• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Salvation138

Need to save my computer...

33 posts in this topic

From this spyware/adware garbage that seems to have taken over my computer. I seem to be having the same problems as many other people. Out of nowhere my computer is slower than normal, and I'm getting IE popups for sites like maniatv.com. I use Firefox as my main browser.

 

Here's my HijackThis log. I really hope someone can help. I'm not the most computer savvy person, but I'll take whatever help I can get.

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:29:54 PM, on 5/25/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

Boot mode: Normal

 

Running processes:

E:\WINNT\System32\smss.exe

E:\WINNT\System32\winlogon.exe

E:\WINNT\system32\services.exe

E:\WINNT\system32\lsass.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\system32\spoolsv.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\system32\regsvc.exe

E:\WINNT\system32\MSTask.exe

E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

E:\WINNT\bsgbzso.exe

E:\WINNT\System32\WBEM\WinMgmt.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\Explorer.EXE

E:\WINNT\TPPALDR.EXE

E:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

E:\WINNT\bsgbzsoA.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\WinZip\WZQKPICK.EXE

E:\WINNT\system32\wuauclt.exe

E:\Program Files\AIM\aim.exe

E:\Program Files\iTunes\iTunes.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

E:\Documents and Settings\Rich Chalfin\Desktop\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://magicsearch.us/browser/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://magicsearch.us/browser/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll

O2 - BHO: (no name) - {13CBDC75-23B7-4676-BD48-34A43BAA1C69} - (no file)

O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - E:\WINNT\system32\cbxxywu.dll

O2 - BHO: PsapiAnalyzer Object - {489263D0-1E71-4B29-B4D1-46DAA5856DF7} - e:\winnt\driver cache\dnsurl.dll

O2 - BHO: (no name) - {49AA6527-CF40-50E7-D577-64550CF32B41} - (no file)

O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - E:\WINNT\system32\efpcnyxq.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: (no name) - {95F44196-1612-47E4-8A5E-103CD1DAC730} - E:\WINNT\system32\taeqwphx.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O2 - BHO: (no name) - {C5D02014-0D16-4354-BB0C-9186E1236BA3} - E:\WINNT\system32\vtuts.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Optimum Online] E:\Program Files\Optimum Online\Netsurf.exe -tray

O4 - HKLM\..\Run: [LaCie USB2 Auto Loader] E:\WINNT\TPPALDR.EXE

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [TPP Auto Loader] E:\WINNT\tppaldr.exe

O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [Windows Media Utility] wmediautil.exe

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [runner1] E:\WINNT\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638EE323A15806F9DA6EF604776CA6C1637F811E3C28222142CCE7003

O4 - HKLM\..\Run: [ntdll.dll] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bsgbzsoA] E:\WINNT\bsgbzsoA.exe

O4 - HKLM\..\Run: [setup] rundll32.exe "E:\WINNT\system32\cexvpjll.dll",realset

O4 - HKLM\..\RunServices: [Windows Media Utility] wmediautil.exe

O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU\..\Run: [A00F91F13.exe] E:\DOCUME~1\RICHCH~1\LOCALS~1\Temp\_A00F91F13.exe

O4 - HKCU\..\Run: [A00F930CC.exe] E:\DOCUME~1\RICHCH~1\LOCALS~1\Temp\_A00F930CC.exe

O4 - HKCU\..\Run: [A00F94067.exe] E:\DOCUME~1\RICHCH~1\LOCALS~1\Temp\_A00F94067.exe

O4 - .DEFAULT Startup: PowerReg Scheduler.exe (User 'Default user')

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - E:\WINNT\system32\shdocvw.dll (HKCU)

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O20 - Winlogon Notify: cbxxywu - E:\WINNT\SYSTEM32\cbxxywu.dll

O20 - Winlogon Notify: CLSID - E:\WINNT\

O20 - Winlogon Notify: dnsurl - e:\winnt\driver cache\dnsurl.dll

O20 - Winlogon Notify: vtuts - E:\WINNT\system32\vtuts.dll

O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat

O20 - Winlogon Notify: __c009AA40 - E:\WINNT\system32\__c009AA40.dat

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINNT\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINNT\system32\browseui.dll

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Net Agent - Unknown owner - E:\WINNT\dls0523pmw.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Windows Overlay Components - Unknown owner - E:\WINNT\bsgbzso.exe

O24 - Desktop Component 0: (no name) - E:\Documents and Settings\Rich Chalfin\My Documents\My Pictures\dad.bmp

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Please also post a fresh HiJackThis log.

 

jedi

Share this post


Link to post
Share on other sites

Hello...sorry about the wait. I had been away, and just saw today that you responded to my post. My HiJack This log has changed since the last one, since I tried to fix some problems I knew of. I need ot know if I should follow the directions in your last post, or start over with different instructions.

 

Logfile of HijackThis v1.99.1

Scan saved at 7:50:02 PM, on 6/10/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

E:\WINNT\System32\smss.exe

E:\WINNT\System32\winlogon.exe

E:\WINNT\system32\services.exe

E:\WINNT\system32\lsass.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\system32\spoolsv.exe

E:\WINNT\system32\j4271839.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\system32\regsvc.exe

E:\WINNT\system32\MSTask.exe

E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

E:\WINNT\System32\WBEM\WinMgmt.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\system32\wuauclt.exe

E:\WINNT\TPPALDR.EXE

E:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

E:\WINNT\sosi42.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\WINNT\svchost.exe

E:\Program Files\WinZip\WZQKPICK.EXE

E:\Program Files\Mozilla Firefox\firefox.exe

E:\WINNT\explorer.exe

E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll

O2 - BHO: (no name) - {4789D0A2-78F3-4F40-A27B-322659AA0B37} - E:\Program Files\Windows NT\hokeno.dll

O2 - BHO: PsapiAnalyzer Object - {489263D0-1E71-4B29-B4D1-46DAA5856DF7} - e:\winnt\driver cache\dnsurl.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {826C4E55-7C35-4905-A4F1-30266D9BF5B7} - E:\WINNT\system32\ljhif.dll

O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - E:\WINNT\system32\fccyyaa.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: (no name) - {95F44196-1612-47E4-8A5E-103CD1DAC730} - E:\WINNT\system32\dklsmhsw.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - E:\WINNT\system32\mokyfcwi.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [LaCie USB2 Auto Loader] E:\WINNT\TPPALDR.EXE

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [TPP Auto Loader] E:\WINNT\tppaldr.exe

O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sosi42] E:\WINNT\sosi42

O4 - HKLM\..\Run: [{ZN}] E:\Documents and Settings\Rich Chalfin\Local Settings\Temp\TICHD003.exe CHD003

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "E:\WINNT\system32\iagvilwp.dll",realset

O4 - HKLM\..\Run: [iESet] IExplorer.dll .dbt

O4 - HKLM\..\RunServices: [iESet] IExplorer.dll .dbt

O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU\..\Run: [xrunwin] E:\WINNT\svchost.exe

O4 - HKCU\..\Run: [iESet] IExplorer.dll .dbt

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: TA_Start.lnk = E:\Documents and Settings\Rich Chalfin\Local Settings\Temp\TICHD003.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -

O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx

O20 - Winlogon Notify: dnsurl - e:\winnt\driver cache\dnsurl.dll

O20 - Winlogon Notify: fccyyaa - E:\WINNT\SYSTEM32\fccyyaa.dll

O20 - Winlogon Notify: ljhif - E:\WINNT\system32\ljhif.dll

O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe

O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Share this post


Link to post
Share on other sites

Hi again,

 

Yes, run DrWeb as above, but after you have done that please do this:

 

1. Download this file - ComboFix

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

Then post the CureIt report and the ComboFix report.

 

jedi

Share this post


Link to post
Share on other sites

I did everything you asked, and when once ComboFix finished searching, all my desktop icons and start bar disappeared. I had to restart just to get it back to normal. Also, my CureIt log is huge...but this is what I came up with.

 

tichd003.exe;e:\documents and settings\rich chalfin\local settings\temp;Adware.ZenoSearch;Incurable.Moved.;

lavuhaxo.dll;e:\program files\microsoft office;Trojan.StartPage.19992;Deleted.;

dnsurl.dll;e:\winnt\driver cache;Trojan.Virtumod;Will be cured after reboot.;

sosi42.exe;e:\winnt;Modification of BackDoor.Generic.987;Moved.;

svchost.exe;e:\winnt;Trojan.Proxy.1821;Deleted.;

__c00896f4.dat;e:\winnt\system32;Trojan.DownLoader.22964;Will be cured after reboot.;

dklsmhsw.dll;e:\winnt\system32;Adware.Crew;Incurable.Moved.;

core.sys;e:\winnt\system32\drivers;Trojan.NtRootKit.239;Deleted.;

ljhif.dll;e:\winnt\system32;Trojan.Virtumod;Will be cured after reboot.;

mokyfcwi.dll;e:\winnt\system32;Trojan.Virtumod;Deleted.;

U.exe;C:\;Trojan.DownLoader.21580;Deleted.;

v29.exe;E:\Documents and Settings\All Users\Application Data\Pribi;Trojan.MulDrop.3206;Deleted.;

backup-20070531-223400-198.dll;E:\Documents and Settings\Rich Chalfin\Desktop\backups;Adware.Crew;Incurable.Moved.;

backup-20070531-223400-484.dll;E:\Documents and Settings\Rich Chalfin\Desktop\backups;Trojan.Virtumod;Deleted.;

backup-20070531-223400-730.dll;E:\Documents and Settings\Rich Chalfin\Desktop\backups;Trojan.Virtumod;Deleted.;

backup-20070531-224627-490.dll;E:\Documents and Settings\Rich Chalfin\Desktop\backups;Trojan.Virtumod;Deleted.;

129A4DFFd01\javascript.14;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\129A4DFFd01;VBS.Psyme.377;;

129A4DFFd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

362F1C59d01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\362F1C59d01;VBS.Psyme.377;;

362F1C59d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

5FCB37FFd01\javascript.8;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\5FCB37FFd01;VBS.Psyme.377;;

5FCB37FFd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

7C330256d01\javascript.7;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\7C330256d01;VBS.Psyme.377;;

7C330256d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

866CCF4Dd01\javascript.15;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\866CCF4Dd01;VBS.Psyme.377;;

866CCF4Dd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

B0BE8668d01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\B0BE8668d01;VBS.Psyme.377;;

B0BE8668d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

B48F178Fd01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\B48F178Fd01;VBS.Psyme.377;;

B48F178Fd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

B7FE855Cd01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\B7FE855Cd01;VBS.Psyme.377;;

B7FE855Cd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

B9FA6A67d01\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\B9FA6A67d01;VBS.Psyme.377;;

B9FA6A67d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

BA171E72d01\javascript.11;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\BA171E72d01;VBS.Psyme.377;;

BA171E72d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

BA4FBB8Fd01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\BA4FBB8Fd01;VBS.Psyme.377;;

BA4FBB8Fd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

CC25B0C4d01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\CC25B0C4d01;VBS.Psyme.377;;

CC25B0C4d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

CF60B7D5d01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\CF60B7D5d01;VBS.Psyme.377;;

CF60B7D5d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

DB080BB6d01\javascript.15;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\DB080BB6d01;VBS.Psyme.377;;

DB080BB6d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

E113F635d01\javascript.15;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\E113F635d01;VBS.Psyme.377;;

E113F635d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

E837B7BCd01\javascript.12;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\E837B7BCd01;VBS.Psyme.377;;

E837B7BCd01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

EF536466d01\javascript.3;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\EF536466d01;VBS.Psyme.377;;

EF536466d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

FB3F5AE4d01\javascript.7;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\FB3F5AE4d01;VBS.Psyme.377;;

FB3F5AE4d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

FB4F5AE4d01\javascript.8;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache\FB4F5AE4d01;VBS.Psyme.377;;

FB4F5AE4d01;E:\Documents and Settings\Rich Chalfin\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.md0\Cache;Archive contains infected objects;Moved.;

TICHD003.exe;E:\Documents and Settings\Rich Chalfin\Local Settings\Temp;Adware.ZenoSearch;;

wr-1-2000219.exe;E:\Documents and Settings\Rich Chalfin\Local Settings\Temp;Trojan.DownLoader.22968;Deleted.;

click[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5FU3ZVCZ\click[1].htm;VBS.Psyme.377;;

click[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5FU3ZVCZ;Archive contains infected objects;Moved.;

1[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\1[1].htm;VBS.Psyme.377;;

1[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

3385202[1]\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\3385202[1];VBS.Psyme.377;;

3385202[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

click[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\click[1].htm;VBS.Psyme.377;;

click[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

enter.sexlist[1].htm\javascript.7;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\enter.sexlist[1].htm;VBS.Psyme.377;;

enter.sexlist[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

freeppc[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\freeppc[1].htm;VBS.Psyme.377;;

freeppc[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

index[1].htm\javascript.6;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\index[1].htm;VBS.Psyme.377;;

index[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

isearch[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\isearch[1].htm;VBS.Psyme.377;;

isearch[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

isearch[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\isearch[2].htm;VBS.Psyme.377;;

isearch[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[1].htm;VBS.Psyme.377;;

searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[2].htm;VBS.Psyme.377;;

searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[3].htm;VBS.Psyme.377;;

searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

searchbbr545[4].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[4].htm;VBS.Psyme.377;;

searchbbr545[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

searchbbr545[5].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[5].htm;VBS.Psyme.377;;

searchbbr545[5].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

searchbbr545[6].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[6].htm;VBS.Psyme.377;;

searchbbr545[6].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

searchbbr545[7].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\searchbbr545[7].htm;VBS.Psyme.377;;

searchbbr545[7].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

start.xxxcounter[1].htm\javascript.7;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E\start.xxxcounter[1].htm;VBS.Psyme.377;;

start.xxxcounter[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\5Z37LX0E;Archive contains infected objects;Moved.;

p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CDEFK16B\p[1].htm;VBS.Psyme.377;;

p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CDEFK16B;Archive contains infected objects;Moved.;

saidthings[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CDEFK16B\saidthings[1].htm;VBS.Psyme.377;;

saidthings[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CDEFK16B;Archive contains infected objects;Moved.;

5kcertbops[1].aspx\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CJCVIN47\5kcertbops[1].aspx;VBS.Psyme.377;;

5kcertbops[1].aspx;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CJCVIN47;Archive contains infected objects;Moved.;

p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CJCVIN47\p[1].htm;VBS.Psyme.377;;

p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\CJCVIN47;Archive contains infected objects;Moved.;

3385308[1]\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\3385308[1];VBS.Psyme.377;;

3385308[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

62tt[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\62tt[1].htm;VBS.Psyme.377;;

62tt[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

AIM_UAC[1].adp\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\AIM_UAC[1].adp;VBS.Psyme.377;;

AIM_UAC[1].adp;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

a[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\a[1].htm;VBS.Psyme.377;;

a[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

a[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\a[2].htm;VBS.Psyme.377;;

a[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

a[3].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\a[3].htm;VBS.Psyme.377;;

a[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

index-1[1].htm\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\index-1[1].htm;VBS.Psyme.377;;

index-1[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

isearch[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\isearch[1].htm;VBS.Psyme.377;;

isearch[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

isearch[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\isearch[2].htm;VBS.Psyme.377;;

isearch[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

moomain[1].htm\javascript.3;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\moomain[1].htm;VBS.Psyme.377;;

moomain[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\p[1].htm;VBS.Psyme.377;;

p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\searchbbr545[1].htm;VBS.Psyme.377;;

searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\searchbbr545[2].htm;VBS.Psyme.377;;

searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

start.outster[1].htm\javascript.7;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S\start.outster[1].htm;VBS.Psyme.377;;

start.outster[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\E1HM3U1S;Archive contains infected objects;Moved.;

p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR\p[1].htm;VBS.Psyme.377;;

p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR;Archive contains infected objects;Moved.;

p[3].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR\p[3].htm;VBS.Psyme.377;;

p[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR;Archive contains infected objects;Moved.;

p[4].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR\p[4].htm;VBS.Psyme.377;;

p[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR;Archive contains infected objects;Moved.;

watch[1]\javascript.10;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR\watch[1];VBS.Psyme.377;;

watch[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\GTANG5QR;Archive contains infected objects;Moved.;

99981[1]\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\99981[1];VBS.Psyme.377;;

99981[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

NULL[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\NULL[1].htm;VBS.Psyme.377;;

NULL[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

NULL[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\NULL[2].htm;VBS.Psyme.377;;

NULL[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\p[1].htm;VBS.Psyme.377;;

p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

p[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\p[2].htm;VBS.Psyme.377;;

p[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

searchbbr545[10].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[10].htm;VBS.Psyme.377;;

searchbbr545[10].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[1].htm;VBS.Psyme.377;;

searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[2].htm;VBS.Psyme.377;;

searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[3].htm;VBS.Psyme.377;;

searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

searchbbr545[4].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[4].htm;VBS.Psyme.377;;

searchbbr545[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

searchbbr545[5].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[5].htm;VBS.Psyme.377;;

searchbbr545[5].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

searchbbr545[6].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[6].htm;VBS.Psyme.377;;

searchbbr545[6].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

searchbbr545[7].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[7].htm;VBS.Psyme.377;;

searchbbr545[7].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

searchbbr545[8].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[8].htm;VBS.Psyme.377;;

searchbbr545[8].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

searchbbr545[9].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P\searchbbr545[9].htm;VBS.Psyme.377;;

searchbbr545[9].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\H4C3LL8P;Archive contains infected objects;Moved.;

actdkpubid67[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\actdkpubid67[1].htm;VBS.Psyme.377;;

actdkpubid67[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

bxbex[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\bxbex[1].htm;VBS.Psyme.377;;

bxbex[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\bxbex[1].htm;VBS.Psyme.377;;

bxbex[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

click[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\click[1].htm;VBS.Psyme.377;;

click[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

ff2[1].htm\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\ff2[1].htm;VBS.Psyme.377;;

ff2[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\p[1].htm;VBS.Psyme.377;;

p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[1].htm;VBS.Psyme.377;;

searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[2].htm;VBS.Psyme.377;;

searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[3].htm;VBS.Psyme.377;;

searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

searchbbr545[4].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[4].htm;VBS.Psyme.377;;

searchbbr545[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

searchbbr545[5].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[5].htm;VBS.Psyme.377;;

searchbbr545[5].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

searchbbr545[6].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[6].htm;VBS.Psyme.377;;

searchbbr545[6].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

searchbbr545[7].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\searchbbr545[7].htm;VBS.Psyme.377;;

searchbbr545[7].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

zone[1]\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q\zone[1];VBS.Psyme.377;;

zone[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\HPPZEA3Q;Archive contains infected objects;Moved.;

1270243[1]\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\1270243[1];VBS.Psyme.377;;

1270243[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

2pol[1].htm\javascript.3;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\2pol[1].htm;VBS.Psyme.377;;

2pol[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

AIM_text[1].adp\javascript.3;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\AIM_text[1].adp;VBS.Psyme.377;;

AIM_text[1].adp;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

CA3AXOXT\javascript.5;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\CA3AXOXT;VBS.Psyme.377;;

CA3AXOXT;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

easyloanapptips[1]\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\easyloanapptips[1];VBS.Psyme.377;;

easyloanapptips[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

index[3].htm\javascript.4;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\index[3].htm;VBS.Psyme.377;;

index[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

OridOMSPrep[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\OridOMSPrep[1].htm;VBS.Psyme.377;;

OridOMSPrep[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\searchbbr545[1].htm;VBS.Psyme.377;;

searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\searchbbr545[2].htm;VBS.Psyme.377;;

searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\searchbbr545[3].htm;VBS.Psyme.377;;

searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

start.sextracker[1].htm\javascript.7;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\start.sextracker[1].htm;VBS.Psyme.377;;

start.sextracker[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

videoflashgame[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\videoflashgame[1].htm;VBS.Psyme.377;;

videoflashgame[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

zone[4]\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X\zone[4];VBS.Psyme.377;;

zone[4];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\KZPNQU7X;Archive contains infected objects;Moved.;

a[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\L3A7BL7S\a[1].htm;VBS.Psyme.377;;

a[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\L3A7BL7S;Archive contains infected objects;Moved.;

watch[1]\javascript.10;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\L3A7BL7S\watch[1];VBS.Psyme.377;;

watch[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\L3A7BL7S;Archive contains infected objects;Moved.;

eayx[1].htm\javascript.5;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\eayx[1].htm;VBS.Psyme.377;;

eayx[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

freeppc[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\freeppc[1].htm;VBS.Psyme.377;;

freeppc[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

freeppc[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\freeppc[2].htm;VBS.Psyme.377;;

freeppc[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

healthxnd[1].htm\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\healthxnd[1].htm;VBS.Psyme.377;;

healthxnd[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

isearch[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\isearch[1].htm;VBS.Psyme.377;;

isearch[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

searchbbr545[10].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[10].htm;VBS.Psyme.377;;

searchbbr545[10].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

searchbbr545[11].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[11].htm;VBS.Psyme.377;;

searchbbr545[11].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[1].htm;VBS.Psyme.377;;

searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[2].htm;VBS.Psyme.377;;

searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[3].htm;VBS.Psyme.377;;

searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

searchbbr545[4].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[4].htm;VBS.Psyme.377;;

searchbbr545[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

searchbbr545[5].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[5].htm;VBS.Psyme.377;;

searchbbr545[5].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

searchbbr545[6].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[6].htm;VBS.Psyme.377;;

searchbbr545[6].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

searchbbr545[7].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[7].htm;VBS.Psyme.377;;

searchbbr545[7].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

searchbbr545[8].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[8].htm;VBS.Psyme.377;;

searchbbr545[8].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

searchbbr545[9].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\searchbbr545[9].htm;VBS.Psyme.377;;

searchbbr545[9].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

zone[1]\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q\zone[1];VBS.Psyme.377;;

zone[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\NSGGLX3Q;Archive contains infected objects;Moved.;

cursive-dorothy-at-forty-guitar-tabs_W0QQfkrZ1QQfnuZ1QQsatitleZcursiveQ20Q22dorothyQ20atQ20fortyQ22Q20guitarQ20tabsQQxpufuZx[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ULM1Y9GV\cursive-dorothy-at-forty-gu;VBS.Psyme.377;;

cursive-dorothy-at-forty-guitar-tabs_W0QQfkrZ1QQfnuZ1QQsatitleZcursiveQ20Q22dorothyQ20atQ20fortyQ22Q20guitarQ20tabsQQxpufuZx[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ULM1Y9GV;Archive contains infected objects;Moved.;

mysmallclaim[1]\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ULM1Y9GV\mysmallclaim[1];VBS.Psyme.377;;

mysmallclaim[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ULM1Y9GV;Archive contains infected objects;Moved.;

p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ULM1Y9GV\p[1].htm;VBS.Psyme.377;;

p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ULM1Y9GV;Archive contains infected objects;Moved.;

a[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\a[1].htm;VBS.Psyme.377;;

a[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

businesslawdot[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\businesslawdot[1].htm;VBS.Psyme.377;;

businesslawdot[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

debbieruston[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\debbieruston[1].htm;VBS.Psyme.377;;

debbieruston[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

ff2[1].htm\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\ff2[1].htm;VBS.Psyme.377;;

ff2[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

freeppc[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\freeppc[1].htm;VBS.Psyme.377;;

freeppc[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

isearch[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\isearch[1].htm;VBS.Psyme.377;;

isearch[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

NULL[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\NULL[1].htm;VBS.Psyme.377;;

NULL[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

NULL[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\NULL[2].htm;VBS.Psyme.377;;

NULL[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[1].htm;VBS.Psyme.377;;

searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[2].htm;VBS.Psyme.377;;

searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[3].htm;VBS.Psyme.377;;

searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

searchbbr545[4].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[4].htm;VBS.Psyme.377;;

searchbbr545[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

searchbbr545[5].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[5].htm;VBS.Psyme.377;;

searchbbr545[5].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

searchbbr545[6].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[6].htm;VBS.Psyme.377;;

searchbbr545[6].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

searchbbr545[7].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\searchbbr545[7].htm;VBS.Psyme.377;;

searchbbr545[7].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

search[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\search[2].htm;VBS.Psyme.377;;

search[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

yourstashbox[1].htm\javascript.3;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91\yourstashbox[1].htm;VBS.Psyme.377;;

yourstashbox[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\WR3NQC91;Archive contains infected objects;Moved.;

7311481[1]\javascript.9;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT\7311481[1];VBS.Psyme.377;;

7311481[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT;Archive contains infected objects;Moved.;

CA5WKN5D.php\javascript.6;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT\CA5WKN5D.php;VBS.Psyme.377;;

CA5WKN5D.php;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT;Archive contains infected objects;Moved.;

freeppc[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT\freeppc[1].htm;VBS.Psyme.377;;

freeppc[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT;Archive contains infected objects;Moved.;

p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT\p[1].htm;VBS.Psyme.377;;

p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\Y109U1WT;Archive contains infected objects;Moved.;

1270243[1]\javascript.2;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\1270243[1];VBS.Psyme.377;;

1270243[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

3385168[1]\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\3385168[1];VBS.Psyme.377;;

3385168[1];E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

erotic.masterstats[1].htm\javascript.4;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\erotic.masterstats[1].htm;VBS.Psyme.377;;

erotic.masterstats[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

freeppc[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\freeppc[1].htm;VBS.Psyme.377;;

freeppc[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

index[1].htm\javascript.4;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\index[1].htm;VBS.Psyme.377;;

index[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

index[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\index[2].htm;VBS.Psyme.377;;

index[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

p[1].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\p[1].htm;VBS.Psyme.377;;

p[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

p[2].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\p[2].htm;VBS.Psyme.377;;

p[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

p[3].htm\javascript.0;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\p[3].htm;VBS.Psyme.377;;

p[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

searchbbr545[1].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\searchbbr545[1].htm;VBS.Psyme.377;;

searchbbr545[1].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

searchbbr545[2].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\searchbbr545[2].htm;VBS.Psyme.377;;

searchbbr545[2].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

searchbbr545[3].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\searchbbr545[3].htm;VBS.Psyme.377;;

searchbbr545[3].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

searchbbr545[4].htm\javascript.1;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59\searchbbr545[4].htm;VBS.Psyme.377;;

searchbbr545[4].htm;E:\Documents and Settings\Rich Chalfin\Local Settings\Temporary Internet Files\Content.IE5\ZFVJZG59;Archive contains infected objects;Moved.;

searchbbr545[5].htm\j

Edited by Salvation138

Share this post


Link to post
Share on other sites

OK, and in addition to the problems I'm having, the CureIt log won't even post correctly. It's not posting the whole thing.

 

Here's a HiJack This log.

 

Logfile of HijackThis v1.99.1

Scan saved at 22:53, on 2007-06-11

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

E:\WINNT\System32\smss.exe

E:\WINNT\system32\winlogon.exe

E:\WINNT\system32\services.exe

E:\WINNT\system32\lsass.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\system32\spoolsv.exe

E:\WINNT\system32\j4271839.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\system32\regsvc.exe

E:\WINNT\system32\MSTask.exe

E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

E:\WINNT\System32\WBEM\WinMgmt.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\Explorer.EXE

E:\WINNT\system32\wuauclt.exe

E:\WINNT\TPPALDR.EXE

E:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\WinZip\WZQKPICK.EXE

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll (file missing)

O2 - BHO: (no name) - {4789D0A2-78F3-4F40-A27B-322659AA0B37} - E:\Program Files\Windows NT\hokeno.dll

O2 - BHO: PsapiAnalyzer Object - {489263D0-1E71-4B29-B4D1-46DAA5856DF7} - e:\winnt\driver cache\dnsurl.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6795FCB2-DA46-4559-B706-DAFAA4D5778D} - E:\WINNT\system32\ljhif.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - E:\WINNT\System32\fccyyaa.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [LaCie USB2 Auto Loader] E:\WINNT\TPPALDR.EXE

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [TPP Auto Loader] E:\WINNT\tppaldr.exe

O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "E:\WINNT\system32\xlhuvgfn.dll",realset

O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -

O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx

O20 - Winlogon Notify: dnsurl - e:\winnt\driver cache\dnsurl.dll

O20 - Winlogon Notify: fccyyaa - E:\WINNT\SYSTEM32\fccyyaa.dll

O20 - Winlogon Notify: ljhif - E:\WINNT\system32\ljhif.dll

O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat (file missing)

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe

O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

 

And a ComboFix log.

 

"E:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"

"E:\WINNT\q.exe"

"E:\Program Files\Microsoft Office\profsyvyra.html"

"E:\WINNT\system32\5FIh0P88.exe"

"E:\WINNT\system32\px5AIBSI.exe"

"E:\WINNT\system32\packet.dll"

"E:\WINNT\system32\wpcap.dll"

"E:\WINNT\tasks\At1.job"

"E:\WINNT\tasks\At10.job"

"E:\WINNT\tasks\At11.job"

"E:\WINNT\tasks\At12.job"

"E:\WINNT\tasks\At13.job"

"E:\WINNT\tasks\At14.job"

"E:\WINNT\tasks\At15.job"

"E:\WINNT\tasks\At16.job"

"E:\WINNT\tasks\At17.job"

"E:\WINNT\tasks\At18.job"

"E:\WINNT\tasks\At19.job"

"E:\WINNT\tasks\At2.job"

"E:\WINNT\tasks\At20.job"

"E:\WINNT\tasks\At21.job"

"E:\WINNT\tasks\At22.job"

"E:\WINNT\tasks\At23.job"

"E:\WINNT\tasks\At24.job"

"E:\WINNT\tasks\At25.job"

"E:\WINNT\tasks\At26.job"

"E:\WINNT\tasks\At27.job"

"E:\WINNT\tasks\At28.job"

"E:\WINNT\tasks\At29.job"

"E:\WINNT\tasks\At3.job"

"E:\WINNT\tasks\At30.job"

"E:\WINNT\tasks\At31.job"

"E:\WINNT\tasks\At33.job"

"E:\WINNT\tasks\At34.job"

"E:\WINNT\tasks\At35.job"

"E:\WINNT\tasks\At36.job"

"E:\WINNT\tasks\At37.job"

"E:\WINNT\tasks\At38.job"

"E:\WINNT\tasks\At39.job"

"E:\WINNT\tasks\At4.job"

"E:\WINNT\tasks\At40.job"

"E:\WINNT\tasks\At41.job"

"E:\WINNT\tasks\At42.job"

"E:\WINNT\tasks\At43.job"

"E:\WINNT\tasks\At44.job"

"E:\WINNT\tasks\At45.job"

"E:\WINNT\tasks\At46.job"

"E:\WINNT\tasks\At47.job"

"E:\WINNT\tasks\At48.job"

"E:\WINNT\tasks\At5.job"

"E:\WINNT\tasks\At6.job"

"E:\WINNT\tasks\At7.job"

"E:\WINNT\tasks\At8.job"

"E:\WINNT\tasks\At9.job"

"E:\DOCUME~1\RICHCH~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\f

lashplayer\sys\#www.broadcaster.com\settings.sol"

"E:\WINNT\system32\IExplorer.dll

.dbt"

"E:\WINNT\system32\Explorer.exe"

"E:\WINNT\system32\drivers\core.cache.dsk"

"E:\WINNT\opera6.ini"

"E:\WINNT\rau001978.exe"

"E:\WINNT\dls0523pmw.exe"

"E:\WINNT\b136.exe"

"E:\WINNT\wr.txt"

"E:\WINNT\Driver Cache\ntp2.ini"

E:\WINNT\system32\xlhuvgfn.dll

E:\WINNT\system32\cbxxuvt.dll

E:\WINNT\system32\khfcabx.dll

E:\WINNT\system32\fihjl.bak1

E:\WINNT\system32\fihjl.bak2

E:\WINNT\system32\fihjl.ini

E:\WINNT\system32\nfgvuhlx.ini

E:\WINNT\system32\fihjl.bak1

E:\WINNT\system32\fihjl.bak2

E:\WINNT\system32\fihjl.ini

"E:\WINNT\system32\T4"

"E:\WINNT\system32\T3"

"E:\WINNT\system32\pog"

"E:\DOCUME~1\RICHCH~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\WDS4Q5DE\

www.broadcaster.com"

"E:\DOCUME~1\RICHCH~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\f

lashplayer\sys\#www.broadcaster.com"

Share this post


Link to post
Share on other sites

Hi again,

 

the CureIt log won't even post correctly
Not your fault, the board software only allows posts of a certain length.

 

Ok, it's looking a lot better, next steps:

 

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of E:\vundofix.txt and a new HiJackThis log.

jedi

Share this post


Link to post
Share on other sites

VundoFix log...

 

VundoFix V6.5.0

 

Checking Java version...

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Scan started at 23:24:38 2007-06-12

 

Listing files found while scanning....

 

e:\winnt\driver cache\dnsurl.dll

E:\WINNT\system32\fihjl.ini

E:\WINNT\system32\ljhif.dll

 

Beginning removal...

 

Attempting to delete e:\winnt\driver cache\dnsurl.dll

e:\winnt\driver cache\dnsurl.dll Has been deleted!

 

Attempting to delete E:\WINNT\system32\fihjl.ini

E:\WINNT\system32\fihjl.ini Has been deleted!

 

Attempting to delete E:\WINNT\system32\ljhif.dll

E:\WINNT\system32\ljhif.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

And HiJack This log..

 

Logfile of HijackThis v1.99.1

Scan saved at 14:47, on 2007-06-13

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

E:\WINNT\System32\smss.exe

E:\WINNT\system32\winlogon.exe

E:\WINNT\system32\services.exe

E:\WINNT\system32\lsass.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\system32\spoolsv.exe

E:\WINNT\system32\j4271839.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\system32\regsvc.exe

E:\WINNT\system32\MSTask.exe

E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

E:\WINNT\System32\WBEM\WinMgmt.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\Explorer.EXE

E:\WINNT\TPPALDR.EXE

E:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\WinZip\WZQKPICK.EXE

E:\WINNT\system32\wuauclt.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

E:\Program Files\AIM\aim.exe

E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll (file missing)

O2 - BHO: (no name) - {4789D0A2-78F3-4F40-A27B-322659AA0B37} - E:\Program Files\Windows NT\hokeno.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - E:\WINNT\System32\fccyyaa.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O2 - BHO: (no name) - {CA67A621-BF53-4D18-A321-059D6CE7CA48} - E:\WINNT\system32\ljhif.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [LaCie USB2 Auto Loader] E:\WINNT\TPPALDR.EXE

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [TPP Auto Loader] E:\WINNT\tppaldr.exe

O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "E:\WINNT\system32\xlhuvgfn.dll",realset

O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -

O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx

O20 - Winlogon Notify: fccyyaa - E:\WINNT\SYSTEM32\fccyyaa.dll

O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat (file missing)

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe

O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Share this post


Link to post
Share on other sites

Hi again,

 

Please run Notepad and paste the following text in the Code box into a new file:

 

 
attrib -r -h -s E:\WINNT\system32\xlhuvgfn.dll
del E:\WINNT\system32\xlhuvgfn.dll
attrib -r -h -s E:\WINNT\SYSTEM32\fccyyaa.dll
del E:\WINNT\SYSTEM32\fccyyaa.dll
attrib -r -h -s E:\WINNT\system32\j4271839.exe
del E:\WINNT\system32\j4271839.exe
sc stop dns cache reader
sc delete dns cache reader

 

Save the file to the desktop as remove.bat and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on remove.bat.

 

Next:

 

Please do the following:

Run a BitDefender Online scan Here and post the results.

 

Please also post a hew HiJackThis log.

 

jedi

Share this post


Link to post
Share on other sites

Hello, sorry I haven't responded in a while. I've been incredibly busy lately. I did the remove.bat thing, but the online scan doesn't seem to work with my Firefox browser. I would try it with IE, but now it isn't working. Every time I try to access My Documents or any other folder that uses the IE browser, my screen goes blank. This has happened before...I don't know how to fix it. Also, every time I open Firefox, it says it's connected to a proxy server..I have to change the connection settings every time I open it. Here's a HiJack this log for you.

 

I apologize for all of this..my computer is in very poor shape right now.

 

Logfile of HijackThis v1.99.1

Scan saved at 6:10:44 PM, on 06/22/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

E:\WINNT\System32\smss.exe

E:\WINNT\system32\winlogon.exe

E:\WINNT\system32\services.exe

E:\WINNT\system32\lsass.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\system32\spoolsv.exe

E:\WINNT\system32\j4271839.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\system32\regsvc.exe

E:\WINNT\system32\MSTask.exe

E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

E:\WINNT\System32\WBEM\WinMgmt.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\TPPALDR.EXE

E:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\WinZip\WZQKPICK.EXE

E:\WINNT\system32\wuauclt.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

E:\Program Files\iTunes\iTunes.exe

E:\Program Files\AIM\aim.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\WINNT\explorer.exe

E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll (file missing)

O2 - BHO: (no name) - {44E94565-639F-4A0E-B431-80535AF8205A} - E:\WINNT\system32\vtssr.dll

O2 - BHO: (no name) - {4789D0A2-78F3-4F40-A27B-322659AA0B37} - E:\Program Files\Windows NT\hokeno.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - E:\WINNT\system32\eoieyhiw.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - E:\WINNT\System32\fccyyaa.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: (no name) - {95F44196-1612-47E4-8A5E-103CD1DAC730} - E:\WINNT\system32\svlqqyqn.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O2 - BHO: (no name) - {CA67A621-BF53-4D18-A321-059D6CE7CA48} - E:\WINNT\system32\ljhif.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [LaCie USB2 Auto Loader] E:\WINNT\TPPALDR.EXE

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [TPP Auto Loader] E:\WINNT\tppaldr.exe

O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "E:\WINNT\system32\iuqtvpmn.dll",realset

O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx

O20 - Winlogon Notify: fccyyaa - E:\WINNT\SYSTEM32\fccyyaa.dll

O20 - Winlogon Notify: vtssr - E:\WINNT\system32\vtssr.dll

O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat (file missing)

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe

O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Share this post


Link to post
Share on other sites

Hi again,

 

Ok, I really need you to run ComboFix. If this happens

all my desktop icons and start bar disappeared. I had to restart just to get it back to normal
do not do anything, just wait, you should not carry out any action on your PC after you start ComboFix, wait until it produces its report. Here's the download in case you deleted the tool:

 

1. Download this file - ComboFix

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

jedi

Share this post


Link to post
Share on other sites

I ran ComboFix and here's what I got.

 

ComboFix 07-06-11.3 - E:\Documents and Settings\Rich Chalfin\Desktop\ComboFix.exe

"Rich Chalfin" - 06/23/2007 23:53:48 - Service Pack 4 NTFS

 

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

E:\WINNT\system32\cullbakr.dll

E:\WINNT\system32\ddoylpjj.dll

E:\WINNT\system32\iuqtvpmn.dll

E:\WINNT\system32\jtwemlqk.dll

E:\WINNT\system32\svlqqyqn.dll

E:\WINNT\system32\rkablluc.ini

E:\WINNT\system32\jjplyodd.ini

E:\WINNT\system32\nmpvtqui.ini

E:\WINNT\system32\rsstv.bak1

E:\WINNT\system32\rsstv.bak2

E:\WINNT\system32\rsstv.ini

E:\WINNT\system32\rsstv.tmp

E:\WINNT\system32\rsstv.bak1

E:\WINNT\system32\rsstv.bak2

E:\WINNT\system32\rsstv.ini

E:\WINNT\system32\vtssr.dll

E:\WINNT\system32\fccyyaa.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

E:\WINNT\Driver Cache\ntp2.ini

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_CMDSERVICE

-------\LEGACY_CORE

-------\LEGACY_NETWORK_MONITOR

-------\LEGACY_NET_AGENT

-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS

-------\cmdService

-------\core

 

 

((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))

 

 

2007-06-23 23:03 4,628 --a------ E:\WINNT\system32\jrshcagl.exe

2007-06-23 23:00 122,900 --a------ E:\WINNT\system32\frpsuycc.exe

2007-06-22 15:46 122,900 --a------ E:\WINNT\system32\aiboljtw.exe

2007-06-22 15:43 4,628 --a------ E:\WINNT\system32\notcxgch.exe

2007-06-22 14:40 122,900 --a------ E:\WINNT\system32\ticfonbw.exe

2007-06-21 10:49 122,900 --a------ E:\WINNT\system32\botjeosd.exe

2007-06-19 17:49 122,900 --a------ E:\WINNT\system32\cltwuwyl.exe

2007-06-13 17:44 62,516 --a------ E:\WINNT\system32\eoieyhiw.dll

2007-06-13 17:38 <DIR> d-------- E:\WINNT\BDOSCAN8

2007-06-12 23:24 <DIR> d-------- E:\VundoFix Backups

2007-06-11 22:07 49,152 --a------ E:\WINNT\nircmd.exe

2007-06-11 17:53 <DIR> d-------- E:\DOCUME~1\RICHCH~1\DoctorWeb

2007-06-09 12:25 105,434 --a------ E:\WINNT\qwr67.exe

2007-06-08 13:52 <DIR> d-------- E:\Program Files\Eusing Free Registry Cleaner

2007-06-08 13:18 8,192 --a------ E:\WINNT\system32\j4271839.exe

2007-06-06 17:22 53,248 --a------ E:\WINNT\uni_eh42.exe

2007-05-25 23:41 <DIR> d-------- E:\Program Files\Lavasoft

2007-05-25 23:40 <DIR> d-------- E:\Program Files\Common Files\Wise Installation Wizard

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-19 22:40:51 1,636 ----a-w E:\WINNT\system32\d3d9caps.dat

2007-06-10 23:08:52 -------- d-----w E:\Program Files\Windows NT

2007-05-26 03:42:02 -------- d-----w E:\DOCUME~1\RICHCH~1\APPLIC~1\Lavasoft

2007-05-20 20:00:44 -------- d-----w E:\Program Files\Common Files\kiuw

2007-05-16 00:49:34 8,607 ----a-w E:\WINNT\mozver.dat

2007-04-01 16:11:55 69,036 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\EHMatrixFilters.dll

2007-04-01 16:11:54 44,032 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSCFPlugin5228.dll

2007-04-01 16:11:54 37,376 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSCarbonEventsPlugin5242.dll

2007-04-01 16:11:54 35,840 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\EHEffects.dll

2007-04-01 16:11:54 33,792 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSIconPlugin5036.dll

2007-04-01 16:11:54 28,672 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSMacOSXPlugin5242.dll

2007-04-01 16:11:54 27,136 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSUsernamePlugin4435.dll

2007-04-01 16:11:54 103,424 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSPicturePlugin5148.dll

2007-04-01 16:11:53 99,328 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSJPEGCompressionPlugin5041.dll

2007-04-01 16:11:53 64,512 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSZipPlugin4713.dll

2007-04-01 16:11:53 444,928 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSTiffPlugin4713.dll

2007-04-01 16:11:53 32,768 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSProcessPlugin4911.dll

2007-04-01 16:11:53 30,208 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSBase64Plugin4708.dll

2007-04-01 16:11:53 27,648 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSWindowPlugin4708.dll

2007-04-01 16:11:53 27,648 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSRegistrationPlugin4987.dll

2007-04-01 16:11:53 146,944 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSPNGPlugin4713.dll

2007-04-01 16:11:53 120,832 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\MBSJPEGDecompressionPlugin5041.dll

2007-04-01 16:11:52 88,576 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\rbap550.dll

2007-04-01 16:11:52 478,720 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\RBDB550.dll

2007-04-01 16:11:52 40,960 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\RBShell550.dll

2007-04-01 16:11:52 32,256 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\RBJagToolbarItem550.dll

2007-04-01 16:11:52 29,184 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\RBInternetEncodings550.dll

2007-04-01 16:11:52 25,600 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\EHTypes.dll

2007-04-01 16:11:40 74,240 ---ha-w E:\DOCUME~1\RICHCH~1\APPLIC~1\rbqt550.DLL

2005-07-29 20:24:26 472 --sha-r E:\WINNT\UmljaCBDaGFsZmlu\oA53uF1Gu3IPtA5R.vbs

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [03-11-03 14:17 ]

{0A6A113E-50BF-418F-D5A5-8902307985F6}=E:\Program Files\Microsoft Office\lavuhaxo.dll []

{4789D0A2-78F3-4F40-A27B-322659AA0B37}=E:\Program Files\Windows NT\hokeno.dll [07-04-06 15:27 ]

{53707962-6F74-2D53-2644-206D7942484F}=E:\PROGRA~1\SPYBOT~1\SDHelper.dll [05-05-31 01:04 ]

{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=E:\WINNT\system32\eoieyhiw.dll [07-06-13 17:44 ]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [06-10-12 04:25 ]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll [04-08-13 17:42 ]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll [04-08-13 17:42 ]

{CA67A621-BF53-4D18-A321-059D6CE7CA48}=E:\WINNT\system32\ljhif.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [03-06-19 15:05 E:\WINNT\system32\mobsync.exe]

"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04-06-03 16:33 ]

"msnappau"="E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" [04-08-13 17:41 ]

"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [06-06-14 16:24 ]

"SunJavaUpdateSched"="E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [06-10-12 04:10 ]

"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [06-07-27 23:10 ]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RealPlayer"="E:\Program Files\Real\RealPlayer\realplay.exe" [06-06-11 19:24 ]

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= E:\Program Files\Microsoft Office\profsyvyra.html

FriendlyName=

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]

Source= E:\Documents and Settings\Rich Chalfin\My Documents\My Pictures\dad.bmp

FriendlyName=

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00896F4]

E:\WINNT\system32\__c00896F4.dat

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs

WmdmPmSN

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-08 17:51:20 E:\WINNT\tasks\At32.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-24 15:30:42

Windows 5.0.2195 Service Pack 4 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-06-24 15:32:11

E:\ComboFix-quarantined-files.txt ... 07-06-24 15:31

 

--- E O F ---

Share this post


Link to post
Share on other sites

Hi again,

 

Good, that's looking a lot better. :thumbsup: Please now post a fresh HiJackThis log.

 

jedi

Share this post


Link to post
Share on other sites

That's definitely a good thing to hear. Here it is.

 

Logfile of HijackThis v1.99.1

Scan saved at 10:24:55 PM, on 6/25/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

E:\WINNT\System32\smss.exe

E:\WINNT\system32\winlogon.exe

E:\WINNT\system32\services.exe

E:\WINNT\system32\lsass.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\system32\spoolsv.exe

E:\WINNT\system32\j4271839.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\system32\regsvc.exe

E:\WINNT\system32\MSTask.exe

E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

E:\WINNT\System32\WBEM\WinMgmt.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\Explorer.EXE

E:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\WinZip\WZQKPICK.EXE

E:\WINNT\system32\wuauclt.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\iTunes\iTunes.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\AIM\aim.exe

E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll (file missing)

O2 - BHO: (no name) - {4789D0A2-78F3-4F40-A27B-322659AA0B37} - E:\Program Files\Windows NT\hokeno.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - E:\WINNT\system32\eoieyhiw.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O2 - BHO: (no name) - {CA67A621-BF53-4D18-A321-059D6CE7CA48} - E:\WINNT\system32\ljhif.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx

O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat (file missing)

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe

O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Share this post


Link to post
Share on other sites

Hi again,

 

Scan with HiJackThis and put a check in the box next to the following items;

 

O2 - BHO: 0 - {0A6A113E-50BF-418F-D5A5-8902307985F6} - E:\Program Files\Microsoft Office\lavuhaxo.dll (file missing)

O2 - BHO: (no name) - {4789D0A2-78F3-4F40-A27B-322659AA0B37} - E:\Program Files\Windows NT\hokeno.dll

O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - E:\WINNT\system32\eoieyhiw.dll

O2 - BHO: (no name) - {CA67A621-BF53-4D18-A321-059D6CE7CA48} - E:\WINNT\system32\ljhif.dll (file missing)

O16 - DPF: {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - http://www.00110.net/tj2007/00110.cab

O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtend.net/code/chm/xpre.chm::/xpreload.ocx

O20 - Winlogon Notify: __c00896F4 - E:\WINNT\system32\__c00896F4.dat (file missing)

O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe

 

 

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

 

 

* Download Killbox.

Click killbox.exe.

Select the option "Delete on reboot".

Click the button: All Files (!important!)

Now it should flash green.

 

Now copy the next bold part:

 

E:\WINNT\system32\j4271839.exe

E:\WINNT\qwr67.exe

E:\WINNT\uni_eh42.exe

 

Open 'file' in the killboxmenu on top and choose Paste from clipboard

 

Then press the button that looks like a red circle with a white X in it.

Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES

If you don't get that message, reboot manually.

 

Your computer should reboot now.

 

 

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

 

jedi

Share this post


Link to post
Share on other sites

Alright, I did everything you asked. Here's the log.

 

Logfile of HijackThis v1.99.1

Scan saved at 10:24:16 PM, on 6/29/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

E:\WINNT\System32\smss.exe

E:\WINNT\system32\winlogon.exe

E:\WINNT\system32\services.exe

E:\WINNT\system32\lsass.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\system32\spoolsv.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\system32\regsvc.exe

E:\WINNT\system32\MSTask.exe

E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

E:\WINNT\System32\WBEM\WinMgmt.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\Explorer.EXE

E:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\WinZip\WZQKPICK.EXE

E:\WINNT\system32\wuauclt.exe

E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

E:\Program Files\iPod\bin\iPodService.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe

O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - E:\WINNT\system32\j4271839.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Share this post


Link to post
Share on other sites

Hi again,

 

Ok, we're nearly there. One service to remove.

 

Go to Start > Run and type in Services.msc then click OK

 

Click the Extended tab.

 

Scroll down until you find dns cache reader

 

Click once on the service to highlight it.

 

Click Stop

 

Right-Click on the service.

 

Click on 'Properties'

 

Select the 'General' tab

 

Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

 

From the drop-down menu, click on 'Disabled'

 

Click the 'Apply' tab, then click 'OK'

 

Next:

 

Please run HijackThis and click Config -> Misc Tools -> Delete an NT service. In the Delete window, type DNSCacheReader and press OK. OK any prompts, close HijackThis, and restart your computer.

 

Then please post another HiJackThis log.

 

jedi

Share this post


Link to post
Share on other sites

OK, did all that. Quick question though, I was wondering if this spyware is what is affecting my internet connection problem. When I start Firefox I get a message saying I'm connected to a proxy server that is not allowing connections. I have to manually switch my network settings from the proxy setting (localhost:8182) to the direct internet connection. It's just an annoying problem, I was hoping all of this would eventually fix that. Anyway, here's the log.

 

Logfile of HijackThis v1.99.1

Scan saved at 8:54:31 PM, on 7/1/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

E:\WINNT\System32\smss.exe

E:\WINNT\system32\winlogon.exe

E:\WINNT\system32\services.exe

E:\WINNT\system32\lsass.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\system32\spoolsv.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\system32\regsvc.exe

E:\WINNT\system32\MSTask.exe

E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

E:\WINNT\System32\WBEM\WinMgmt.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\Explorer.EXE

E:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\WinZip\WZQKPICK.EXE

E:\WINNT\system32\wuauclt.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Share this post


Link to post
Share on other sites

Hi again,

 

Try this:

 

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

 

Let me know if it helps.

 

jedi

Share this post


Link to post
Share on other sites

Hi again,

 

Did you set up the proxy yourself? Is it something you particularly want to keep?

 

jedi

Share this post


Link to post
Share on other sites

No, I didn't set it up myself. I don't believe it needs to be kept, either. I thought it might have been part of the spyware or whatever else was on my computer.

Share this post


Link to post
Share on other sites

Till jedi comes back go ahead and check and fix this line:

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182

 

After that post a new hijackthis log and let us know if you have to reset the connection again.

Share this post


Link to post
Share on other sites

Fixed that line, but still had to fix the connection settings when I started Firefox.

 

Logfile of HijackThis v1.99.1

Scan saved at 10:57:15 PM, on 7/4/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

E:\WINNT\System32\smss.exe

E:\WINNT\system32\winlogon.exe

E:\WINNT\system32\services.exe

E:\WINNT\system32\lsass.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\system32\spoolsv.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\system32\regsvc.exe

E:\WINNT\system32\MSTask.exe

E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

E:\WINNT\System32\WBEM\WinMgmt.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\Explorer.EXE

E:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\WinZip\WZQKPICK.EXE

E:\WINNT\system32\wuauclt.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

E:\Program Files\iTunes\iTunes.exe

E:\Program Files\AIM\aim.exe

E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Share this post


Link to post
Share on other sites

Hi again,

 

Navigate to this folder:

 

C:\Documents And Settings\Owner\Application Data\Mozilla\Firefox\(identity)\

 

Search for a file named user.js . If it is present, delete it, then reset connection settings.

 

Let me know what happens.

 

jedi

Share this post


Link to post
Share on other sites

Can't find that folder on my computer, on the C and E drive. I did a search for the file user.js and nothing came up. I'm sorry about all of this..I really appreciate your help.

Share this post


Link to post
Share on other sites

Hi,

 

Sorry, those folders are hidden:

 

Reconfigure Windows XP to show hidden files:

Click Start. Open My Computer.

Select the Tools menu and click Folder Options. Select the View Tab.

 

Under the Hidden files and folders heading select "Show hidden files and folders".

Uncheck the "Hide protected operating system files (recommended)" option.

Uncheck the "Hide file extensions for known file types" option.

Click Yes to confirm. Click OK.

 

Now try again. That file may not exist, so don't worry if you can't find it.

 

jedi

Share this post


Link to post
Share on other sites

It worked, thanks so much. How's everything else on my computer looking?

 

Logfile of HijackThis v1.99.1

Scan saved at 8:55:36 PM, on 7/10/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

E:\WINNT\System32\smss.exe

E:\WINNT\system32\winlogon.exe

E:\WINNT\system32\services.exe

E:\WINNT\system32\lsass.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\system32\spoolsv.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\system32\regsvc.exe

E:\WINNT\system32\MSTask.exe

E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

E:\WINNT\System32\WBEM\WinMgmt.exe

E:\WINNT\system32\svchost.exe

E:\WINNT\System32\svchost.exe

E:\WINNT\Explorer.EXE

E:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

E:\Program Files\QuickTime\qttask.exe

E:\Program Files\WinZip\WZQKPICK.EXE

E:\WINNT\system32\wuauclt.exe

E:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe

E:\Program Files\iTunes\iTunes.exe

E:\Program Files\AIM\aim.exe

E:\Program Files\MSN Messenger\msnmsgr.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Documents and Settings\Rich Chalfin\Desktop\Scanner.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [RealPlayer] "E:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} -

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Share this post


Link to post
Share on other sites

Hi again,

 

Glad to hear that worked. :thumbsup:

 

Your PC looks all clean to me, how is it running now?

 

jedi

Share this post


Link to post
Share on other sites

You're welcome. :D

 

In order to be better protected in the future, I recommend the following programs:

 

SpywareBlaster protects against bad ActiveX.

http://www.javacoolsoftware.com/spywareblaster.html

 

SpywareGuard stops Spyware from being installed.

http://www.javacoolsoftware.com/spywareguard.html

 

Also install the MVPS hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

which blocks innocent looking sites that are not so innocent.

 

All three are very small free programs that you run once, and then just occasionally to check for updates.

 

Also see

How did I get Infected?

 

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking

here http://v4.windowsupdate.microsoft.com/

and following the prompts.

 

Take care.

 

jedi :wave:

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0