
searchbbr545[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
searchbbr545[5].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[5].htm;VBS.Psyme.377;;
searchbbr545[5].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
searchbbr545[6].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[6].htm;VBS.Psyme.377;;
searchbbr545[6].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
searchbbr545[7].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[7].htm;VBS.Psyme.377;;
searchbbr545[7].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
search[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\search[2].htm;VBS.Psyme.377;;
search[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
yourstashbox[1].htm\javascript.3;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\yourstashbox[1].htm;VBS.Psyme.377;;
yourstashbox[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;
7311481[1]\javascript.9;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT\7311481[1];VBS.Psyme.377;;
7311481[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT;Archive contains infected objects;Moved.;
CA5WKN5D.php\javascript.6;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT\CA5WKN5D.php;VBS.Psyme.377;;
CA5WKN5D.php;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT;Archive contains infected objects;Moved.;
freeppc[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT\freeppc[1].htm;VBS.Psyme.377;;
freeppc[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT;Archive contains infected objects;Moved.;
p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT\p[1].htm;VBS.Psyme.377;;
p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT;Archive contains infected objects;Moved.;
1270243[1]\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\1270243[1];VBS.Psyme.377;;
1270243[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
3385168[1]\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\3385168[1];VBS.Psyme.377;;
3385168[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
erotic.masterstats[1].htm\javascript.4;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\erotic.masterstats[1].htm;VBS.Psyme.377;;
erotic.masterstats[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
freeppc[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\freeppc[1].htm;VBS.Psyme.377;;
freeppc[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
index[1].htm\javascript.4;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\index[1].htm;VBS.Psyme.377;;
index[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
index[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\index[2].htm;VBS.Psyme.377;;
index[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\p[1].htm;VBS.Psyme.377;;
p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
p[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\p[2].htm;VBS.Psyme.377;;
p[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
p[3].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\p[3].htm;VBS.Psyme.377;;
p[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\searchbbr545[1].htm;VBS.Psyme.377;;
searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\searchbbr545[2].htm;VBS.Psyme.377;;
searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\searchbbr545[3].htm;VBS.Psyme.377;;
searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
searchbbr545[4].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\searchbbr545[4].htm;VBS.Psyme.377;;
searchbbr545[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;
searchbbr545[5].htm\j

Edited by Salvation138, 11 June 2007 - 09:59 PM.


#7 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 11 June 2007 - 10:03 PM

OK, and in addition to the problems I'm having, the CureIt log won't even post correctly. It's not posting the whole thing.

Here's a HiJack This log.

Logfile of HijackThis v1.99.1
Scan saved at 22:53, on 2007-06-11
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\system32\j4271839.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\wuauclt.exe
E:\WINNT\TPPALDR.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll (file missing)
O2 - BHO: (no name) - {4789D0A2-78F3-4F40-A27B-322659AA0B37} - E:\Program Files\Windows NT\hokeno.dll
O2 - BHO: PsapiAnalyzer Object - {489263D0-1E71-4B29-B4D1-46DAA5856DF7} - e:\winnt\driver cache\dnsurl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6795FCB2-DA46-4559-B706-DAFAA4D5778D} - E:\WINNT\system32\ljhif.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - E:\WINNT\System32\fccyyaa.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LaCie USB2 Auto Loader] E:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPP Auto Loader] E:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "E:\WINNT\system32\xlhuvgfn.dll",realset
O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/c...::/xpreload.ocx
O20 - Winlogon Notify: dnsurl - e:\winnt\driver cache\dnsurl.dll
O20 - Winlogon Notify: fccyyaa - E:\WINNT\SYSTEM32\fccyyaa.dll
O20 - Winlogon Notify: ljhif - E:\WINNT\system32\ljhif.dll
O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

And a ComboFix log.

"E:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
"E:\WINNT\q.exe"
"E:\Program Files\Microsoft Office\profsyvyra.html"
"E:\WINNT\system32\5FIh0P88.exe"
"E:\WINNT\system32\px5AIBSI.exe"
"E:\WINNT\system32\packet.dll"
"E:\WINNT\system32\wpcap.dll"
"E:\WINNT\tasks\At1.job"
"E:\WINNT\tasks\At10.job"
"E:\WINNT\tasks\At11.job"
"E:\WINNT\tasks\At12.job"
"E:\WINNT\tasks\At13.job"
"E:\WINNT\tasks\At14.job"
"E:\WINNT\tasks\At15.job"
"E:\WINNT\tasks\At16.job"
"E:\WINNT\tasks\At17.job"
"E:\WINNT\tasks\At18.job"
"E:\WINNT\tasks\At19.job"
"E:\WINNT\tasks\At2.job"
"E:\WINNT\tasks\At20.job"
"E:\WINNT\tasks\At21.job"
"E:\WINNT\tasks\At22.job"
"E:\WINNT\tasks\At23.job"
"E:\WINNT\tasks\At24.job"
"E:\WINNT\tasks\At25.job"
"E:\WINNT\tasks\At26.job"
"E:\WINNT\tasks\At27.job"
"E:\WINNT\tasks\At28.job"
"E:\WINNT\tasks\At29.job"
"E:\WINNT\tasks\At3.job"
"E:\WINNT\tasks\At30.job"
"E:\WINNT\tasks\At31.job"
"E:\WINNT\tasks\At33.job"
"E:\WINNT\tasks\At34.job"
"E:\WINNT\tasks\At35.job"
"E:\WINNT\tasks\At36.job"
"E:\WINNT\tasks\At37.job"
"E:\WINNT\tasks\At38.job"
"E:\WINNT\tasks\At39.job"
"E:\WINNT\tasks\At4.job"
"E:\WINNT\tasks\At40.job"
"E:\WINNT\tasks\At41.job"
"E:\WINNT\tasks\At42.job"
"E:\WINNT\tasks\At43.job"
"E:\WINNT\tasks\At44.job"
"E:\WINNT\tasks\At45.job"
"E:\WINNT\tasks\At46.job"
"E:\WINNT\tasks\At47.job"
"E:\WINNT\tasks\At48.job"
"E:\WINNT\tasks\At5.job"
"E:\WINNT\tasks\At6.job"
"E:\WINNT\tasks\At7.job"
"E:\WINNT\tasks\At8.job"
"E:\WINNT\tasks\At9.job"
"E:\DOCUME~1\RICHCH~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\f
lashplayer\sys\#www.broadcaster.com\settings.sol"
"E:\WINNT\system32\IExplorer.dll
.dbt"
"E:\WINNT\system32\Explorer.exe"
"E:\WINNT\system32\drivers\core.cache.dsk"
"E:\WINNT\opera6.ini"
"E:\WINNT\rau001978.exe"
"E:\WINNT\dls0523pmw.exe"
"E:\WINNT\b136.exe"
"E:\WINNT\wr.txt"
"E:\WINNT\Driver Cache\ntp2.ini"
E:\WINNT\system32\xlhuvgfn.dll
E:\WINNT\system32\cbxxuvt.dll
E:\WINNT\system32\khfcabx.dll
E:\WINNT\system32\fihjl.bak1
E:\WINNT\system32\fihjl.bak2
E:\WINNT\system32\fihjl.ini
E:\WINNT\system32\nfgvuhlx.ini
E:\WINNT\system32\fihjl.bak1
E:\WINNT\system32\fihjl.bak2
E:\WINNT\system32\fihjl.ini
"E:\WINNT\system32\T4"
"E:\WINNT\system32\T3"
"E:\WINNT\system32\pog"
"E:\DOCUME~1\RICHCH~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\WDS4Q5DE\
www.broadcaster.com"
"E:\DOCUME~1\RICHCH~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\f
lashplayer\sys\#www.broadcaster.com"

#8 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 12 June 2007 - 03:13 AM

Hi again,

the CureIt log won't even post correctly

Not your fault, the board software only allows posts of a certain length.

Ok, it's looking a lot better, next steps:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of E:\vundofix.txt and a new HiJackThis log.
jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#9 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 13 June 2007 - 01:47 PM

VundoFix log...

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 23:24:38 2007-06-12

Listing files found while scanning....

e:\winnt\driver cache\dnsurl.dll
E:\WINNT\system32\fihjl.ini
E:\WINNT\system32\ljhif.dll

Beginning removal...

Attempting to delete e:\winnt\driver cache\dnsurl.dll
e:\winnt\driver cache\dnsurl.dll Has been deleted!

Attempting to delete E:\WINNT\system32\fihjl.ini
E:\WINNT\system32\fihjl.ini Has been deleted!

Attempting to delete E:\WINNT\system32\ljhif.dll
E:\WINNT\system32\ljhif.dll Has been deleted!

Performing Repairs to the registry.
Done!

And HiJack This log..

Logfile of HijackThis v1.99.1
Scan saved at 14:47, on 2007-06-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\system32\j4271839.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\Explorer.EXE
E:\WINNT\TPPALDR.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\WINNT\system32\wuauclt.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
E:\Program Files\AIM\aim.exe
E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll (file missing)
O2 - BHO: (no name) - {4789D0A2-78F3-4F40-A27B-322659AA0B37} - E:\Program Files\Windows NT\hokeno.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - E:\WINNT\System32\fccyyaa.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {CA67A621-BF53-4D18-A321-059D6CE7CA48} - E:\WINNT\system32\ljhif.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LaCie USB2 Auto Loader] E:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPP Auto Loader] E:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "E:\WINNT\system32\xlhuvgfn.dll",realset
O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/c...::/xpreload.ocx
O20 - Winlogon Notify: fccyyaa - E:\WINNT\SYSTEM32\fccyyaa.dll
O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#10 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 13 June 2007 - 03:24 PM

Hi again,

Please run Notepad and paste the following text in the Code box into a new file:

attrib -r -h -s E:\WINNT\system32\xlhuvgfn.dll
del E:\WINNT\system32\xlhuvgfn.dll
attrib -r -h -s E:\WINNT\SYSTEM32\fccyyaa.dll
del E:\WINNT\SYSTEM32\fccyyaa.dll
attrib -r -h -s E:\WINNT\system32\j4271839.exe
del E:\WINNT\system32\j4271839.exe
sc stop dns cache reader
sc delete dns cache reader


Save the file to the desktop as remove.bat and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on remove.bat.

Next:

Please do the following:
Run a BitDefender Online scan Here and post the results.

Please also post a hew HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#11 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 22 June 2007 - 05:10 PM

Hello, sorry I haven't responded in a while. I've been incredibly busy lately. I did the remove.bat thing, but the online scan doesn't seem to work with my Firefox browser. I would try it with IE, but now it isn't working. Every time I try to access My Documents or any other folder that uses the IE browser, my screen goes blank. This has happened before...I don't know how to fix it. Also, every time I open Firefox, it says it's connected to a proxy server..I have to change the connection settings every time I open it. Here's a HiJack this log for you.

I apologize for all of this..my computer is in very poor shape right now.

Logfile of HijackThis v1.99.1
Scan saved at 6:10:44 PM, on 06/22/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\system32\j4271839.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\TPPALDR.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\WINNT\system32\wuauclt.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
E:\Program Files\iTunes\iTunes.exe
E:\Program Files\AIM\aim.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINNT\explorer.exe
E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll (file missing)
O2 - BHO: (no name) - {44E94565-639F-4A0E-B431-80535AF8205A} - E:\WINNT\system32\vtssr.dll
O2 - BHO: (no name) - {4789D0A2-78F3-4F40-A27B-322659AA0B37} - E:\Program Files\Windows NT\hokeno.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - E:\WINNT\system32\eoieyhiw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - E:\WINNT\System32\fccyyaa.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {95F44196-1612-47E4-8A5E-103CD1DAC730} - E:\WINNT\system32\svlqqyqn.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {CA67A621-BF53-4D18-A321-059D6CE7CA48} - E:\WINNT\system32\ljhif.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LaCie USB2 Auto Loader] E:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPP Auto Loader] E:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "E:\WINNT\system32\iuqtvpmn.dll",realset
O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/c...::/xpreload.ocx
O20 - Winlogon Notify: fccyyaa - E:\WINNT\SYSTEM32\fccyyaa.dll
O20 - Winlogon Notify: vtssr - E:\WINNT\system32\vtssr.dll
O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#12 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 23 June 2007 - 01:45 PM

Hi again,

Ok, I really need you to run ComboFix. If this happens

all my desktop icons and start bar disappeared. I had to restart just to get it back to normal

do not do anything, just wait, you should not carry out any action on your PC after you start ComboFix, wait until it produces its report. Here's the download in case you deleted the tool:

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#13 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 24 June 2007 - 02:42 PM

I ran ComboFix and here's what I got.

ComboFix 07-06-11.3 - E:\Documents and Settings\Rich Chalfin\Desktop\ComboFix.exe
"Rich Chalfin" - 06/23/2007 23:53:48 - Service Pack 4 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


E:\WINNT\system32\cullbakr.dll
E:\WINNT\system32\ddoylpjj.dll
E:\WINNT\system32\iuqtvpmn.dll
E:\WINNT\system32\jtwemlqk.dll
E:\WINNT\system32\svlqqyqn.dll
E:\WINNT\system32\rkablluc.ini
E:\WINNT\system32\jjplyodd.ini
E:\WINNT\system32\nmpvtqui.ini
E:\WINNT\system32\rsstv.bak1
E:\WINNT\system32\rsstv.bak2
E:\WINNT\system32\rsstv.ini
E:\WINNT\system32\rsstv.tmp
E:\WINNT\system32\rsstv.bak1
E:\WINNT\system32\rsstv.bak2
E:\WINNT\system32\rsstv.ini
E:\WINNT\system32\vtssr.dll
E:\WINNT\system32\fccyyaa.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


E:\WINNT\Driver Cache\ntp2.ini


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\cmdService
-------\core


((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))


2007-06-23 23:03 4,628 --a------ E:\WINNT\system32\jrshcagl.exe
2007-06-23 23:00 122,900 --a------ E:\WINNT\system32\frpsuycc.exe
2007-06-22 15:46 122,900 --a------ E:\WINNT\system32\aiboljtw.exe
2007-06-22 15:43 4,628 --a------ E:\WINNT\system32\notcxgch.exe
2007-06-22 14:40 122,900 --a------ E:\WINNT\system32\ticfonbw.exe
2007-06-21 10:49 122,900 --a------ E:\WINNT\system32\botjeosd.exe
2007-06-19 17:49 122,900 --a------ E:\WINNT\system32\cltwuwyl.exe
2007-06-13 17:44 62,516 --a------ E:\WINNT\system32\eoieyhiw.dll
2007-06-13 17:38 <DIR> d-------- E:\WINNT\BDOSCAN8
2007-06-12 23:24 <DIR> d-------- E:\VundoFix Backups
2007-06-11 22:07 49,152 --a------ E:\WINNT\nircmd.exe
2007-06-11 17:53 <DIR> d-------- E:\DOCUME~1\RICHCH~1\DoctorWeb
2007-06-09 12:25 105,434 --a------ E:\WINNT\qwr67.exe
2007-06-08 13:52 <DIR> d-------- E:\Program Files\Eusing Free Registry Cleaner
2007-06-08 13:18 8,192 --a------ E:\WINNT\system32\j4271839.exe
2007-06-06 17:22 53,248 --a------ E:\WINNT\uni_eh42.exe
2007-05-25 23:41 <DIR> d-------- E:\Program Files\Lavasoft
2007-05-25 23:40 <DIR> d-------- E:\Program Files\Common Files\Wise Installation Wizard


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 22:40:51 1,636 ----a-w E:\WINNT\system32\d3d9caps.dat
2007-06-10 23:08:52 -------- d-----w E:\Program Files\Windows NT
2007-05-26 03:42:02 -------- d-----w E:\DOCUME~1\RICHCH~1\APPLIC~1\Lavasoft
2007-05-20 20:00:44 -------- d-----w E:\Program Files\Common Files\kiuw
2007-05-16 00:49:34 8,607 ----a-w E:\WINNT\mozver.dat
2007-04-01 16:11:55 69,036 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\EHMatrixFilters.dll
2007-04-01 16:11:54 44,032 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSCFPlugin5228.dll
2007-04-01 16:11:54 37,376 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSCarbonEventsPlugin5242.dll
2007-04-01 16:11:54 35,840 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\EHEffects.dll
2007-04-01 16:11:54 33,792 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSIconPlugin5036.dll
2007-04-01 16:11:54 28,672 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSMacOSXPlugin5242.dll
2007-04-01 16:11:54 27,136 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSUsernamePlugin4435.dll
2007-04-01 16:11:54 103,424 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSPicturePlugin5148.dll
2007-04-01 16:11:53 99,328 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSJPEGCompressionPlugin5041.dll
2007-04-01 16:11:53 64,512 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSZipPlugin4713.dll
2007-04-01 16:11:53 444,928 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSTiffPlugin4713.dll
2007-04-01 16:11:53 32,768 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSProcessPlugin4911.dll
2007-04-01 16:11:53 30,208 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSBase64Plugin4708.dll
2007-04-01 16:11:53 27,648 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSWindowPlugin4708.dll
2007-04-01 16:11:53 27,648 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSRegistrationPlugin4987.dll
2007-04-01 16:11:53 146,944 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSPNGPlugin4713.dll
2007-04-01 16:11:53 120,832 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSJPEGDecompressionPlugin5041.dll
2007-04-01 16:11:52 88,576 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\rbap550.dll
2007-04-01 16:11:52 478,720 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\RBDB550.dll
2007-04-01 16:11:52 40,960 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\RBShell550.dll
2007-04-01 16:11:52 32,256 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\RBJagToolbarItem550.dll
2007-04-01 16:11:52 29,184 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\RBInternetEncodings550.dll
2007-04-01 16:11:52 25,600 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\EHTypes.dll
2007-04-01 16:11:40 74,240 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\rbqt550.DLL
2005-07-29 20:24:26 472 --sha-r E:\WINNT\UmljaCBDaGFsZmlu\oA53uF1Gu3IPtA5R.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [03-11-03 14:17 ]
{0A6A113E-50BF-418F-D5A5-8902307985F6}=E:\Program Files\Microsoft Office\lavuhaxo.dll []
{4789D0A2-78F3-4F40-A27B-322659AA0B37}=E:\Program Files\Windows NT\hokeno.dll [07-04-06 15:27 ]
{53707962-6F74-2D53-2644-206D7942484F}=E:\PROGRA~1\SPYBOT~1\SDHelper.dll [05-05-31 01:04 ]
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=E:\WINNT\system32\eoieyhiw.dll [07-06-13 17:44 ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [06-10-12 04:25 ]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll [04-08-13 17:42 ]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll [04-08-13 17:42 ]
{CA67A621-BF53-4D18-A321-059D6CE7CA48}=E:\WINNT\system32\ljhif.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 15:05 E:\WINNT\system32\mobsync.exe]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04-06-03 16:33 ]
"msnappau"="E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" [04-08-13 17:41 ]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [06-06-14 16:24 ]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [06-10-12 04:10 ]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [06-07-27 23:10 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="E:\Program Files\Real\RealPlayer\realplay.exe" [06-06-11 19:24 ]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= E:\Program Files\Microsoft Office\profsyvyra.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= E:\Documents and Settings\Rich Chalfin\My Documents\My Pictures\dad.bmp
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00896F4]
E:\WINNT\system32\__c00896F4.dat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
WmdmPmSN


Contents of the 'Scheduled Tasks' folder
2007-06-08 17:51:20 E:\WINNT\tasks\At32.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-24 15:30:42
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-24 15:32:11
E:\ComboFix-quarantined-files.txt ... 07-06-24 15:31

--- E O F ---

#14 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 25 June 2007 - 04:41 AM

Hi again,

Good, that's looking a lot better. :thumbsup: Please now post a fresh HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#15 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 25 June 2007 - 09:24 PM

That's definitely a good thing to hear. Here it is.

Logfile of HijackThis v1.99.1
Scan saved at 10:24:55 PM, on 6/25/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\system32\j4271839.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\WINNT\system32\wuauclt.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\iTunes\iTunes.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\AIM\aim.exe
E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll (file missing)
O2 - BHO: (no name) - {4789D0A2-78F3-4F40-A27B-322659AA0B37} - E:\Program Files\Windows NT\hokeno.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - E:\WINNT\system32\eoieyhiw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {CA67A621-BF53-4D18-A321-059D6CE7CA48} - E:\WINNT\system32\ljhif.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/c...::/xpreload.ocx
O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#16 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 26 June 2007 - 12:15 PM

Hi again,

Scan with HiJackThis and put a check in the box next to the following items;

O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll (file missing)
O2 - BHO: (no name) - {4789D0A2-78F3-4F40-A27B-322659AA0B37} - E:\Program Files\Windows NT\hokeno.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - E:\WINNT\system32\eoieyhiw.dll
O2 - BHO: (no name) - {CA67A621-BF53-4D18-A321-059D6CE7CA48} - E:\WINNT\system32\ljhif.dll (file missing)
O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/c...::/xpreload.ocx
O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat (file missing)
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe



Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.


* Download Killbox.
Click killbox.exe.
Select the option "Delete on reboot".
Click the button: All Files (!important!)
Now it should flash green.

Now copy the next bold part:

E:\WINNT\system32\j4271839.exe
E:\WINNT\qwr67.exe
E:\WINNT\uni_eh42.exe


Open 'file' in the killboxmenu on top and choose Paste from clipboard

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.


Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#17 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 29 June 2007 - 09:25 PM

Alright, I did everything you asked. Here's the log.

Logfile of HijackThis v1.99.1
Scan saved at 10:24:16 PM, on 6/29/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\WINNT\system32\wuauclt.exe
E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe
E:\Program Files\iPod\bin\iPodService.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#18 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 30 June 2007 - 03:48 AM

Hi again,

Ok, we're nearly there. One service to remove.

Go to Start > Run and type in Services.msc then click OK

Click the Extended tab.

Scroll down until you find dns cache reader

Click once on the service to highlight it.

Click Stop

Right-Click on the service.

Click on 'Properties'

Select the 'General' tab

Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

From the drop-down menu, click on 'Disabled'

Click the 'Apply' tab, then click 'OK'

Next:

Please run HijackThis and click Config -> Misc Tools -> Delete an NT service. In the Delete window, type DNSCacheReader and press OK. OK any prompts, close HijackThis, and restart your computer.

Then please post another HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#19 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 01 July 2007 - 07:57 PM

OK, did all that. Quick question though, I was wondering if this spyware is what is affecting my internet connection problem. When I start Firefox I get a message saying I'm connected to a proxy server that is not allowing connections. I have to manually switch my network settings from the proxy setting (localhost:8182) to the direct internet connection. It's just an annoying problem, I was hoping all of this would eventually fix that. Anyway, here's the log.

Logfile of HijackThis v1.99.1
Scan saved at 8:54:31 PM, on 7/1/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\WINNT\system32\wuauclt.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#20 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 02 July 2007 - 12:25 PM

Hi again,

Try this:

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Let me know if it helps.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#21 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 03 July 2007 - 08:02 PM

That 'Obtain DNS servers automatically' radio button was already selected. Thanks for giving it a shot, though.

#22 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 04 July 2007 - 01:36 PM

Hi again,

Did you set up the proxy yourself? Is it something you particularly want to keep?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#23 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 04 July 2007 - 05:53 PM

No, I didn't set it up myself. I don't believe it needs to be kept, either. I thought it might have been part of the spyware or whatever else was on my computer.

#24 shadowwar

shadowwar

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 1,361 posts

Posted 04 July 2007 - 06:54 PM

Till jedi comes back go ahead and check and fix this line:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182

After that post a new hijackthis log and let us know if you have to reset the connection again.



#25 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 04 July 2007 - 09:57 PM

Fixed that line, but still had to fix the connection settings when I started Firefox.

Logfile of HijackThis v1.99.1
Scan saved at 10:57:15 PM, on 7/4/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\WINNT\system32\wuauclt.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
E:\Program Files\iTunes\iTunes.exe
E:\Program Files\AIM\aim.exe
E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#26 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 06 July 2007 - 05:47 AM

Hi again,

Navigate to this folder:

C:\Documents And Settings\Owner\Application Data\Mozilla\Firefox\(identity)\

Search for a file named user.js . If it is present, delete it, then reset connection settings.

Let me know what happens.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#27 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 06 July 2007 - 09:21 PM

Can't find that folder on my computer, on the C and E drive. I did a search for the file user.js and nothing came up. I'm sorry about all of this..I really appreciate your help.

#28 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 07 July 2007 - 10:05 AM

Hi,

Sorry, those folders are hidden:

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Now try again. That file may not exist, so don't worry if you can't find it.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#29 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 10 July 2007 - 07:54 PM

It worked, thanks so much. How's everything else on my computer looking?

Logfile of HijackThis v1.99.1
Scan saved at 8:55:36 PM, on 7/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\WINNT\system32\wuauclt.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
E:\Program Files\iTunes\iTunes.exe
E:\Program Files\AIM\aim.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#30 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 11 July 2007 - 03:24 PM

Hi again,

Glad to hear that worked. :thumbsup:

Your PC looks all clean to me, how is it running now?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#31 Salvation138

Salvation138

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 12 July 2007 - 08:00 PM

It's running fine right now. Thanks for all your help, it's definitely appreciated! It's good seeing my computer back to normal.

#32 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 13 July 2007 - 04:33 AM

You're welcome. :D

In order to be better protected in the future, I recommend the following programs:

SpywareBlaster protects against bad ActiveX.
http://www.javacools...areblaster.html

SpywareGuard stops Spyware from being installed.
http://www.javacools...ywareguard.html

Also install the MVPS hosts file:
http://www.mvps.org/...p2002/hosts.htm
which blocks innocent looking sites that are not so innocent.

All three are very small free programs that you run once, and then just occasionally to check for updates.

Also see
How did I get Infected?

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking
here http://v4.windowsupdate.microsoft.com/
and following the prompts.

Take care.

jedi :wave:
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#33 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 03 August 2007 - 04:29 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button