Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

Problems getting rid of Trojan Horse

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 14th February 2008   #1
Member
 
Profile:
Join Date: Feb 2008
Posts: 17
Computer Experience:
Intermediate
BruceH Reputation Level
Problems getting rid of Trojan Horse
Hello,

I have been battling with an apparently Trojan Horse and since I have done everything I can think of and am still having problems, I am hoping someone here can help me. Thanks!

As background I should note that I completely rebuilt the hardware side of my computer earlier this week (retaining the hard drives) to recover from a Motherboard failure. So far I have not reinstalled the OS and software so I am running on the pre-rebuild hard drive image. I am trying very hard to avoid reinstalling all the OS and software because it generally takes me about 2 solid days of work to get everything reinstalled and working properly because of all the software I use and all the customizations I have made to various settings.

The specific symptoms of the problem are occasional pop-up windows that open in IE when I am not even running IE at all. The windows contain various sorts of advertising. The windows seem to point back to a company called Outerinfo, which actually has information on their website about uninstalling their software, but I am very hesitant to download and run something from a company when anti-virus software seems to have labeled as trojan horses, the software produced by this company.

When this problem first started a couple of days ago I noticed a running process called arpa.exe listed in Windows Task Manager as a running process.

So, here is what I have done. I started by downloading the latest Virus definitions for Norton Antivirus and I then ran a full system scan. Below is the log of recent threat alerts (it is much more readable copied and pasted into Notepad):

Category: Threat alerts
Date,Feature,Threat Name,Action Taken,Item Type,Target,Suspicious Action,Virus Definition Version,Product Version,User Name,Computer Name,Details
2/14/2008 2:58:03 PM,Script Blocking,Suspicious script,Access allowed,Script,N/A,FileSystem Object : GetFolder,Unknown,Unknown,Bruce Hooke,BGHOOKE,Source: C:\DOCUME~1\BRUCEH~1\LOCALS~1\Temp\~qgwhlhp.tmp\lnkread.vbs
2/14/2008 2:35:01 PM,Script Blocking,Suspicious script,Access allowed,Script,N/A,Windows Script Host Shell Object : CreateShortcut,Unknown,Unknown,Bruce Hooke,BGHOOKE,Source: C:\DOCUME~1\BRUCEH~1\LOCALS~1\Temp\~mdcbqvl.tmp\lnkread.vbs
2/14/2008 2:34:47 PM,Script Blocking,Suspicious script,Activity allowed once,Script,N/A,FileSystem Object : GetFolder,Unknown,Unknown,Bruce Hooke,BGHOOKE,Source: C:\DOCUME~1\BRUCEH~1\LOCALS~1\Temp\~mdcbqvl.tmp\lnkread.vbs
2/14/2008 2:10:29 AM,Virus scanner,Adware.Purityscan,Manually deleted,File,N/A,N/A,200802130023,10.0.29.4,Bruce Hooke,BGHOOKE,",Threat category: AdwareSource: C:\WINDOWS\adobe\arpa.exe,Description: The file C:\WINDOWS\adobe\arpa.exe is a Adware threat."
2/14/2008 2:10:29 AM,Virus scanner,Adware.Purityscan,Manually deleted,File,N/A,N/A,200802130023,10.0.29.4,Bruce Hooke,BGHOOKE,",Threat category: AdwareSource: C:\Documents and Settings\Bruce Hooke\Local Settings\Temporary Internet Files\Content.IE5\7EDNZ038\!update-4495[1].0000,Description: The file C:\Documents and Settings\Bruce Hooke\Local Settings\Temporary Internet Files\Content.IE5\7EDNZ038\!update-4495[1].0000 is a Adware threat."
2/14/2008 2:10:29 AM,Virus scanner,Adware.Purityscan,Manually deleted,File,N/A,N/A,200802130023,10.0.29.4,Bruce Hooke,BGHOOKE,",Threat category: AdwareSource: C:\Documents and Settings\Bruce Hooke\Local Settings\Temp\!update.exe,Description: The file C:\Documents and Settings\Bruce Hooke\Local Settings\Temp\!update.exe is a Adware threat."
2/13/2008 6:09:35 PM,Auto-Protect,Backdoor.Trojan,Automatically deleted,File,N/A,N/A,200802130023,10.0.29.4,Bruce Hooke,BGHOOKE,Source: C:\WINDOWS\mrofinu572.exe
2/12/2008 7:17:54 PM,Virus scanner,Adware.Purityscan,Delete failed,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,",Threat category: AdwareSource: C:\WINDOWS\adobe\arpa.exe,Description: The file C:\WINDOWS\adobe\arpa.exe is a Adware threat."
2/12/2008 7:17:54 PM,Virus scanner,Adware.Purityscan,Manually deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,",Threat category: AdwareSource: C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe,Description: The file C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe is a Adware threat."
2/12/2008 7:17:54 PM,Virus scanner,Adware.Purityscan,Manually deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,",Threat category: AdwareSource: C:\Program Files\Common Files\Yazzle1281OinAdmin.exe,Description: The file C:\Program Files\Common Files\Yazzle1281OinAdmin.exe is a Adware threat."
2/12/2008 7:17:54 PM,Virus scanner,Adware.Purityscan,Manually deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,",Threat category: AdwareSource: C:\Documents and Settings\Bruce Hooke\Local Settings\Temp\yazzsnet.exe,Description: The file C:\Documents and Settings\Bruce Hooke\Local Settings\Temp\yazzsnet.exe is a Adware threat."
2/12/2008 7:17:54 PM,Virus scanner,Adware.Purityscan,Manually deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,",Threat category: AdwareSource: C:\Documents and Settings\Bruce Hooke\Local Settings\Temp\mshtml3.exe,Description: The file C:\Documents and Settings\Bruce Hooke\Local Settings\Temp\mshtml3.exe is a Adware threat."
2/12/2008 7:17:54 PM,Virus scanner,Adware.Purityscan,Manually deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,",Threat category: AdwareSource: C:\Documents and Settings\Bruce Hooke\Local Settings\Temp\mshtml2.exe,Description: The file C:\Documents and Settings\Bruce Hooke\Local Settings\Temp\mshtml2.exe is a Adware threat."
2/12/2008 5:33:17 PM,Auto-Protect,Downloader,Automatically deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,Source: C:\WINDOWS\system32\opnklkk.dll
2/12/2008 5:33:17 PM,Auto-Protect,Downloader,Automatically deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,Source: C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
2/12/2008 5:33:15 PM,Auto-Protect,Downloader.MisleadApp,Access denied,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,"Source: UGA6P_0001_N122M0611NetInstaller.exe,Description: C:\Documents and Settings\Bruce Hooke\Local Settings\Temporary Internet Files\Content.IE5\TG9T43B9\install_en[1].cab"
2/12/2008 5:32:49 PM,Auto-Protect,Downloader.MisleadApp,Automatically deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,Source: C:\DOCUME~1\BRUCEH~1\LOCALS~1\Temp\winvsnet.exe
2/12/2008 5:32:49 PM,Auto-Protect,Downloader.MisleadApp,Automatically deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,Source: C:\Documents and Settings\Bruce Hooke\Local Settings\Temporary Internet Files\Content.IE5\O7VJ58U3\winvsnet[1].exe
2/12/2008 5:30:02 PM,Auto-Protect,Trojan.Adclicker,Automatically deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,Source: C:\Program Files\Outerinfo\FF\components\FF.dll
2/12/2008 5:30:01 PM,Auto-Protect,Trojan.Adclicker,Automatically deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,Source: C:\DOCUME~1\BRUCEH~1\LOCALS~1\Temp\NDrv.dll
2/12/2008 5:29:49 PM,Auto-Protect,Downloader,Automatically deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,Source: C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
2/12/2008 5:29:49 PM,Auto-Protect,Downloader,Automatically deleted,File,N/A,N/A,200802060004,10.0.29.4,Bruce Hooke,BGHOOKE,Source: C:\WINDOWS\system32\khfddax.dll
1/19/2008 12:30:34 AM,Virus scanner,Trojan.ByteVerify,Automatically deleted,File,N/A,N/A,200801160038,10.0.29.4,Bruce Hooke,BGHOOKE,",Threat category: VirusSource: Dummy.class,Description: The compressed file Dummy.class within C:\Documents and Settings\Bruce Hooke\.jpi_cache\jar\1.0\count3.jar-74cab99d-2604479b.zip is infected with the Trojan.ByteVerify virus."



When the problem came right back I then tried downloading the latest updates for Spybot S&D and ran it. I can't find a log file, but as I recall, it found pretty much the same 3 files as Norton (plus various tracking cookies) and deleted or quarantined them. What Spybot did help me do is create a blacklist item that stops arpa.exe from being added to the startup list, but that has not stopped the larger problems.

So, I then decided to try AVG. Here is what AVG has in its log (I can only extract it as an XML file, which makes it a bit hard to read):
<rec time="2008/02/14 10:56:52" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">alertmgr:496-482;avgcc:506-487;avgui:507-482;avgvv:497-458;avgw:506-486;core:498-488;corent:498-488;email:512-480;fshmfx86:510-473;kernel:510-480;lng:496-487;lngus:508-487;update:516-486;</attr>
</rec>
<rec time="2008/02/14 10:58:32" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1265-1138;banner:489-100;iavi:1288-1025;</attr>
</rec>
<rec time="2008/02/14 10:58:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">helpsmus:501-482;setup:510-486;</attr>
</rec>
<rec time="2008/02/14 10:59:24" user="Bruce Hooke" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2008/02/14 11:09:22" user="Bruce Hooke" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Bruce Hooke\Local Settings\Temp\!update.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Generic6.AEPH</attr>
</rec>
<rec time="2008/02/14 11:10:19" user="Bruce Hooke" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Documents and Settings\Bruce Hooke\Local Settings\Temporary Internet Files\Content.IE5\14YGS8CR\!update-4495[1].0000</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Generic6.AEPH</attr>
</rec>
<rec time="2008/02/14 11:27:56" user="Bruce Hooke" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\HP CP1700PS RIP\AdobePS\WritePrinter.exe</attr>
<attr name="type">@EID_Fi_vir</attr>
<attr name="what">Win32/Small</attr>
</rec>
<rec time="2008/02/14 11:27:56" user="Bruce Hooke" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\HP CP1700PS RIP\AdobePS\Install\Required\Registry\ReadPrinter.exe</attr>
<attr name="type">@EID_Fi_vir</attr>
<attr name="what">Win32/Small</attr>
</rec>
<rec time="2008/02/14 11:27:56" user="Bruce Hooke" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\HP CP1700PS RIP\AdobePS\Install\Required\Registry\WritePrinter.exe</attr>
<attr name="type">@EID_Fi_vir</attr>
<attr name="what">Win32/Small</attr>
</rec>
<rec time="2008/02/14 12:02:02" user="Bruce Hooke" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\WINDOWS\?dobe\arpa.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Generic6.AEPH</attr>
</rec>
<rec time="2008/02/14 13:05:45" user="Bruce Hooke" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Program Files\HP CP1700PS RIP\AdobePS\WritePrinter.exe</attr>
<attr name="finding">@EID_Fi_vir</attr>
<attr name="virusname">Win32/Small</attr>
</rec>
<rec time="2008/02/14 13:06:14" user="Bruce Hooke" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\HP CP1700PS RIP\AdobePS\WritePrinter.exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec time="2008/02/14 13:06:42" user="Bruce Hooke" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Program Files\HP CP1700PS RIP\AdobePS\Install\Required\Registry\ReadPrinter.exe</attr>
<attr name="finding">@EID_Fi_vir</attr>
<attr name="virusname">Win32/Small</attr>
</rec>
<rec time="2008/02/14 13:06:42" user="Bruce Hooke" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Program Files\HP CP1700PS RIP\AdobePS\Install\Required\Registry\WritePrinter.exe</attr>
<attr name="finding">@EID_Fi_vir</attr>
<attr name="virusname">Win32/Small</attr>
</rec>
<rec time="2008/02/14 13:06:51" user="Bruce Hooke" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\HP CP1700PS RIP\AdobePS\Install\Required\Registry\ReadPrinter.exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec time="2008/02/14 13:06:56" user="Bruce Hooke" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\HP CP1700PS RIP\AdobePS\Install\Required\Registry\WritePrinter.exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec time="2008/02/14 13:08:27" user="Bruce Hooke" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">6</attr>
</rec>
<rec time="2008/02/14 13:08:28" user="Bruce Hooke" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Bruce Hooke\Local Settings\Temp\!update.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/14 13:08:28" user="Bruce Hooke" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Documents and Settings\Bruce Hooke\Local Settings\Temporary Internet Files\Content.IE5\14YGS8CR\!update-4495[1].0000</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/14 13:08:28" user="Bruce Hooke" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\HP CP1700PS RIP\AdobePS\WritePrinter.exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec time="2008/02/14 13:08:28" user="Bruce Hooke" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\HP CP1700PS RIP\AdobePS\Install\Required\Registry\ReadPrinter.exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec time="2008/02/14 13:08:28" user="Bruce Hooke" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\HP CP1700PS RIP\AdobePS\Install\Required\Registry\WritePrinter.exe</attr>
<attr name="action">@HL_ActVVInserted</attr>
</rec>
<rec time="2008/02/14 13:08:28" user="Bruce Hooke" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\?dobe\arpa.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2008/02/14 14:50:16" user="Bruce Hooke" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\DOCUME~1\BRUCEH~1\LOCALS~1\Temp\!update.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic6.AEPH</attr>
</rec>
<rec time="2008/02/14 15:01:31" user="Bruce Hooke" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\DOCUME~1\BRUCEH~1\LOCALS~1\Temp\!update.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Generic6.AEPH</attr>
</rec>
</history>

I suspect the three files in C:\Program Files\HP CP1700PS RIP\AdobePS\ are not in fact a problem, but for now I have allowed AVG to quarantine these files.

At this point I have tried running Norton, Spybot and AVG multiple times. I have also poked around in the registry and after backing it up I tried getting rid of some keys that were clearly tied to arpa.exe. Lately, when the pop-up advertising windows appear they have been empty, but I don't know if that is becase of anything I have done or just something random.

I'm getting a message that this post is too long, so I'll post this much here and then try to add the rest as a follow-up...
BruceH is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 15th February 2008   #2
Member
 
Profile:
Join Date: Feb 2008
Posts: 17
Computer Experience:
Intermediate
BruceH Reputation Level
Part II
Finally, here is the log file from Deckard's System Scanner:

Deckard's System Scanner v20071014.68
Run by Bruce Hooke on 2008-02-14 14:57:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Bruce Hooke.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:32 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\?ppPatch\?vchost.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Bruce Hooke\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\BRUCEH~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.att.net/ie4/search/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\BRUCE HOOKE\Application Data\Mozilla\Profiles\default\090g5d31.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01 .src"); (C:\Documents and Settings\BRUCE HOOKE\Application Data\Mozilla\Profiles\default\090g5d31.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Mso] C:\WINDOWS\?ppPatch\?vchost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP CP1700PS.lnk = C:\Program Files\HP CP1700PS RIP\Program\App2.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: Shortcut to NotesTemp.txt.lnk = E:\Active\General\NotesTemp.txt
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125792472031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183087838968
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.wherethebloodyhellareyou....vivid_ocx.jpeg
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Ntlmdecsdpp - Symantec Corporation - (no file)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12849 bytes

-- Files created between 2008-01-14 and 2008-02-14 -----------------------------

2008-02-14 14:07:21 0 d-------- C:\Program Files\Trend Micro
2008-02-14 13:06:14 0 dr-h----- C:\$VAULT$.AVG
2008-02-14 10:55:43 0 d-------- C:\Documents and Settings\Bruce Hooke\Application Data\AVG7
2008-02-14 10:55:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-14 10:55:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-14 10:55:29 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-13 23:00:09 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-13 23:00:09 3450 --a------ C:\WINDOWS\unins000.dat
2008-02-12 21:28:20 87325424 --a------ C:\Registry 2-12-2008 (2).reg
2008-02-12 19:32:15 87604596 --a------ C:\Registry 2-12-2008.reg
2008-02-12 18:37:36 0 d-------- C:\WINDOWS\pss
2008-02-12 17:30:02 0 d-------- C:\WINDOWS\?ppPatch
2008-02-12 17:30:02 0 d-------- C:\Program Files\Outerinfo
2008-02-12 17:29:50 0 d-------- C:\WINDOWS\?dobe
2008-02-12 17:29:49 0 d-------- C:\WINDOWS\system32\nGpxx01
2008-02-12 12:03:26 414208 -ra------ C:\WINDOWS\system32\ftdiunin.exe <Not Verified; FTDI Ltd.; FTDI Uninstall Program>
2008-02-12 12:03:26 24177 -ra------ C:\WINDOWS\system32\drivers\ftdibus.sys <Not Verified; FTDI Ltd.; FT8U232AX>
2008-02-12 11:37:57 76416 -ra------ C:\WINDOWS\system32\drivers\NmPar.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-02-12 11:37:56 39424 -ra------ C:\WINDOWS\system32\pnpports.dll <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-02-12 11:37:56 184320 -ra------ C:\WINDOWS\system32\NmUninst.exe <Not Verified; ; NmUninst Application>
2008-02-12 11:37:56 6656 -ra------ C:\WINDOWS\system32\NmCoInst.dll
2008-02-12 11:37:56 62080 -ra------ C:\WINDOWS\system32\drivers\NmSerial.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-02-12 10:34:14 143360 -r------- C:\WINDOWS\system32\xRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-02-12 10:34:13 1953792 -r------- C:\WINDOWS\system32\xRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2008-02-12 10:34:13 0 d-------- C:\RaidTool
2008-02-12 10:34:05 0 d-------- C:\WINDOWS\RaidTool
2008-02-12 10:21:54 0 d-------- C:\WINDOWS\ASUSInstAll
2008-02-12 10:16:36 0 d-------- C:\WINDOWS\system32\drivers\system32
2008-02-12 10:16:36 0 d-------- C:\WINDOWS\system32\drivers\INF
2008-02-12 10:16:06 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-02-12 10:16:05 0 d-------- C:\Program Files\Intel
2008-02-12 10:16:01 0 d-------- C:\Intel
2008-02-12 01:40:15 53248 -----n--- C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2008-02-12 01:40:14 1285632 -----n--- C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2008-02-12 01:40:11 49152 -----n--- C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-02-12 01:40:11 45056 -----n--- C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-02-12 01:40:11 0 d-------- C:\Program Files\Analog Devices
2008-02-12 00:45:06 0 d-------- C:\Program Files\Marvell
2008-02-11 23:22:42 0 d-------- C:\usr
2008-02-11 23:15:05 0 d-------- C:\Documents and Settings\Bruce Hooke\Application Data\ATI
2008-02-11 23:15:05 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-02-11 23:13:16 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-11 23:08:37 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-02-11 23:08:25 0 d-------- C:\Program Files\ATI Technologies
2008-02-11 23:06:52 0 d-------- C:\ATI
2008-01-24 18:12:38 0 d-------- C:\Program Files\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-02-14 14:49:49 0 d-------- C:\Program Files\Common Files
2008-02-14 10:32:49 0 d-------- C:\Program Files\Opera
2008-02-12 21:43:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-12 20:06:13 0 d-------- C:\Documents and Settings\Bruce Hooke\Application Data\Adobe
2008-02-03 12:02:40 0 d-------- C:\Program Files\Google
2008-02-01 01:09:50 0 d-------- C:\Program Files\AutoCAD LT 98
2008-01-25 18:59:22 0 d-------- C:\Program Files\Norton SystemWorks
2008-01-21 01:32:30 0 --a------ C:\WINDOWS\Capture
2008-01-21 01:32:21 0 d-------- C:\Program Files\PhoneTools
2007-12-21 13:14:53 0 d-------- C:\Program Files\MapWindow


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [03/31/2003 07:00 AM]
"TCASUTIEXE"="TCAUDIAG.exe" [02/12/2003 04:55 AM C:\WINDOWS\system32\TCAUDIAG.EXE]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [09/04/2005 10:39 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/09/2006 10:47 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [09/04/2005 11:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 03:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 03:50 PM]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [10/13/2003 03:24 PM]
"Matrox PowerDesk 8"="C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" [07/05/2005 10:12 AM]
"3c1807pd"="" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 03:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/13/2006 10:58 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/12/2005 02:01 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [03/20/2007 01:36 AM]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [03/21/2007 03:23 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 08:34 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 07:12 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/14/2008 10:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 03:45 PM]
"Mso"="C:\WINDOWS\?ppPatch\?vchost.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\Bruce Hooke\Start Menu\Programs\Startup\
Billminder.lnk - C:\Program Files\QUICKENW\billmind.exe [9/5/2005 11:55:36 AM]
Norton System Doctor.LNK - C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE [11/24/2003 11:44:54 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [10/23/2003 11:37:56 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/4/2005 10:34:04 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
HP CP1700PS.lnk - C:\Program Files\HP CP1700PS RIP\Program\App2.exe [9/5/2005 12:08:14 PM]
Instant Update Reminder.lnk - C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe [3/14/2003 4:45:58 PM]
Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2/2/2005 9:59:10 AM]
ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2/2/2005 9:58:36 AM]
Shortcut to NotesTemp.txt.lnk - E:\Active\General\NotesTemp.txt [11/28/2007 10:27:42 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5 B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-02-14 14:58:04 ------------

Many thanks for any help you can provide!

- Bruce
BruceH is offline   Reply With Quote
Old 16th February 2008   #3
SuperGeek
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,523
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Welcome to WindowsBBS Bruce.

Thanks for the detailed info. Let's start getting you cleaned up now. Download ComboFix by sUBs from here, saving the file to your desktop.

It's best disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
noahdfear is offline   Reply With Quote
Old 16th February 2008   #4
Member
 
Profile:
Join Date: Feb 2008
Posts: 17
Computer Experience:
Intermediate
BruceH Reputation Level
Results
Thanks noahdfear!

Here are the results:

First the log file from ComboFix:

ComboFix 08-02-16.2 - Bruce Hooke 2008-02-16 10:20:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1366 [GMT -5:00]
Running from: C:\Documents and Settings\Bruce Hooke\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Bruce Hooke\g2mdlhlpx.exe
C:\Program Files\outerinfo
C:\Temp\isgTi19
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~1\?dobe\
C:\WINDOWS\dobe~1\arpa.exe
C:\WINDOWS\pppatc~1
C:\WINDOWS\pppatc~1\?vchost.exe
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\pac.txt

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.cõj
.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-15 00:11 . 2008-02-15 00:11 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-02-14 14:30 . 2008-02-14 14:30 <DIR> d-------- C:\Deckard
2008-02-14 14:07 . 2008-02-14 14:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 10:55 . 2008-02-14 10:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-14 10:55 . 2008-02-16 08:00 <DIR> d-------- C:\Documents and Settings\Bruce Hooke\Application Data\AVG7
2008-02-14 10:55 . 2008-02-14 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-14 10:55 . 2008-02-14 10:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-13 23:00 . 2008-02-13 22:34 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-13 23:00 . 2008-02-13 23:00 3,450 --a------ C:\WINDOWS\unins000.dat
2008-02-12 21:28 . 2008-02-12 21:28 87,325,424 --a------ C:\Registry 2-12-2008 (2).reg
2008-02-12 20:38 . 1995-09-16 00:30 27,136 --a------ C:\WINDOWS\Ctl3d32.dll
2008-02-12 19:32 . 2008-02-12 19:32 87,604,596 --a------ C:\Registry 2-12-2008.reg
2008-02-12 12:03 . 2003-04-10 01:00 414,208 -ra------ C:\WINDOWS\system32\ftdiunin.exe
2008-02-12 12:03 . 2004-02-04 01:19 24,177 -ra------ C:\WINDOWS\system32\drivers\ftdibus.sys
2008-02-12 12:03 . 2003-04-10 01:00 92 -ra------ C:\WINDOWS\system32\ftdiun2k.ini
2008-02-12 11:37 . 2007-04-18 03:27 184,320 -ra------ C:\WINDOWS\system32\NmUninst.exe
2008-02-12 11:37 . 2006-10-10 22:12 76,416 -ra------ C:\WINDOWS\system32\drivers\NmPar.sys
2008-02-12 11:37 . 2007-04-18 03:15 62,080 -ra------ C:\WINDOWS\system32\drivers\NmSerial.sys
2008-02-12 11:37 . 2006-10-10 22:22 39,424 -ra------ C:\WINDOWS\system32\pnpports.dll
2008-02-12 11:37 . 2006-12-11 23:12 6,656 -ra------ C:\WINDOWS\system32\NmCoInst.dll
2008-02-12 11:34 . 2001-08-17 13:51 6,656 --a------ C:\WINDOWS\system32\drivers\cmdide.sys
2008-02-12 11:34 . 2001-08-17 13:51 6,656 --a--c--- C:\WINDOWS\system32\dllcache\cmdide.sys
2008-02-12 10:34 . 2008-02-12 10:34 <DIR> d-------- C:\WINDOWS\RaidTool
2008-02-12 10:34 . 2008-02-12 10:34 <DIR> d-------- C:\RaidTool
2008-02-12 10:34 . 2007-03-21 03:23 1,953,792 -r------- C:\WINDOWS\system32\xRaidSetup.exe
2008-02-12 10:34 . 2007-03-20 08:15 143,360 -r------- C:\WINDOWS\system32\xRaidAPI.dll
2008-02-12 10:34 . 2007-03-23 22:20 46,208 -ra------ C:\WINDOWS\system32\drivers\jraid.sys
2008-02-12 10:34 . 2006-02-07 06:52 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys
2008-02-12 10:21 . 2008-02-12 10:21 <DIR> d-------- C:\WINDOWS\ASUSInstAll
2008-02-12 10:16 . 2008-02-12 10:16 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-12 10:16 . 2008-02-12 10:16 <DIR> d-------- C:\WINDOWS\system32\drivers\system32
2008-02-12 10:16 . 2008-02-12 10:16 <DIR> d-------- C:\WINDOWS\system32\drivers\INF
2008-02-12 10:16 . 2008-02-12 10:16 <DIR> d-------- C:\Program Files\Intel
2008-02-12 10:16 . 2008-02-12 10:16 <DIR> d-------- C:\Intel
2008-02-12 10:15 . 2008-02-12 01:41 19,748 --a------ C:\WINDOWS\Ascd_log.ini
2008-02-12 10:09 . 2004-08-12 21:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-02-12 09:59 . 2006-06-16 02:30 176,128 -ra------ C:\WINDOWS\system32\drivers\RTL8187.sys
2008-02-12 09:59 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-12 09:59 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-12 09:57 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-12 09:57 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-02-12 01:40 . 2008-02-12 01:40 <DIR> d-------- C:\Program Files\Analog Devices
2008-02-12 01:40 . 2001-09-11 14:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2008-02-12 01:40 . 2001-09-18 23:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2008-02-12 01:40 . 2006-03-17 04:18 392,960 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-02-12 01:40 . 2007-01-15 20:09 293,888 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-02-12 01:40 . 2006-08-06 17:57 93,952 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-02-12 01:40 . 2005-05-04 08:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
2008-02-12 01:40 . 2006-07-10 14:42 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
2008-02-12 01:40 . 2002-04-17 14:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2008-02-12 01:40 . 2006-06-30 02:00 28,160 -ra------ C:\WINDOWS\system32\PostProc.dll
2008-02-12 01:31 . 2008-02-12 01:37 19,344 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-02-12 00:45 . 2008-02-12 00:45 <DIR> d-------- C:\Program Files\Marvell
2008-02-11 23:22 . 2008-02-11 23:22 <DIR> d-------- C:\usr
2008-02-11 23:15 . 2008-02-11 23:15 <DIR> d-------- C:\Documents and Settings\Bruce Hooke\Application Data\ATI
2008-02-11 23:15 . 2008-02-11 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-02-11 23:13 . 2008-02-11 23:13 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-11 23:08 . 2008-02-11 23:09 <DIR> d-------- C:\Program Files\ATI Technologies
2008-02-11 23:08 . 2007-12-20 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-01-24 18:12 . 2008-01-24 18:12 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 00:21 --------- d-----w C:\Program Files\Norton SystemWorks
2008-02-14 15:45 44,288 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-14 15:32 --------- d-----w C:\Program Files\Opera
2008-02-14 04:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-14 04:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 02:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 17:02 --------- d-----w C:\Program Files\Google
2008-02-01 06:09 --------- d-----w C:\Program Files\AutoCAD LT 98
2008-01-21 06:32 --------- d-----w C:\Program Files\PhoneTools
2007-12-21 18:14 --------- d-----w C:\Program Files\MapWindow
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-12-03 15:45 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2005-09-04 17:06 1,129 ------w C:\Program Files\mdac.log
2003-04-17 08:16 447,616 ------w C:\WINDOWS\inf\EL2K_N64.sys
2003-04-17 08:15 147,328 ------w C:\WINDOWS\inf\EL2K_XP.sys
2003-04-17 08:15 147,200 ------w C:\WINDOWS\inf\EL2K_2K.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"Mso"="C:\WINDOWS\?ppPatch\?vchost.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2003-03-31 07:00 77891]
"TCASUTIEXE"="TCAUDIAG.exe" [2003-02-12 04:55 1334784 C:\WINDOWS\system32\TCAUDIAG.EXE]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2005-09-04 10:39 684032]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 10:47 71328]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-09-04 11:20 100056]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50 81920]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 15:24 1732608]
"Matrox PowerDesk 8"="C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" [2005-07-05 10:12 102400]
"3c1807pd"="" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-13 22:58 282624]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 02:01 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 01:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 03:23 1953792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 08:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-14 10:56 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-14 10:56 219136]

C:\Documents and Settings\Bruce Hooke\Start Menu\Programs\Startup\
Billminder.lnk - C:\Program Files\QUICKENW\billmind.exe [2005-09-05 11:55:36 33280]
Norton System Doctor.LNK - C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE [2003-11-24 11:44:54 57344]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 23:37:56 217194]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-04 22:34:04 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
HP CP1700PS.lnk - C:\Program Files\HP CP1700PS RIP\Program\App2.exe [2005-09-05 12:08:14 2686976]
Instant Update Reminder.lnk - C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe [2003-03-14 16:45:58 851968]
Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2005-02-02 09:59:10 536576]
ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2005-02-02 09:58:36 782336]
Shortcut to NotesTemp.txt.lnk - E:\Active\General\NotesTemp.txt [2007-11-28 10:27:42 4134]

R1 NmPar;MosChip PCI Parallel Port;C:\WINDOWS\system32\DRIVERS\NmPar.sys [2006-10-10 22:12]
R2 Par1284;Par1284;C:\Program Files\HP CP1700PS RIP\Program\Par1284.sys [2001-12-19 10:42]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-06 13:08]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 06:22]
R3 eyeonedp;eye-one display;C:\WINDOWS\system32\DRIVERS\eyeonedp.sys [2004-02-11 14:21]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2003-11-24 11:40]
R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 08:28]
S3 3c1807pd;U.S. Robotics V.92 Fax Win Int;C:\WINDOWS\system32\DRIVERS\3c1807pd.sys []
S3 MgaFG;MgaFG;C:\WINDOWS\system32\drivers\MgaFG.sys [2005-09-05 09:17]
S3 MTXPARH;MTXPARH;C:\WINDOWS\system32\DRIVERS\MTXPARHM.sys [2005-07-05 11:32]
S3 ONSIO;ONSIO;C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 02:30]
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 12:53]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2003-11-24 11:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-16 03:08:20 C:\WINDOWS\Tasks\CD_Backup_Differential.job"
- C:\Program Files\StompSoft\Backup MyPC 6\System\sbestart.exe
"2008-02-16 12:15:35 C:\WINDOWS\Tasks\Full_Backup_C&D_Drives.job"
- C:\Program Files\StompSoft\Backup MyPC 6\System\sbestart.exe
"2008-02-16 06:03:41 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Bruce Hooke.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-01-25 23:59:22 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-02-16 05:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"
- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe
"2008-02-16 15:24:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 10:23:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-16 10:24:10
ComboFix-quarantined-files.txt 2008-02-16 15:24:03
.
2008-02-15 16:09:18 --- E O F ---



=====================================
Then the log file from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:20 AM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\BRUCE HOOKE\Application Data\Mozilla\Profiles\default\090g5d31.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01 .src"); (C:\Documents and Settings\BRUCE HOOKE\Application Data\Mozilla\Profiles\default\090g5d31.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Mso] C:\WINDOWS\?ppPatch\?vchost.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP CP1700PS.lnk = C:\Program Files\HP CP1700PS RIP\Program\App2.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: Shortcut to NotesTemp.txt.lnk = E:\Active\General\NotesTemp.txt
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125792472031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183087838968
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.wherethebloodyhellareyou....vivid_ocx.jpeg
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Ntlmdecsdpp - Symantec Corporation - (no file)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12511 bytes

Thanks!
BruceH is offline   Reply With Quote
Old 16th February 2008   #5
SuperGeek
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,523
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Hi Bruce,

Please go here and upload the following files.

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat


Copy the following link and paste it in the Link to Topic field, then add a comment that I requested the files be submitted.

http://www.windowsbbs.com/showpost.php?p=385273&postcount=4


You have both Norton and AVG antivirus apps installed and active. That's a no-no. They can conflict with each other and become ineffective, as well as cause problems with overall system performance. I recommend you uninstall one of them.

Download and install AVG Anti-Spyware (AVG-AS)
  • When installation completes, start AVG-AS then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner tab at the top.
  • Click the "Settings" tab and change the recommended action to Quarantine.
  • Select Do Not Automatically Generate a Report after Every Scan.
  • Go back to the "Scan" tab and click "Complete System Scan". This scan can take quite a while to run, so sit back and wait.
  • AVG-AS will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action.
  • Click the Apply all actions button. AVG-AS will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". Save the report where you know you can find it again (like on the Desktop) and take note of the name.
  • Close AVG-AS and reboot.

Please post the contents of a new dsss log and the AVG-AS report.
noahdfear is offline   Reply With Quote
Old 16th February 2008   #6
Member
 
Profile:
Join Date: Feb 2008
Posts: 17
Computer Experience:
Intermediate
BruceH Reputation Level
Results
Hi noahdfear,

Thanks. I uploaded the two files, per your instructions.

I also uninstalled AVG Anti-Virus.

I then installed and ran AVG Anti-Spyware.

Below is the log from AVG Anti-Spyware. NOTE: The log from AVG ran to almost 55,000 lines, which meant my post was WAY too long to be posted to the forum. I have posted the first few hundred lines. If you need me to post more or post a particular section of the log, just let me know.

After the AVG log is the log from a dss scan, run after a reboot.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:48:33 PM 2/16/2008

+ Scan result:



C:\QooBox\Quarantine\C\WINDOWS\DOBE~1\arpa.exe.vir -> Downloader.PurityScan.fk : Cleaned.
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP3\A0000766.exe -> Downloader.PurityScan.fk : Cleaned.
:mozilla.105:C:\RECYCLER\NPROTECT\00129290.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.106:C:\RECYCLER\NPROTECT\00129290.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.107:C:\RECYCLER\NPROTECT\00129290.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.114:C:\RECYCLER\NPROTECT\00129225.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.115:C:\RECYCLER\NPROTECT\00129225.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.116:C:\RECYCLER\NPROTECT\00129225.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.120:C:\RECYCLER\NPROTECT\00129227.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.121:C:\RECYCLER\NPROTECT\00129227.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.122:C:\RECYCLER\NPROTECT\00129227.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.124:C:\RECYCLER\NPROTECT\00129291.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.124:C:\RECYCLER\NPROTECT\00129292.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.124:C:\RECYCLER\NPROTECT\00129293.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.125:C:\RECYCLER\NPROTECT\00129291.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.125:C:\RECYCLER\NPROTECT\00129292.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.125:C:\RECYCLER\NPROTECT\00129293.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.125:C:\RECYCLER\NPROTECT\00129294.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT\00129291.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT\00129292.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT\00129293.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.126:C:\RECYCLER\NPROTECT\00129294.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.127:C:\RECYCLER\NPROTECT\00129294.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT\00129295.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.128:C:\RECYCLER\NPROTECT\00129296.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT\00129295.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT\00129296.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.129:C:\RECYCLER\NPROTECT\00129297.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT\00129295.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT\00129296.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.130:C:\RECYCLER\NPROTECT\00129297.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.131:C:\RECYCLER\NPROTECT\00129228.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.131:C:\RECYCLER\NPROTECT\00129297.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.132:C:\RECYCLER\NPROTECT\00129228.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.133:C:\RECYCLER\NPROTECT\00129228.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.133:C:\RECYCLER\NPROTECT\00129539.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.134:C:\RECYCLER\NPROTECT\00129229.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.134:C:\RECYCLER\NPROTECT\00129539.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.134:C:\RECYCLER\NPROTECT\00129572.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.134:C:\RECYCLER\NPROTECT\00129582.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.134:C:\RECYCLER\NPROTECT\00129587.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.134:C:\RECYCLER\NPROTECT\00129593.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.134:C:\RECYCLER\NPROTECT\00129594.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT\00129229.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT\00129538.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT\00129539.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT\00129572.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT\00129582.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT\00129587.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT\00129593.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT\00129594.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT\00129595.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.135:C:\RECYCLER\NPROTECT\00129598.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00129229.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00129538.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00129572.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00129582.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00129587.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00129593.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00129594.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00129595.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00129598.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00129600.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.136:C:\RECYCLER\NPROTECT\00129603.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT\00129538.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT\00129595.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT\00129598.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT\00129600.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.137:C:\RECYCLER\NPROTECT\00129603.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT\00129600.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.138:C:\RECYCLER\NPROTECT\00129603.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00129230.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00129231.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00129232.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.144:C:\RECYCLER\NPROTECT\00129233.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.145:C:\RECYCLER\NPROTECT\00129230.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.145:C:\RECYCLER\NPROTECT\00129231.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.145:C:\RECYCLER\NPROTECT\00129232.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.145:C:\RECYCLER\NPROTECT\00129233.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00129230.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00129231.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00129232.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.146:C:\RECYCLER\NPROTECT\00129233.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00129655.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.147:C:\RECYCLER\NPROTECT\00129656.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT\00129655.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.148:C:\RECYCLER\NPROTECT\00129656.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.149:C:\RECYCLER\NPROTECT\00129655.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.149:C:\RECYCLER\NPROTECT\00129656.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.153:C:\RECYCLER\NPROTECT\00129657.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\RECYCLER\NPROTECT\00129657.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\RECYCLER\NPROTECT\00129658.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.154:C:\RECYCLER\NPROTECT\00129682.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\RECYCLER\NPROTECT\00129657.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\RECYCLER\NPROTECT\00129658.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\RECYCLER\NPROTECT\00129682.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.156:C:\RECYCLER\NPROTECT\00129658.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.156:C:\RECYCLER\NPROTECT\00129682.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.161:C:\RECYCLER\NPROTECT\00129683.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.162:C:\RECYCLER\NPROTECT\00129683.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.163:C:\RECYCLER\NPROTECT\00129683.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.164:C:\RECYCLER\NPROTECT\00129684.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.164:C:\RECYCLER\NPROTECT\00129717.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.165:C:\RECYCLER\NPROTECT\00129684.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.165:C:\RECYCLER\NPROTECT\00129717.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.166:C:\RECYCLER\NPROTECT\00129684.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.166:C:\RECYCLER\NPROTECT\00129717.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.166:C:\RECYCLER\NPROTECT\00129718.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.167:C:\RECYCLER\NPROTECT\00129718.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.168:C:\RECYCLER\NPROTECT\00129718.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.170:C:\RECYCLER\NPROTECT\00129796.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT\00129719.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT\00129720.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT\00129761.MOZ -> TrackingCookie.247realmedia : Cleaned.
:mozilla.171:C:\RECYCLER\NPROTECT\00129770.MOZ -> TrackingCookie.247realmedia : Cleaned.


<<<<<<<<<<<<<<<<< Truncated >>>>>>>>>>>>>


::Report end

========================================================

And here is the main report from another dss scan:

Deckard's System Scanner v20071014.68
Run by Bruce Hooke on 2008-02-16 12:58:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Bruce Hooke.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:01 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bruce Hooke\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\BRUCEH~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\BRUCE HOOKE\Application Data\Mozilla\Profiles\default\090g5d31.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01 .src"); (C:\Documents and Settings\BRUCE HOOKE\Application Data\Mozilla\Profiles\default\090g5d31.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Matrox PowerDesk 8] "C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" /silent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Mso] C:\WINDOWS\?ppPatch\?vchost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP CP1700PS.lnk = C:\Program Files\HP CP1700PS RIP\Program\App2.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: Shortcut to NotesTemp.txt.lnk = E:\Active\General\NotesTemp.txt
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1125792472031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183087838968
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} (VPlayer Control) - http://www.wherethebloodyhellareyou....vivid_ocx.jpeg
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Ntlmdecsdpp - Symantec Corporation - (no file)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12109 bytes

-- Files created between 2008-01-16 and 2008-02-16 -----------------------------

2008-02-16 11:44:44 0 d-------- C:\Documents and Settings\Bruce Hooke\Application Data\Grisoft
2008-02-16 11:44:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-16 10:20:15 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-16 10:20:15 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-16 10:20:15 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-16 10:20:15 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-14 14:07:21 0 d-------- C:\Program Files\Trend Micro
2008-02-14 10:55:43 0 d-------- C:\Documents and Settings\Bruce Hooke\Application Data\AVG7
2008-02-14 10:55:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-14 10:55:29 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-13 23:00:09 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-13 23:00:09 3450 --a------ C:\WINDOWS\unins000.dat
2008-02-12 21:28:20 87325424 --a------ C:\Registry 2-12-2008 (2).reg
2008-02-12 19:32:15 87604596 --a------ C:\Registry 2-12-2008.reg
2008-02-12 18:37:36 0 d-------- C:\WINDOWS\pss
2008-02-12 12:03:26 414208 -ra------ C:\WINDOWS\system32\ftdiunin.exe <Not Verified; FTDI Ltd.; FTDI Uninstall Program>
2008-02-12 12:03:26 24177 -ra------ C:\WINDOWS\system32\drivers\ftdibus.sys <Not Verified; FTDI Ltd.; FT8U232AX>
2008-02-12 11:37:57 76416 -ra------ C:\WINDOWS\system32\drivers\NmPar.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-02-12 11:37:56 39424 -ra------ C:\WINDOWS\system32\pnpports.dll <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-02-12 11:37:56 184320 -ra------ C:\WINDOWS\system32\NmUninst.exe <Not Verified; ; NmUninst Application>
2008-02-12 11:37:56 6656 -ra------ C:\WINDOWS\system32\NmCoInst.dll
2008-02-12 11:37:56 62080 -ra------ C:\WINDOWS\system32\drivers\NmSerial.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-02-12 10:34:14 143360 -r------- C:\WINDOWS\system32\xRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-02-12 10:34:13 1953792 -r------- C:\WINDOWS\system32\xRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2008-02-12 10:34:13 0 d-------- C:\RaidTool
2008-02-12 10:34:05 0 d-------- C:\WINDOWS\RaidTool
2008-02-12 10:21:54 0 d-------- C:\WINDOWS\ASUSInstAll
2008-02-12 10:16:36 0 d-------- C:\WINDOWS\system32\drivers\system32
2008-02-12 10:16:36 0 d-------- C:\WINDOWS\system32\drivers\INF
2008-02-12 10:16:06 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-02-12 10:16:05 0 d-------- C:\Program Files\Intel
2008-02-12 10:16:01 0 d-------- C:\Intel
2008-02-12 01:40:15 53248 -----n--- C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2008-02-12 01:40:14 1285632 -----n--- C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2008-02-12 01:40:11 49152 -----n--- C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-02-12 01:40:11 45056 -----n--- C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-02-12 01:40:11 0 d-------- C:\Program Files\Analog Devices
2008-02-12 00:45:06 0 d-------- C:\Program Files\Marvell
2008-02-11 23:22:42 0 d-------- C:\usr
2008-02-11 23:15:05 0 d-------- C:\Documents and Settings\Bruce Hooke\Application Data\ATI
2008-02-11 23:15:05 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-02-11 23:13:16 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-11 23:08:37 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-02-11 23:08:25 0 d-------- C:\Program Files\ATI Technologies
2008-02-11 23:06:52 0 d-------- C:\ATI
2008-01-24 18:12:38 0 d-------- C:\Program Files\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-02-16 12:53:43 0 d-------- C:\Program Files\Common Files
2008-02-16 10:52:30 0 d-------- C:\Documents and Settings\Bruce Hooke\Application Data\Adobe
2008-02-15 19:21:23 0 d-------- C:\Program Files\Norton SystemWorks
2008-02-14 10:32:49 0 d-------- C:\Program Files\Opera
2008-02-12 21:43:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-03 12:02:40 0 d-------- C:\Program Files\Google
2008-02-01 01:09:50 0 d-------- C:\Program Files\AutoCAD LT 98
2008-01-21 01:32:30 0 --a------ C:\WINDOWS\Capture
2008-01-21 01:32:21 0 d-------- C:\Program Files\PhoneTools
2007-12-21 13:14:53 0 d-------- C:\Program Files\MapWindow


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [03/31/2003 07:00 AM]
"TCASUTIEXE"="TCAUDIAG.exe" [02/12/2003 04:55 AM C:\WINDOWS\system32\TCAUDIAG.EXE]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [09/04/2005 10:39 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/09/2006 10:47 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [09/04/2005 11:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 03:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 03:50 PM]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [10/13/2003 03:24 PM]
"Matrox PowerDesk 8"="C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe" [07/05/2005 10:12 AM]
"3c1807pd"="" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 03:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/13/2006 10:58 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/12/2005 02:01 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [03/20/2007 01:36 AM]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [03/21/2007 03:23 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 08:34 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 07:12 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 03:45 PM]
"Mso"="C:\WINDOWS\?ppPatch\?vchost.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\Bruce Hooke\Start Menu\Programs\Startup\
Billminder.lnk - C:\Program Files\QUICKENW\billmind.exe [9/5/2005 11:55:36 AM]
Norton System Doctor.LNK - C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE [11/24/2003 11:44:54 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [10/23/2003 11:37:56 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/4/2005 10:34:04 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
HP CP1700PS.lnk - C:\Program Files\HP CP1700PS RIP\Program\App2.exe [9/5/2005 12:08:14 PM]
Instant Update Reminder.lnk - C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe [3/14/2003 4:45:58 PM]
Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2/2/2005 9:59:10 AM]
ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2/2/2005 9:58:36 AM]
Shortcut to NotesTemp.txt.lnk - E:\Active\General\NotesTemp.txt [11/28/2007 10:27:42 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5 B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - AVGASCLN



-- End of Deckard's System Scanner: finished at 2008-02-16 13:00:09 ------------
BruceH is offline   Reply With Quote
Old 16th February 2008   #7
SuperGeek
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,523
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Please post the AVG-AS scan report into 2 separate posts.

Thanks for the uploads! Did those come from the location specified (the C:\Qoobox folder)? I did post the filenames incorrectly BTW.

qmgr0.dat and qmgr1.dat would actually be named qmgr0.dat.vir and qmgr1.dat.vir
noahdfear is offline   Reply With Quote
Old 16th February 2008   #8
Member
 
Profile:
Join Date: Feb 2008
Posts: 17
Computer Experience:
Intermediate
BruceH Reputation Level
Response
Hi noahdfear,

The AVG-AS scan log contains 4,644,494 characters , so posting it segment by segment on the forum would require 132 separate posts to stay under the 35,000 character limit. I am guessing this would not go over well with the forum moderators! It is 9MB text file but zipped it is only 245KB. I am not sure what to suggest as a way to get it to you so that you can look at it.

On the file uploads I simply pasted the paths into the path box and proceeded without checking the paths to see if they actually pointed to real files (sorry about that). I just uploaded the proper files to make sure you got the right thing.

Thanks!
Bruce
BruceH is offline   Reply With Quote
Old 16th February 2008   #9
SuperGeek
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,523
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Thanks for uploading those again, Bruce. Those are the correct ones.

Attach the zipped AVG-AS report to an email and send it to me please.
noahdfear is offline   Reply With Quote
Old 17th February 2008   #10
Inactive
 
Profile:
Join Date: Feb 2008
Posts: 3
Computer Experience:
Intermediate
bluephyre69 Reputation Level
Re: Problems removing malware/viruses?
try using Avast antivirus home edition (http://www.avast.com) and to get rid of spyware, use spybot! (you can find it on http://www.download.com). let me know if this helps.
bluephyre69 is offline   Reply With Quote
Old 17th February 2008   #11
SuperGeek
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,523
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Welcome to WindowsBBS bluephyre69, and thanks for your input. However, an antivirus and anti-spyware alone cannot effectively deal with much of todays malware. Not only are special tools often needed, but so is specialized training in identifying and removing it. Please refrain from posting removal help in the Removing Spyware & Viruses forum unless you have specialized training. If you do, please PM me with your credentials. Thanks!
noahdfear is offline   Reply With Quote
Old 17th February 2008   #12
Inactive
 
Profile:
Join Date: Feb 2008
Posts: 3
Computer Experience:
Intermediate
bluephyre69 Reputation Level
oops
ok i am new to this. sorry. wont happen again.
bluephyre69 is offline   Reply With Quote
Old 17th February 2008   #13
SuperGeek
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,523
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Thumbs up
No problem.
noahdfear is offline   Reply With Quote
Old 17th February 2008   #14
SuperGeek
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,523
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Looks good, Bruce! 54,000+ of those items were tracking cookies in Norton's nprotect folder ....... backups of deleted items. Recommend you empty the Norton protected storage.

You should next run an online virus scan just to be sure we haven't missed anything. Please do an online scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.

Post the Kaspersky log and one more fresh HijackThis log, and let me know how the computer is behaving now.
noahdfear is offline   Reply With Quote
Old 17th February 2008   #15
Member
 
Profile:
Join Date: Feb 2008
Posts: 17
Computer Experience:
Intermediate
BruceH Reputation Level
Update
Hello noahdfear,

I emptied my Norton Protected Storage.

Below is the Kaspersky Log. I did not take action on any of the items found. Some seem like they may be "cross-references" to objects already isolated by previous scans. Most of the items found in my Outlook pst files I could presumably take care of by emptying my Deleted Items and Junk E-mail folders. Many of the other objects found appear to be emails buried in website backups for various websites I manage. On those, I could pretty easily work through and simply delete old backups and make new ones where necessary, but I did not want to start doing things without checking with you and I also presume that as long as something is locked up in a backup file it can't do much unless the backup is restored. Other things, like the many dat files, I don't know what to make of. Anyway, here is the log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 17, 2008 9:14:09 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/02/2008
Kaspersky Anti-Virus database records: 569957
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
J:\
Y:\

Scan Statistics:
Total number of scanned objects: 464478
Number of viruses found: 30
Number of infected objects: 382
Number of suspicious objects: 0
Duration of the scan process: 01:57:21

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080214145728\backup\DOCUME~1\BRUCEH~1\LOCALS~1\Temp\snapsnet.exe/data0006 Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\Deckard\System Scanner\20080214145728\backup\DOCUME~1\BRUCEH~1\LOCALS~1\Temp\snapsnet.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-16_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Bruce Hooke\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\OLDDRIVEoutlook.pst/Personal Folders/Deleted Items/29 Oct 2004 13:51 to Bhooke:Re: Thank you!/Price.cpl Infected: Email-Worm.Win32.Bagle.at skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\OLDDRIVEoutlook.pst/Personal Folders/Deleted Items/06 Jan 2005 14:21 to Bruce Hooke:Thank you for your email. .eml Infected: Trojan-Spy.HTML.Paylap.cf skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\OLDDRIVEoutlook.pst Mail MS Mail: infected - 2 skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/21 Jan 2006 04:10 from PayPal:PayPal Account (KMM15704117V21840L.html Infected: Trojan-Spy.HTML.Paylap.bj skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/24 Jul 2006 09:32 to bruce@bghooke.com:Order WC2905036 Is Being /WC2905036.zip/WC2905036.exe Infected: Backdoor.Win32.Haxdoor.ga skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/24 Jul 2006 09:32 to bruce@bghooke.com:Order WC2905036 Is Being /WC2905036.zip Infected: Backdoor.Win32.Haxdoor.ga skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/17 Nov 2006 02:51 from bharati:New PostCard From Your Friend/mrjcwsn.zip/emule.exe Infected: Trojan-PSW.Win32.Small.bs skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Deleted Items/17 Nov 2006 02:51 from bharati:New PostCard From Your Friend/mrjcwsn.zip Infected: Trojan-PSW.Win32.Small.bs skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/03 Sep 2007 18:49 from Erin Waller:***SPAM*** Something hot/iloveyou.zip/iloveyou.exe Infected: Trojan-Downloader.Win32.Agent.crz skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/03 Sep 2007 18:49 from Erin Waller:***SPAM*** Something hot/iloveyou.zip Infected: Trojan-Downloader.Win32.Agent.crz skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/29 Aug 2007 14:05 to bruce@bghooke.com:You ask me about this gam/game.zip/game.exe Infected: Trojan-Downloader.Win32.Agent.cnh skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/29 Aug 2007 14:05 to bruce@bghooke.com:You ask me about this gam/game.zip Infected: Trojan-Downloader.Win32.Agent.cnh skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/20 Aug 2007 15:56 from Bradly Kennedy:***SPAM*** Something hot/game.zip/game.exe Infected: Trojan-Downloader.Win32.Agent.acl skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/20 Aug 2007 15:56 from Bradly Kennedy:***SPAM*** Something hot/game.zip Infected: Trojan-Downloader.Win32.Agent.acl skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/14 Sep 2007 23:49 from Casey Felix:Here is it/player.zip/player.exe Infected: Trojan-Downloader.Win32.Agent.djt skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/14 Sep 2007 23:49 from Casey Felix:Here is it/player.zip Infected: Trojan-Downloader.Win32.Agent.djt skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/07 Sep 2007 05:00 to bruce@bghooke.com:***SPAM*** Update Your Ac.html Infected: Trojan-Spy.HTML.Paylap.bg skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/29 Aug 2007 13:42 to bhooke@woonasquatucket.org:You ask me about/game.zip/game.exe Infected: Trojan-Downloader.Win32.Agent.cnh skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/29 Aug 2007 13:42 to bhooke@woonasquatucket.org:You ask me about/game.zip Infected: Trojan-Downloader.Win32.Agent.cnh skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/25 Jan 2008 19:56 to bhooke@woonasquatucket.org:Hot pictures/video.zip/video.scr Infected: Trojan-Downloader.Win32.Agent.hzc skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/25 Jan 2008 19:56 to bhooke@woonasquatucket.org:Hot pictures/video.zip Infected: Trojan-Downloader.Win32.Agent.hzc skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/19 Aug 2007 11:56 to bhooke@woonasquatucket.org:***SPAM*** You a/game.zip/isit.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/19 Aug 2007 11:56 to bhooke@woonasquatucket.org:***SPAM*** You a/game.zip Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/15 Aug 2007 08:46 from Clinton Shultz:Hot pictures/LGame.zip/LGame/lgame.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/15 Aug 2007 08:46 from Clinton Shultz:Hot pictures/LGame.zip Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/13 Aug 2007 04:44 to bruce@bghooke.com:***SPAM*** Hot game/LGame.zip/LGame/lgame.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/13 Aug 2007 04:44 to bruce@bghooke.com:***SPAM*** Hot game/LGame.zip Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/07 Aug 2007 09:32 to bruce@bghooke.com:Send you a gift/amazing.zip/shocking.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/07 Aug 2007 09:32 to bruce@bghooke.com:Send you a gift/amazing.zip Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/03 Aug 2007 17:06 to bhooke@woonasquatucket.org:Pictures/...p/shocking.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/03 Aug 2007 17:06 to bhooke@woonasquatucket.org:Pictures/amazing.zip Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/02 Aug 2007 12:35 to bhooke@woonasquatucket.org:Just for you/amazing.zip/shocking.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/02 Aug 2007 12:35 to bhooke@woonasquatucket.org:Just for you/amazing.zip Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/25 Jan 2008 23:48 to info@citywidegreen.org:Something hot/video.zip/video.scr Infected: Trojan-Downloader.Win32.Agent.hzc skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Junk E-mail/25 Jan 2008 23:48 to info@citywidegreen.org:Something hot/video.zip Infected: Trojan-Downloader.Win32.Agent.hzc skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 32 skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\History\History.IE5\MSHist012008021620080217\index.dat Object is locked skipped
C:\Documents and Settings\Bruce Hooke\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bruce Hooke\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Bruce Hooke\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\AVApp.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\AVError.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\AVVirus.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\PPPATC~1\ѕvchost.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP3\A0000767.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001018.exe Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001019.exe Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001020.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001023.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001024.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001025.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001026.exe Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001027.exe Infected: not-a-virusownloader.Win32.WinFixer.au skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001028.exe Infected: Trojan-Downloader.Win32.Agent.djt skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001029.exe Infected: Trojan-Downloader.Win32.Agent.czl skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001030.exe Infected: Trojan-Downloader.Win32.Agent.czl skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001031.exe Infected: Trojan-Downloader.Win32.Agent.crz skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001032.exe Infected: Trojan-Downloader.Win32.Agent.crz skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001033.exe Infected: Trojan-Downloader.Win32.Agent.acl skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001034.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001035.exe Infected: Trojan-Downloader.Win32.Agent.crz skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001036.exe Infected: Trojan-Downloader.Win32.Agent.acl skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\A0001037.scr Infected: Trojan-Downloader.Win32.Small.eyf skipped
C:\System Volume Information\_restore{82E1B4BD-C03C-4D54-8328-0CDB2778821B}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{7DE1896B-E137-4558-A184-4B6B7A9CDB3F}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153980150.H143536P8750.iota.genwebserver.com:2/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:28 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153980150.H143536P8750.iota.genwebserver.com:2/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:28 -0400]/UNNAMED/UNNAMED Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153980150.H143536P8750.iota.genwebserver.com:2/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:28 -0400]/UNNAMED Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153980150.H143536P8750.iota.genwebserver.com:2 Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153980149.H506953P7950.iota.genwebserver.com:2/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:35 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153980149.H506953P7950.iota.genwebserver.com:2/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:35 -0400]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153980149.H506953P7950.iota.genwebserver.com:2/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:35 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153980149.H506953P7950.iota.genwebserver.com:2 Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978659.H833532P1070.iota.genwebserver.com:2/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:20 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978659.H833532P1070.iota.genwebserver.com:2/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:20 -0400]/UNNAMED/UNNAMED Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978659.H833532P1070.iota.genwebserver.com:2/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:20 -0400]/UNNAMED Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978659.H833532P1070.iota.genwebserver.com:2 Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978651.H637023P19782.iota.genwebserver.com:/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:13 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978651.H637023P19782.iota.genwebserver.com:/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:13 -0400]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978651.H637023P19782.iota.genwebserver.com:/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:13 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978651.H637023P19782.iota.genwebserver.com: Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978638.H292394P5364.iota.genwebserver.com:2/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:01 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978638.H292394P5364.iota.genwebserver.com:2/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:01 -0400]/UNNAMED/UNNAMED Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978638.H292394P5364.iota.genwebserver.com:2/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:01 -0400]/UNNAMED Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978638.H292394P5364.iota.genwebserver.com:2 Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978632.H710304P25658.iota.genwebserver.com:/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:53 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978632.H710304P25658.iota.genwebserver.com:/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:53 -0400]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978632.H710304P25658.iota.genwebserver.com:/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:53 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978632.H710304P25658.iota.genwebserver.com: Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978619.H752828P7314.iota.genwebserver.com:2/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:41 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978619.H752828P7314.iota.genwebserver.com:2/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:41 -0400]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978619.H752828P7314.iota.genwebserver.com:2/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:41 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978619.H752828P7314.iota.genwebserver.com:2 Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978604.H201719P5224.iota.genwebserver.com:2/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:27 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978604.H201719P5224.iota.genwebserver.com:2/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:27 -0400]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978604.H201719P5224.iota.genwebserver.com:2/[From FlagStar <survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:27 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978604.H201719P5224.iota.genwebserver.com:2 Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978598.H858464P21251.iota.genwebserver.com:/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:17 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978598.H858464P21251.iota.genwebserver.com:/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:17 -0400]/UNNAMED/UNNAMED Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978598.H858464P21251.iota.genwebserver.com:/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:17 -0400]/UNNAMED Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978598.H858464P21251.iota.genwebserver.com: Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978613.H958657P30460.iota.genwebserver.com:/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:35 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978613.H958657P30460.iota.genwebserver.com:/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:35 -0400]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978613.H958657P30460.iota.genwebserver.com:/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:35 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978613.H958657P30460.iota.genwebserver.com: Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978625.H194019P23713.iota.genwebserver.com:/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:48 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978625.H194019P23713.iota.genwebserver.com:/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:48 -0400]/UNNAMED/UNNAMED Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978625.H194019P23713.iota.genwebserver.com:/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:30:48 -0400]/UNNAMED Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978625.H194019P23713.iota.genwebserver.com: Infected: Trojan-Downloader.Win32.Small.djb skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978645.H259837P21560.iota.genwebserver.com:/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:06 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978645.H259837P21560.iota.genwebserver.com:/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:06 -0400]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped
E:\Active\Woonasquatucket\Citywide Green\website backups\backup-7.27.2006_17-40-19_citywide.tar.gz/packed/backup-7.27.2006_17-40-19_citywide/homedir/mail/cur/1153978645.H259837P21560.iota.genwebserver.com:/[From FlagStar <aw-survey@flagstar.com>][Date Thu, 27 Jul 2006 00:31:06 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Fraud.l skipped

Continued...
BruceH is offline   Reply With Quote



Reply
Page 1 of 2 1 2

« Heur.Backdoor.Generic | Browser Hijack - IE pops up when using Mozilla Firefox »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Trojan Horse Mel Malware and Virus Removal 5 31st October 2007 04:11
trojan horse real problem- dropper and downloader heartattack101 Malware and Virus Removal 0 30th December 2005 18:18
Can not remove trojan horse dropper Master Green Malware and Virus Removal 84 24th September 2005 02:34
Trojan horse Collected.5.L [HijackThis log] 1mt Malware and Virus Removal 7 27th July 2005 04:34
False positives from AVG Free 7 - Trojan horse Dropper.small.22.AY -- ?? Dennis L General Security 6 9th June 2005 23:40


All times are GMT +1. The time now is 23:07.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32