Jump to content


Photo

Computer running slow (log) + Offtopic question (sorta)


  • This topic is locked This topic is locked
17 replies to this topic

#1 NecroD2

NecroD2

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 13 January 2007 - 02:18 AM

I'll start with the question.. Just recently when I plug things like jumpdrives, external harddrives, mp3, phones, iPods into my USB ports the computer just freezes on me completely. But it doesn't effect my mouse/keyboard, printer or webcam. It's really starting to annoy me, what can I do to fix it?



So if someone can review my log.. It'd be grateful.


Logfile of HijackThis v1.99.1
Scan saved at 3:14:30 AM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Wireless Optical Mouse\MOffice.exe
C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Wireless Optical Mouse\MOUSE32A.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Windows\Desktop\hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\5.bin\MBSRCAS.DLL
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\5.bin\MBSRCAS.DLL
O2 - BHO: (no name) - {FF44C681-2814-79C8-40A0-03F2CF5741CA} - C:\WINDOWS\system32\ecgvkstx.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL
O4 - HKLM\..\Run: [Intel Driver] csrs.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Wireless Optical Mouse\MOffice.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [Intel Driver] csrs.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://irenepooh.spa...ad/MsnPUpld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32F014CD-371F-42DD-BCFB-BFCCAFEA970E}: NameServer = 206.47.244.110 206.47.244.61
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 15 January 2007 - 05:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Juliet

Juliet

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 843 posts

Posted 18 January 2007 - 02:10 PM

Hi NecroD2

I see you have Absolute Poker installed, or was once installed.
If you didn't install it with intension to play with, I suggest you uninstall it, because in most cases, these programs are supported by malware, getting installed without permission and it is possible it can lead you to sites where malware is lurking.
If you do play it, then leave it alone.
If you chose to remove go to Add/Remove programs in the control panel and uninstall if still there.
Absolute Poker


Please print out these instructions or save to notepad, you will be working in safe mode and this page will not be available.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log in your next reply




* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {FF44C681-2814-79C8-40A0-03F2CF5741CA} - C:\WINDOWS\system32\ecgvkstx.dll
O4 - HKLM\..\Run: [Intel Driver] csrs.exe
O4 - HKLM\..\RunServices: [Intel Driver] csrs.exe

Next entries if you removed Absolute Poker
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

Close all windows and browsers except HJT and click fix checked

Please download ATF Cleaner by Atribune to desktop.
http://www.atribune....ATF-Cleaner.exe


Download AVG Anti-Spyware 7.5 from Here
And save that file to your desktop.
This is a 30 day trial of the program.
  • Once you have downloaded AVG anti-spyware, locate the icon on the your desk top and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware 7.5 and definition files.
  • On the main screen select the icon "Update then select the"Update Now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
*Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
*Once in the Settings screen click on "Recommended Actions" and then select "Quarantine". <--IMPORTANT"

*Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware 7.5, Do not run a scan yet.


Reboot your computer into Safe Mode. Tap the F8 key just before Windows starts to load and select Safe Mode from the menu.

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


Important.. Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess:
  • Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan"tab then click on "Complete Scan".
  • AVG will now begin the scanning process, be patient this may take a little time to complete.
Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system, (Make sure to remember where you have saved the file, this is important.
  • Close AVG Anti-Spyware 7.5 and reboot your system back into Normal Mode
In your next reply please post the Report.txt the AVG A/S scan and a new HJT log, with comments on how the computer is running now.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 NecroD2

NecroD2

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 18 January 2007 - 07:22 PM

SDFix: Version 1.59

Thu 01/18/2007 - 18:30:18.00

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\Windows\Desktop\SDFix\SDFix

Safe Mode:

Checking Services:

Name:


Path:



Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting

Normal Mode:

Checking Files:


No Files Found..




Alternate Stream Check:

C:\WINDOWS\system32
No streams found.
Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"="C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe:*:Enabled:mvp2005"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\EA SPORTS\\NHL06\\nhl06.exe"="C:\\Program Files\\EA SPORTS\\NHL06\\nhl06.exe:*:Enabled:nhl06"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\WINDOWS\\system32\\srshost.exe"="C:\\WINDOWS\\system32\\srshost.exe:*:Disabled:srshost"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Windows\Desktop\SDFix\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\NTDETECT.COM
C:\Documents and Settings\Irene\My Documents\??crosoft\mmc.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINDOWS\system32\mmf.sys

Finished



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:09:48 PM 1/18/2007

+ Scan result:



C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll -> Adware.BHO : Cleaned with backup (quarantined).
HKU\S-1-5-21-1482476501-1004336348-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\RVOCURS.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gpj6l31s1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\guard.tmp_tobedeleted -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jt0s07d7e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\k662lgjo16oc.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\l0j8la1u1d.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lbcoinst.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mndsrv32.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\oobc32gt.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ope2disp.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pyrfnw.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\q068laju1do8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qev.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wonnls.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\poohbusy4.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Tldctl2.URLLink -> Adware.NewDotNet : Error during cleaning.
HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1 -> Adware.NewDotNet : Error during cleaning.
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP7\A0005142.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\goboq.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Irene\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Irene\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Irene\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Irene\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Irene\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Irene\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\poohbusy4.zip\SetupInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\MirarSetup_876075.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tpsd.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32tpsd.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hauc.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\poznfsqy.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Error during cleaning.
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Error during cleaning.
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP1\A0000001.exe -> Backdoor.Rbot.bnn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP1\A0000010.exe -> Backdoor.Rbot.bnn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP1\A0001009.exe -> Backdoor.Rbot.bnn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP2\A0003070.exe -> Backdoor.Rbot.bnn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP2\A0003071.exe -> Backdoor.Rbot.bnn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP2\A0003072.exe -> Backdoor.Rbot.bnn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winl0gon.exe -> Backdoor.Rbot.bnn : Cleaned with backup (quarantined).
C:\Program Files\wallpap.exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\wallpap.js -> Hijacker.Small.jf : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.340:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.411:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.412:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.94:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.42:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.26:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.343:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.190:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.191:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.268:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.119:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.120:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.101:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.50:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.32:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.28:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.34:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.358:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.363:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.374:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.417:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.102:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.11:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.13:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.14:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.167:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.168:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.311:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.330:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.79:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.80:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.81:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.380:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.75:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.76:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.242:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.243:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.244:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.318:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.322:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.324:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.328:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.25:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.36:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.282:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.136:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.139:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.140:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.143:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.381:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.60:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.61:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.62:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.63:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.64:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.406:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.407:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.399:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.400:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.418:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.41:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.58:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.59:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.60:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.141:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.142:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.117:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.118:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.249:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.250:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.251:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.17:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.18:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.51:C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\wazw8jx7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.200:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.201:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.202:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.203:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.391:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.95:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.50:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.198:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.199:C:\Documents and Settings\Irene\Application Data\Mozilla\Firefox\Profiles\xvqh3mrl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP7\A0005131.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\V2luZG93cw\pZ5Rt36awT.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wcpit.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Wireless Optical Mouse\MOffice.exe
C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Wireless Optical Mouse\MOUSE32A.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Documents and Settings\Windows\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\5.bin\MBSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7BFED175-39ED-336C-E89A-40A67A5C94C6} - C:\WINDOWS\system32\goboq.dll (file missing)
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\5.bin\MBSRCAS.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Wireless Optical Mouse\MOffice.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://irenepooh.spa...ad/MsnPUpld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#5 NecroD2

NecroD2

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 18 January 2007 - 07:50 PM

Also.. Wondering if you can assist me with this aswell:

Just recently when I plug things like jumpdrives, external harddrives, mp3, phones, iPods into my USB ports the computer just freezes on me completely. But it doesn't effect my mouse/keyboard, printer or webcam. It's really starting to annoy me, what can I do to fix it?


Thanks.

#6 Juliet

Juliet

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 843 posts

Posted 18 January 2007 - 09:24 PM

Welcome back

It is important that you print out these instructions or save them to notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

SweetIM toolbar
SearchAssistant
WhenU
NewDotNet, New.Net, New.Net Applications or New.Net Domains is present and choose to uninstall.

If there is no entry to remove NewDotNet in the control panel there is also an uninstaller located in the folder C:\Program Files\NewDotNet called NDUninstall which can be used in case there is no uninstaller located in Add or Remove Programs.


If prompted to reboot before uninstalling all the above click no, if you have to reboot go back and finish uninstalling all.

Download this program in case you lose Internet access during the NewDotNet uninstall.
Please download LSPFix from here
http://cexx.org/lspfix.htm
Place it in its own folder, but do not run the program unless you are instructed to do so.

If none of the above options removes NewDot Net, follow these instructions:

Please make sure your anti-virus does not hinder the complete removal of the new.net software. In case it may interfere, temporary disable then Re-enable after the fix.

From a computer that has Internet access, click on the following link:
http://www.new.net/s...install6_90.exe.
· Download and save uninstall6_90.exe to the Desktop.
· Go to the Desktop and double-click on uninstall6_90.exe
· Click on the OK button.
· After removal, you may be prompted to reboot. Please reboot even if not prompted.

Only if you lose your Internet connection after running the NewDotNet removal tool, do the following:
-Unzip and run LSPFix
-Disconnect from the Internet and close all Internet Explorer Windows
-Check: 'I know what I'm doing'
-Select all traces of: NewDotNet
-Click the right-pointing arrows and move all instances of NewDotNet (nothing else) to the Remove pane, (Any files listed in the remove pane, other then NewDotNet, will need to be moved to the Keep pane.)

Click the 'Finished' button
-Restart the computer

Open Hijackthis and click scan only, place a check by these entries

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\5.bin\MBSRCAS.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL
O2 - BHO: (no name) - {7BFED175-39ED-336C-E89A-40A67A5C94C6} - C:\WINDOWS\system32\goboq.dll (file missing)
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\5.bin\MBSRCAS.DLL
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\5.bin\MORPHBAR.DLL

Close all windows and browsers except Hijackthis and click fix checked


Please download the Killbox.By Option^Explicit and save it to your desktop.
Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Please double-click Killbox.exe to run it.
  • From the main Killbox window, select:
"Delete on Reboot".
"All Files".
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C:
(or, after highlighting, right-click and choose copy):
C:\Program Files\MorpheusBar
C:\WINDOWS\system32\winl0gon.exe
C:\Program Files\wallpap.exe
C:\Program Files\wallpap.js
C:\WINDOWS\system32\wcpit.exe

Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button.
Click Yes at the Delete on Reboot prompt.
Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

If your computer does not reboot automatically, please reboot it manually.
NOTE: If you receive a message such as, "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, Click Here to download and run missingfilesetup.exe Then try Killbox again.


1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

You can remove the files from the AVG AS Quarantine
-Launch AVG AS and click the Infections button
-Click the Quarantine tab
-Choose: Select All
-Click: Remove finally
-A window pops asking "Are you sure you want to remove the selected files...??"
-Select: Yes


Please do an online scan with Kaspersky Online Scanner
  • Click on Kaspersky Online Scanner.
  • You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK.
  • Now under select a target to scan:
    • Select My Computer.
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As button.
    • In the File name: field, type kavscan.
    • In the Save as type: field, select Text file (*.txt).
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.


Also, I notice more then one user on this computer, it will be necessary to post a Hijackthis log from the other user account once this account is clean.


Please post the log from the Kaspersky scan, combofix log the uninstall list and a new HijackThis log.

How are things running now?


Also.. Wondering if you can assist me with this aswell


After the computer is clean I can suggest a few tips to check for hardware errors or problems.

Edited by Juliet, 18 January 2007 - 09:26 PM.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#7 NecroD2

NecroD2

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 19 January 2007 - 05:57 PM

For the Killbox, I did receive the "Pendingfilerenameoperations" prompt.

Also I could not find these anywhere:

SweetIM toolbar
SearchAssistant
WhenU
NewDotNet, New.Net, New.Net Applications or New.Net Domains is present and choose to uninstall.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, January 19, 2007 6:49:35 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/01/2007
Kaspersky Anti-Virus database records: 260001
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 40438
Number of viruses found: 23
Number of infected objects: 48 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:51:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\756401421b5ebaf3d35cd13f07325847_af4ec48e-7f14-4557-bf8d-7b178cf428c7 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Windows\Application Data\Mozilla\Firefox\Profiles\vkuwvq1b.default\cert8.db Object is locked skipped
C:\Documents and Settings\Windows\Application Data\Mozilla\Firefox\Profiles\vkuwvq1b.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Windows\Application Data\Mozilla\Firefox\Profiles\vkuwvq1b.default\history.dat Object is locked skipped
C:\Documents and Settings\Windows\Application Data\Mozilla\Firefox\Profiles\vkuwvq1b.default\key3.db Object is locked skipped
C:\Documents and Settings\Windows\Application Data\Mozilla\Firefox\Profiles\vkuwvq1b.default\parent.lock Object is locked skipped
C:\Documents and Settings\Windows\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Windows\Desktop\uninstall6_90.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\Documents and Settings\Windows\Local Settings\Application Data\Microsoft\Messenger\necrod2@gmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Application Data\Microsoft\Messenger\necrod2@gmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Application Data\Microsoft\Messenger\necrod2@gmail.com\SharingMetadata\Working\database_65C_57CE_5C57_B761\dfsr.db Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Application Data\Microsoft\Messenger\necrod2@gmail.com\SharingMetadata\Working\database_65C_57CE_5C57_B761\fsr.log Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Application Data\Microsoft\Messenger\necrod2@gmail.com\SharingMetadata\Working\database_65C_57CE_5C57_B761\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Application Data\Microsoft\Messenger\necrod2@gmail.com\SharingMetadata\Working\database_65C_57CE_5C57_B761\tmp.edb Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Application Data\Microsoft\Windows Live Contacts\NecroD2@gmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Application Data\Microsoft\Windows Live Contacts\NecroD2@gmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Application Data\Mozilla\Firefox\Profiles\vkuwvq1b.default\Cache\2D6A23BBd01 Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\Documents and Settings\Windows\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Temp\Perflib_Perfdata_4d0.dat Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Temp\Perflib_Perfdata_5a4.dat Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Temp\~DF40D5.tmp Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Temp\~DF48FB.tmp Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Temp\~DF9E39.tmp Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Temp\~DF9FC3.tmp Object is locked skipped
C:\Documents and Settings\Windows\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Windows\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Windows\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-01-19.16-13-56.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Morpheus\mymorpheusToolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\MorpheusBar\bar\5.bin\M0PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Program Files\MorpheusBar\bar\5.bin\NPMORPBR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Program Files\Mozilla Firefox\plugins\NPMorpBr.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\020D7972.exe Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Program Files\Norton AntiVirus\Quarantine\02EB207E.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Program Files\Norton AntiVirus\Quarantine\1D6C1C9F Infected: Trojan-Clicker.Win32.VB.lb skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B821DB2.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Program Files\Norton AntiVirus\Quarantine\334F0C89 Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\Program Files\Norton AntiVirus\Quarantine\713C72BB.exe Infected: Trojan-Clicker.Win32.Small.kj skipped
C:\Program Files\Norton AntiVirus\Quarantine\77154DAE Infected: Trojan.Win32.Runner.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\7F2B0E33 Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP7\A0005127.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP7\A0005127.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006266.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006267.exe Infected: Backdoor.Win32.Rbot.bnn skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006270.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006271.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006274.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006275.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006277.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006278.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006279.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006280.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006281.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006282.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006283.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006284.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006285.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006286.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006287.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006288.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006289.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006290.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006291.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006292.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006293.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006294.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006295.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0006296.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.o skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0007388.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8\A0007388.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP9\A0007455.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP9\A0007455.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP9\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd0205.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mmf.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.





"Windows" - 07-01-19 16:14:18 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\Windows\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Outerinfo
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\ASKS~1
C:\qoobox\purity\Program Files\CROSOF~1
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\MANTEC~1
C:\qoobox\purity\Program Files\PPATCH~1
C:\qoobox\purity\Program Files\SKS~1
C:\qoobox\purity\Program Files\SSTEM~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~2
C:\qoobox\purity\Program Files\Common Files\PPPATC~1
C:\qoobox\purity\Program Files\Common Files\SCURIT~1
C:\qoobox\purity\Program Files\Common Files\SEMBLY~1
C:\qoobox\purity\Program Files\Common Files\SKS~1
C:\qoobox\purity\Program Files\Common Files\SSTEM~1
C:\qoobox\purity\Program Files\Common Files\STEM~1
C:\qoobox\purity\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\WINDOWS\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\DOBE~1
C:\qoobox\purity\WINDOWS\MBOLS~1
C:\qoobox\purity\WINDOWS\MCROSO~1
C:\qoobox\purity\WINDOWS\PPATCH~1
C:\qoobox\purity\WINDOWS\SCURIT~1
C:\qoobox\purity\WINDOWS\SEMBLY~1
C:\qoobox\purity\WINDOWS\STEM32~1
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\YSTEM~1
C:\qoobox\purity\WINDOWS\system32\CURITY~1
C:\qoobox\purity\WINDOWS\system32\FNTS~1
C:\qoobox\purity\WINDOWS\system32\ICROSO~1
C:\qoobox\purity\WINDOWS\system32\MCROSO~1
C:\qoobox\purity\WINDOWS\system32\PPATCH~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\SMANTE~1
C:\qoobox\purity\WINDOWS\system32\SSTEM3~1
C:\qoobox\purity\WINDOWS\system32\WNSXS~1
C:\qoobox\purity\WINDOWS\system32\YSTEM3~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-19 to 2007-01-19 ))))))))))))))))))))))))))))))))))


2007-01-19 14:04 <DIR> d-------- C:\DOCUME~1\Irene\Application Data\Morpheus
2007-01-18 23:49 2 --a------ C:\WINDOWS\system32\wcpit.exe
2007-01-18 23:49 <DIR> d-------- C:\DOCUME~1\Irene\Application Data\F?nts
2007-01-18 18:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-18 18:52 <DIR> d-------- C:\Program Files\Grisoft
2007-01-18 18:25 <DIR> d-------- C:\SDFix
2007-01-12 19:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-12 18:50 <DIR> d-------- C:\Program Files\EA SPORTS
2007-01-10 21:41 <DIR> d-------- C:\WINDOWS\pss
2007-01-09 21:20 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-04 18:42 <DIR> d-------- C:\DOCUME~1\Irene\Application Data\W?nSxS
2007-01-03 14:03 <DIR> d-------- C:\DOCUME~1\Irene\Shared
2007-01-03 13:39 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-03 13:39 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-01-03 13:39 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-01-03 13:35 <DIR> d-------- C:\DOCUME~1\Irene\Incomplete
2007-01-03 13:32 <DIR> d-------- C:\DOCUME~1\Irene\.limewire
2007-01-02 15:46 <DIR> d-------- C:\Program Files\mIRC
2006-12-30 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2006-12-25 15:47 70,016 --a------ C:\WINDOWS\system32\drivers\LxrSII1d.sys
2006-12-25 15:47 53,248 --a------ C:\WINDOWS\system32\LxrSII1s.exe
2006-12-25 15:47 20,480 --a------ C:\WINDOWS\system32\LxrUnplug.exe
2006-12-25 15:47 139,264 --a------ C:\WINDOWS\system32\LxrSII1.dll
2006-12-24 14:10 <DIR> d-------- C:\Program Files\Sports Interactive
2006-12-22 22:43 <DIR> d-------- C:\DOCUME~1\Irene\Application Data\?ppPatch
2006-12-21 11:34 <DIR> d-------- C:\Program Files\Common Files\ądobe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-19 16:15 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-19 16:13 1425 --ahs---- C:\WINDOWS\system32\mmf.sys
2007-01-19 16:08 -------- d-------- C:\Program Files\mozilla firefox
2007-01-19 15:49 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll
2007-01-19 15:49 -------- d-------- C:\Program Files\diablo ii
2007-01-19 14:03 -------- d-------- C:\Program Files\morpheus
2007-01-12 19:17 -------- d-------- C:\DOCUME~1\Windows\Application Data\lavasoft
2007-01-12 18:35 -------- d-------- C:\Program Files\wireless optical mouse
2007-01-12 18:35 -------- d-------- C:\Program Files\taskswitchxp
2007-01-12 18:35 -------- d-------- C:\Program Files\quicktime
2007-01-12 18:35 -------- d-------- C:\Program Files\norton antivirus
2007-01-12 18:35 -------- d-------- C:\Program Files\multimedia keyboard utility
2007-01-12 18:35 -------- d-------- C:\Program Files\msn messenger
2007-01-12 18:35 -------- d-------- C:\Program Files\messenger
2007-01-12 18:35 -------- d-------- C:\Program Files\labtec wireless desktop
2007-01-12 18:35 -------- d-------- C:\Program Files\itunes
2007-01-12 18:35 -------- d-------- C:\Program Files\daemon tools
2007-01-09 20:58 -------- d-------- C:\Program Files\symantec
2007-01-03 12:33 -------- d-------- C:\Program Files\morpheusbar
2007-01-02 18:48 -------- d--h----- C:\Program Files\installshield installation information
2007-01-02 18:48 -------- d-------- C:\Program Files\softnyx
2006-12-25 03:52 -------- d---s---- C:\DOCUME~1\Windows\Application Data\microsoft
2006-12-14 16:26 -------- d-------- C:\DOCUME~1\Windows\Application Data\google
2006-12-10 18:13 -------- d-------- C:\Program Files\videolan
2006-12-09 17:43 62592 --a------ C:\WINDOWS\system32\drivers\moufiltr.sys
2006-12-05 21:21 -------- d-------- C:\Program Files\sony ericsson
2006-12-05 21:21 -------- d-------- C:\Program Files\Common Files\teleca shared
2006-12-04 21:41 -------- d-------- C:\DOCUME~1\Windows\Application Data\morpheus
2006-11-29 15:46 -------- d-------- C:\Program Files\ipod
2006-11-29 15:30 -------- d-------- C:\Program Files\apple software update


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TaskSwitchXP"="C:\\Program Files\\TaskSwitchXP\\TaskSwitchXP.exe"
"MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Symantec NetDriver Monitor"="\"C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe\" /Consumer"
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PHIME2002ASync"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /SYNC"
"PHIME2002A"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /IMEName"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Wireless Optical Mouse\\MOffice.exe"
"FLMK08KB"="C:\\Program Files\\Multimedia keyboard utility\\KbdAp32A.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1150317458.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-19 16:20:54




AC3File (remove only)
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Reader 7.0.8
Adobe Streamline 4.0 Tryout
Apple Software Update
ASUSDVD XP
AVG Anti-Spyware 7.5
BitComet 0.70
BitTorrent 4.24.0
Combined Community Codec Pack 2006-07-28 (Remove Only)
Diablo II
DivX
DivX Converter
DivX Player
Firefox Windows Media Player XPI
HijackThis 1.99.1
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
iTunes
J2SE Runtime Environment 5.0 Update 3
Kaspersky Online Scanner
Labtec Wireless Desktop
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Logitech Desktop Messenger
Logitech® Camera Driver
Macrogaming SweetIM 1.2a
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Office 2000 Premium
mIRC
Morpheus 5.3 (remove only)
Morpheus Toolbar
Mozilla Firefox (2.0.0.1)
Multimedia keyboard utility
Nero 6 Ultra Edition
NHL06
Norton AntiVirus 2003
Norton WMI Update
Outerinfo
Panda ActiveScan
Photo Loader 2.3E
Photohands 1.0E
QuickTime
RealPlayer
Realtek AC'97 Audio
Spybot - Search & Destroy 1.4
TaskSwitchXP
Update Service
VideoLAN VLC media player 0.8.6
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Wireless Optical Mouse



Logfile of HijackThis v1.99.1
Scan saved at 6:56:17 PM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Wireless Optical Mouse\MOffice.exe
C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Wireless Optical Mouse\MOUSE32A.EXE
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Windows\Desktop\SDFix\HijackThis.exe

O2 - BHO: (no name) - {024A9F5B-21C3-2E13-C53D-5A0790A2B8C4} - C:\WINDOWS\system32\obwk.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Wireless Optical Mouse\MOffice.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://irenepooh.spa...ad/MsnPUpld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32F014CD-371F-42DD-BCFB-BFCCAFEA970E}: NameServer = 206.47.244.110 206.47.244.61
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Also my FireFox seems to be working much better now.

#8 Juliet

Juliet

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 843 posts

Posted 20 January 2007 - 12:56 AM

Welcome back

go to Start - Control Panel - Add/Remove Programs and look for any of this program and uninstall:

Outerinfo

Reboot

Open Hijackthis and click scan only and place a check by these entries

O2 - BHO: (no name) - {024A9F5B-21C3-2E13-C53D-5A0790A2B8C4} - C:\WINDOWS\system32\obwk.dll (file missing)
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

close all windows and browsers except Hijackthis and click fix checked

Using windows explorer search for and if found please delete

C:\Program Files\Outerinfo <--folder
C:\DOCUME~1\Irene\Application Data\W?nSxS <--file
C:\DOCUME~1\Irene\Application Data\F?nts <--file
C:\Program Files\Macrogaming\SweetIM <--folder


If you have trouble finding any of those files/folders, then configure Windows Explorer to show hidden files and folders and go after them again.(Remember to Hide files and folders once done).

To enable viewing of hidden files as follows:
1) Go to My Computer, and click on the "Tools" menu
2) Click "Folder options"
3) Select the "View" tab
4) Make sure "Show hidden files and folders" is selected
5) Make sure "Hide extensions for known file types" is unchecked
6) Make sure "Hide protected operating system files (recommended)" is unchecked.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.0
  • Scroll down to where it says ""The J2SE Runtime Environment (JRE) allows end-users to run Java applications".".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    Go to Start > Control Panel double-click on the Software icon > add/remove programs.
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have this icon next to it: Posted Image
    Select it and click Remove.
  • Close any programs you may have running - especially your web browser.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.


I would like for you to run Combofix one more time to see if it can pick up any leftovers.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
In your next reply please post the DrWeb.csv the new Combofix log and a new HJT log, along with comments on how the computer is running now.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#9 NecroD2

NecroD2

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 20 January 2007 - 09:21 PM

uninstall6_90.exe;C:\Documents and Settings\Windows\Desktop;Adware.NewDotNet;Incurable.Moved.;
Process.exe;C:\Documents and Settings\Windows\Desktop\SDFix\SDFix\apps;Tool.Prockill;Incurable.Moved.;
M0PLUGIN.DLL;C:\Program Files\MorpheusBar\bar\5.bin;Adware.Msearch;Incurable.Will be moved after reboot.;
NPMORPBR.DLL;C:\Program Files\MorpheusBar\bar\5.bin;Adware.Msearch;Incurable.Moved.;
NPMorpBr.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Msearch;Incurable.Will be moved after reboot.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0006266.exe;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Trojan.Click.1237;Deleted.;
A0006267.exe;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Trojan.MulDrop.5079;Deleted.;
A0006270.EXE;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.NewDotNet;Incurable.Moved.;
A0006271.exe;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.NewDotNet;Incurable.Moved.;
A0006274.exe;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.SaveNow;Incurable.Moved.;
A0006275.exe;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Mirarbar;Incurable.Moved.;
A0006278.DLL;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006279.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006280.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006281.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006282.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006283.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006284.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006285.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006286.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006287.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006288.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006289.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006290.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Look2me;Incurable.Moved.;
A0006292.exe;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Yavak;Incurable.Moved.;
A0006295.dll;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.Mirarbar;Incurable.Moved.;
A0006296.exe;C:\System Volume Information\_restore{37918978-A45C-4F75-B22A-2725A5522A7E}\RP8;Adware.MediaMotor;Incurable.Moved.;

"Windows" - 07-01-20 22:09:21 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\Windows\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\ASKS~1
C:\qoobox\purity\Program Files\CROSOF~1
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\MANTEC~1
C:\qoobox\purity\Program Files\PPATCH~1
C:\qoobox\purity\Program Files\SKS~1
C:\qoobox\purity\Program Files\SSTEM~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~2
C:\qoobox\purity\Program Files\Common Files\PPPATC~1
C:\qoobox\purity\Program Files\Common Files\SCURIT~1
C:\qoobox\purity\Program Files\Common Files\SEMBLY~1
C:\qoobox\purity\Program Files\Common Files\SKS~1
C:\qoobox\purity\Program Files\Common Files\SSTEM~1
C:\qoobox\purity\Program Files\Common Files\STEM~1
C:\qoobox\purity\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\WINDOWS\CROSOF~1.NET
C:\qoobox\purity\WINDOWS\DOBE~1
C:\qoobox\purity\WINDOWS\MBOLS~1
C:\qoobox\purity\WINDOWS\MCROSO~1
C:\qoobox\purity\WINDOWS\PPATCH~1
C:\qoobox\purity\WINDOWS\SCURIT~1
C:\qoobox\purity\WINDOWS\SEMBLY~1
C:\qoobox\purity\WINDOWS\STEM32~1
C:\qoobox\purity\WINDOWS\WNSXS~1
C:\qoobox\purity\WINDOWS\YSTEM~1
C:\qoobox\purity\WINDOWS\system32\CURITY~1
C:\qoobox\purity\WINDOWS\system32\FNTS~1
C:\qoobox\purity\WINDOWS\system32\ICROSO~1
C:\qoobox\purity\WINDOWS\system32\MCROSO~1
C:\qoobox\purity\WINDOWS\system32\PPATCH~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\SMANTE~1
C:\qoobox\purity\WINDOWS\system32\SSTEM3~1
C:\qoobox\purity\WINDOWS\system32\WNSXS~1
C:\qoobox\purity\WINDOWS\system32\YSTEM3~1
C:\qoobox\purity\WINDOWS\system32\YSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-20 to 2007-01-20 ))))))))))))))))))))))))))))))))))


2007-01-20 17:55 <DIR> d-------- C:\DOCUME~1\Windows\DoctorWeb
2007-01-20 17:53 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-19 16:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-19 14:04 <DIR> d-------- C:\DOCUME~1\Irene\Application Data\Morpheus
2007-01-18 23:49 2 --a------ C:\WINDOWS\system32\wcpit.exe
2007-01-18 18:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-18 18:52 <DIR> d-------- C:\Program Files\Grisoft
2007-01-18 18:25 <DIR> d-------- C:\SDFix
2007-01-12 19:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-12 18:50 <DIR> d-------- C:\Program Files\EA SPORTS
2007-01-10 21:41 <DIR> d-------- C:\WINDOWS\pss
2007-01-09 21:20 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-03 14:03 <DIR> d-------- C:\DOCUME~1\Irene\Shared
2007-01-03 13:39 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-03 13:39 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-01-03 13:39 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-01-03 13:35 <DIR> d-------- C:\DOCUME~1\Irene\Incomplete
2007-01-03 13:32 <DIR> d-------- C:\DOCUME~1\Irene\.limewire
2007-01-02 15:46 <DIR> d-------- C:\Program Files\mIRC
2006-12-30 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2006-12-25 15:47 70,016 --a------ C:\WINDOWS\system32\drivers\LxrSII1d.sys
2006-12-25 15:47 53,248 --a------ C:\WINDOWS\system32\LxrSII1s.exe
2006-12-25 15:47 20,480 --a------ C:\WINDOWS\system32\LxrUnplug.exe
2006-12-25 15:47 139,264 --a------ C:\WINDOWS\system32\LxrSII1.dll
2006-12-24 14:10 <DIR> d-------- C:\Program Files\Sports Interactive
2006-12-22 22:43 <DIR> d-------- C:\DOCUME~1\Irene\Application Data\?ppPatch
2006-12-21 11:34 <DIR> d-------- C:\Program Files\Common Files\ądobe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-20 19:22 -------- d-------- C:\Program Files\diablo ii
2007-01-20 18:41 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll
2007-01-20 17:56 -------- d-------- C:\Program Files\mozilla firefox
2007-01-20 17:53 -------- d-------- C:\Program Files\java
2007-01-20 17:52 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-20 17:50 1425 --ahs---- C:\WINDOWS\system32\mmf.sys
2007-01-20 17:46 -------- d-------- C:\Program Files\macrogaming
2007-01-19 14:03 -------- d-------- C:\Program Files\morpheus
2007-01-12 19:17 -------- d-------- C:\DOCUME~1\Windows\Application Data\lavasoft
2007-01-12 18:35 -------- d-------- C:\Program Files\wireless optical mouse
2007-01-12 18:35 -------- d-------- C:\Program Files\taskswitchxp
2007-01-12 18:35 -------- d-------- C:\Program Files\quicktime
2007-01-12 18:35 -------- d-------- C:\Program Files\norton antivirus
2007-01-12 18:35 -------- d-------- C:\Program Files\multimedia keyboard utility
2007-01-12 18:35 -------- d-------- C:\Program Files\msn messenger
2007-01-12 18:35 -------- d-------- C:\Program Files\messenger
2007-01-12 18:35 -------- d-------- C:\Program Files\labtec wireless desktop
2007-01-12 18:35 -------- d-------- C:\Program Files\itunes
2007-01-12 18:35 -------- d-------- C:\Program Files\daemon tools
2007-01-09 20:58 -------- d-------- C:\Program Files\symantec
2007-01-03 12:33 -------- d-------- C:\Program Files\morpheusbar
2007-01-02 18:48 -------- d--h----- C:\Program Files\installshield installation information
2007-01-02 18:48 -------- d-------- C:\Program Files\softnyx
2006-12-25 03:52 -------- d---s---- C:\DOCUME~1\Windows\Application Data\microsoft
2006-12-14 16:26 -------- d-------- C:\DOCUME~1\Windows\Application Data\google
2006-12-10 18:13 -------- d-------- C:\Program Files\videolan
2006-12-09 17:43 62592 --a------ C:\WINDOWS\system32\drivers\moufiltr.sys
2006-12-05 21:21 -------- d-------- C:\Program Files\sony ericsson
2006-12-05 21:21 -------- d-------- C:\Program Files\Common Files\teleca shared
2006-12-04 21:41 -------- d-------- C:\DOCUME~1\Windows\Application Data\morpheus
2006-11-29 15:46 -------- d-------- C:\Program Files\ipod
2006-11-29 15:30 -------- d-------- C:\Program Files\apple software update


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TaskSwitchXP"="C:\\Program Files\\TaskSwitchXP\\TaskSwitchXP.exe"
"MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Symantec NetDriver Monitor"="\"C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe\" /Consumer"
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PHIME2002ASync"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /SYNC"
"PHIME2002A"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /IMEName"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Wireless Optical Mouse\\MOffice.exe"
"FLMK08KB"="C:\\Program Files\\Multimedia keyboard utility\\KbdAp32A.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1150317458.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-20 22:14:51
C:\ComboFix2.txt ... 07-01-19 16:20


Logfile of HijackThis v1.99.1
Scan saved at 10:20:43 PM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Wireless Optical Mouse\MOffice.exe
C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Wireless Optical Mouse\MOUSE32A.EXE
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Windows\Desktop\SDFix\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Wireless Optical Mouse\MOffice.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://irenepooh.spa...ad/MsnPUpld.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32F014CD-371F-42DD-BCFB-BFCCAFEA970E}: NameServer = 206.47.244.110 206.47.244.61
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Computer is working more smoothly than before. Loads way faster. Feels like a new computer. :o

Edited by NecroD2, 20 January 2007 - 09:26 PM.


#10 Juliet

Juliet

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 843 posts

Posted 20 January 2007 - 10:47 PM

Welcome back

Computer is working more smoothly than before. Loads way faster. Feels like a new computer.

Yes!! way to go!

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files/folders in bold (if present):

C:\SDFix <--folder
C:\Program Files\morpheus <--folder
C:\qoobox <--folder
C:\Documents and Settings\Irene\Application Data\?ppPatch <--folder -->The name starts with a "?" symbol

If you have trouble finding any of those files/folders, then configure Windows Explorer to show hidden files and folders and go after them again.(Remember to Hide files and folders once done).

To enable viewing of hidden files as follows:
1) Go to My Computer, and click on the "Tools" menu
2) Click "Folder options"
3) Select the "View" tab
4) Make sure "Show hidden files and folders" is selected
5) Make sure "Hide extensions for known file types" is unchecked
6) Make sure "Hide protected operating system files (recommended)" is unchecked.

Now we need to clean restore points.
Start->Control Panel->System, System Restore.
Check "Turn off System Restore".
Immediately reboot (all your restore points will be deleted by this).
Then Start->Control Panel->System, System Restore again.
UnCheck "Turn off System Restore" and create a new clean restore point..

You can find instructions on how to disable and reenable system restore here:
Windows XP System Restore Guide

Open Hijackthis and click scan only, place a check by these entries

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
(Description: System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel. Removing this entry will free up a small amount of system resources. )

O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre1.6.0\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
(Description: Logitech Desktop Manager. Searches for updates for Logitech software. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
(Description: Microsoft Office Startup Assistant. This program loads some Microsoft Office components into memory, even if you're not currently using MS Office. Removing this unnecessary program will free up a considerable amount of system resources. )

Close all windows and browsers except Hijackthis and click fix checked


Below I have included a number of recommendations to protect your computer in order to prevent future malware infections.

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Install and Update SpywareBlaster protects against bad ActiveX, browser hijackers, and dialers that are some of the fastest-growing threats on the Internet today.
Tutorial

IE-SPYAD puts over 5000 sites in your restricted zone so you will be protected when you visit innocent-looking sites that aren't actually innocent at all.
Tutorial

Install and Update Ad-Aware SE Personal
You should also scan your computer with this program on a regular basis just as you would an antivirus software in conjunction with Spybot.
Tutorial
Run on a regular basis

Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you will not be protected when new malicious programs are released.

Please take the time to read this article with suggestions and information on 'Safe Computing Practices.'

So how did I get infected in the first place.
Another valueable article to read Dealing with Unwanted Spyware and Parasites
Sometimes the angels fly close enough to you that you can hear the flutter of their wings
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#11 NecroD2

NecroD2

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 21 January 2007 - 12:23 AM

Thanks for all the help and tips, Juliet.

Now if you could help me with one more little thing: my USB ports.

I've gotten suggestions from people that I should uninstall and reinstall my drivers (I don't know how) and some people are telling me that my ports are just flatout burnt out, so I don't know what to do.

Is there a way to fix my problem? Can I check to see if it's a hardware related problem (IE broken, burnt, w/e)?

#12 Juliet

Juliet

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 843 posts

Posted 21 January 2007 - 07:51 AM

I'm not a whiz at hardware issues but I can give a few tips.

Right-click the My Computer icon and select Properties.
Click the Hardware tab and click on Device Manager, then Universal Serial Bus Controllers.
If you see Red or yellow exclamation points then there is a problem.

If the device displays in Device Manager, the USB port is working properly. There is a physical problem with the device or there is an issue with the device software drivers.
You can uninstall or remove a bad driver and reboot to allow windows to reinstall.

You can check the web site for the manufacturer of the computer for driver updates or for troubleshooting tech help.

If you did a PIT test, and posted the results we could see several things that would help in a diagnosis
You can run a test at PCPitStop. Please register (it's free) with PCPitStop and run the full tests http://www.pcpitstop...top/default.asp
This is an excellent diagnostics scan that may help in determining problems not related to malware. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me to review.

I also found a troubleshooting link from HP that may give some insight to the problems.

general troubleshooting tips for Universal Serial Bus (USB) devices

Edited by Juliet, 21 January 2007 - 07:54 AM.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#13 NecroD2

NecroD2

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 21 January 2007 - 09:26 AM

The reason why I don't uninstall the drivers is because I don't know which one(s) to uninstall. It lists 9 of them.

http://img.photobuck.../NecroD2/12.jpg


Also the test:

http://www.pcpitstop...UAQFW4BDEWSXSFJ

Edited by NecroD2, 21 January 2007 - 09:27 AM.


#14 Juliet

Juliet

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 843 posts

Posted 21 January 2007 - 02:10 PM

Let's talk about your Tech express test for a minute

Adjust Browser Cache Size

1.)Start Internet Explorer
2.)Select Tools | Internet Options | General
3.)Under Temporary Internet Files click the Settings button.
4.)In the box for the amount of disk space to use, enter a value between 10 and 100 megabytes.
5.)Click OK to accept the changes.


Junk files 29 MB (0%)
Data fragmentation 58%
File fragmentation 15%

You need to clean that up.

Clean out all the temporary files and cookies on your system. Go to Start > Run and enter: cleanmgr. Let it scan your system for files to remove. Check these three boxes and then press ok to remove: Temporary Files, Temporary Internet Files, Recycle Bin.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Then use "Start > Run" and type in "%temp%" (without the quotes). Delete the entire contents of that "temp" folder (use "Edit > Select All", press "Delete", click "Yes").

Then, Empty your Temporary Internet Cache completely. Close all instances of Outlook and and Internet Explorer, then use "Control Panel > Internet Options > General tab" and click the "Delete File" button. When prompted place a check in: "Delete all offline content", then click OK.

And my goodness Defrag!

go to start
run
type in
sfc /scannow
Note you may be asked for your Windows XP CD if errors are found.

Double-click My Computer, and then right-click the hard disk that you want to check
Click Properties, and then click Tools.
Under Error-checking, click Check Now.
A dialog box that shows the Check disk options is displayed
Check both boxes

If one or more of the files on the hard disk are open, you will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, and then restart your computer to start the disk check.

do not disturb this.

This will take an hour or so before it gets to the desktop

I found a Microsoft link that may help...

USB port may stop working after removing or inserting USB device

Also have you checked the manufacturer of your computer web site for any updates that may apply?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#15 NecroD2

NecroD2

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 22 January 2007 - 11:51 PM

I have checked my manufacturer and looked around. But the problem for them seems to be that the computer cannot recognize the USB drivers, whereas for me my whole computer just freezes when they get plugged in.

#16 Juliet

Juliet

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 843 posts

Posted 23 January 2007 - 09:46 AM

Welcome back
I tried to check Microsoft links and I did find one for you to read.

General USB troubleshooting in Windows XP

Check the information here and see if any of this apply's.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#17 NecroD2

NecroD2

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 25 January 2007 - 04:35 PM

Thank you the issue is resolved

#18 Juliet

Juliet

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 843 posts

Posted 27 January 2007 - 11:20 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button