Strange music playing on my speakers. WMP being tampered with

I'll try to explain this as best as i can.

While my computer is on, strange - poor quality latin sounding - music plays on my speakers for 3 or 4 seconds. Then it stops and then a few seconds later the same music loop repeats itself. Every 3 or 4 seconds FOR 3 or 4 seconds. Theres also a strange garbled voice thats started saying either, "i want to see you" or "i don't want to see you ". I can't tell. This might last for 10 mins, an hour.... the time seems totally variable, then its gone again.
Also the last time i opened Windows Media Player there were 2 new playlists called xxxxxclassic-stonerxxxxxx or something like that which i definately didn't have before. I'm the only stoner in this house and it wasn't me! yet it did seem to be a somewhat stoner playlist, and if i'm honest.... was quite good.
Is somebody hacking my computer or is it spyware just messing things up?

Thanks for your help

 

Hello Phantom and welcome to the Board

To see what malicious process may be running:

Download and run HijackThis:

Download from here http://radiosplace.com/ latest version 1.99.1

Download it to it's own folder, for example create a folder C:\HijackThis

unzip (double click on zipped folder)

click on the execute

click on Do a system scan and save a logfile and save to the folder you just created

copy resultant .txt file and paste into your next post

When we see the HJT log, we'll move to the appropriate forum.

Regards - Charles

 

Charles you are absolutly fearless

So you really think a GHOST Whooooo..... will be visable in a HJK log?

Good luck on this one.

As I log off I hear the theme from the Outer Limits playing thu my speakers.

Mike

 

Forgive! I could not help it!!!!

Mike

 

Here is requested log file. enjoy its warm loggyness

Logfile of HijackThis v1.99.1
Scan saved at 13:34:28, on 11/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Mqayum.exe
C:\WINDOWS\system32\Ghzabm.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\isrvs\desktop.exe
C:\windows\system32\ngtjyat.exe
C:\Program Files\Tmug\Wrnzx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system32\gdimx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\windows\system32\packager.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\system\deb60b10.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Desktop\Hijackthis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll (file missing)
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - (no file)
O2 - BHO: SSL encrypt - {0B6899B6-1564-43e0-BD93-F7CF930A5E5C} - C:\WINDOWS\system32\nst11F.dll
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\system32\rsyncmon.dll
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINDOWS\system32\hsrb.dll
O2 - BHO: Katze - {2A611133-1C57-4DFB-A05C-07EE3BFE6D34} - C:\WINDOWS\system32\nsz231.dll
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbltria.dll
O2 - BHO: SelasI Class - {59F4F380-01A0-4083-9FA4-E3B827319F7E} - C:\WINDOWS\system32\vcbhsvpi.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmaawi.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsy4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\iraspjmd.dll
O2 - BHO: ohb - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\system32\nsb3F.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsyE.dll
O2 - BHO: Iconizer - {AA1A4F83-B4AC-4859-8C91-21DBE6C5625B} - C:\WINDOWS\system32\nodeipproc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclcceo.dll
O2 - BHO: Root.CERT - {D6EAC4ED-2842-4FB6-A8B4-B1A300A1F2F9} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\root\root.dll
O2 - BHO: AD Rotator - {EEC590D8-0A3C-4464-BB20-25A4747992F9} - C:\WINDOWS\system32\adrotate.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe "
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [FSWebServer] C:\Program Files\Easy File Sharing Web Server\fsws.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Mqayum.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Ghzabm.exe
O4 - HKLM\..\Run: [PG09¿ÃŒ*ú*ÀaîžaaîžaaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\pghvmhr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [PG09¿ÃŒ*ÀaîžaîžaaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\pghvmhr.exe
O4 - HKLM\..\Run: [UsbD] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\system32\netsync.exe
O4 - HKLM\..\Run: [ngtjyat] c:\windows\system32\ngtjyat.exe
O4 - HKLM\..\Run: [Irzzz] C:\Program Files\Tmug\Wrnzx.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe "
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [enydghp] C:\WINDOWS\enydghp.EXE
O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKLM\..\Run: [yoegtcq] C:\WINDOWS\yoegtcq.EXE
O4 - HKLM\..\Run: [sdjxryb] C:\WINDOWS\sdjxryb.EXE
O4 - HKLM\..\Run: [adodtuv] C:\WINDOWS\adodtuv.EXE
O4 - HKLM\..\Run: [qxjgaqn] C:\WINDOWS\qxjgaqn.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [iplknxv] C:\WINDOWS\iplknxv.exe
O4 - HKLM\..\Run: [xxknquc] C:\WINDOWS\xxknquc.EXE
O4 - HKLM\..\Run: [uoapzoa] C:\WINDOWS\uoapzoa.EXE
O4 - HKLM\..\Run: [hxtxzoa] C:\WINDOWS\hxtxzoa.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ijhxgnd] C:\WINDOWS\ijhxgnd.EXE
O4 - HKLM\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gdimx] c:\windows\system32\gdimx.exe /nocomm
O4 - HKLM\..\Run: [mplay64] c:\program files\common files\system\deb60b10.exe /noerrorinfo
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adrotate.dll" DllVerify
O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [ItalU] C:\WINDOWS\system32\italfds.exe
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LifeCU] C:\WINDOWS\system32\BastaYa.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10908.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O18 - Protocol: advert - {7DC356B2-7366-4F19-BF7A-4875F6AABEA0} - C:\WINDOWS\system32\nodeipproc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\bdwyvgx.exe (file missing)

 

Hello Phantom,

You're infected with among other things - Safe Surfing.

I'm moving your thread to the malware removal section.

Regards - Charles

 

LOL Mike - yes, hard to resist

Regards - Charles

 

WOW...............what a mess!!

Havn't seen one this bad in a while. This will take some time to clean up, but 99% of it should go easy, nothing too horrible really, just a ton of it. And most of it recognizable to me.

Lest get started.

Please follow these instructions, exactly, for proper HJT installation. Please place HJT into ITS OWN PERMANANT FOLDER. It must not be installed on the desktop.

You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Move HijackThis.exe into this folder (C:\HJT\HijackThis.exe). When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.


Download AVG Anti-Spyware 7.5 formerly Ewido Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

• Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
• Once the setup is complete you will need run ewido and update the definition files.
• On the main screen select the icon "Update" then select the "Update now" link.

• Next select the [Start Update] button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
• Under "Reports "

• Select "Automatically generate report after every scan "
• Un-Select "Only if threats were found "

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

Reboot, into safe mode, this way:

• Turn on the computer
• Immediately begin tapping the <F8> key.
• Use the arrow keys to highlight Safe Mode and press the <Enter> key.

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process.

Launch ewido-anti-spyware by double-clicking the icon on your desktop.

• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
• ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions "
• Next select the "Reports" icon at the top.
• Select the [Save report as] button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important, I recommend saving it to the desktop, can't miss it then).
• Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan[SIZE= "3"].(Please edit out any cookie, Recyler and System Volume Information Folder references <<<<---especially since this list wil be long enough with just the infections!!
  [/SIZE]

Once you have scaned and quarentined with AVG and rebooted:

Download combofix.exe

• Double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Reboot after running ComboFix and post the following logs:

• A new HijackThis log
• AVG log (edited as requested)
• ComboFix log

 

Whoa!

Glad you got this one TeMerc. But you da man.

Mr. Spanker you are in good hands!

Mike

 

Thanks TeMerc. Its gonna be all right *takes deep breath* everythings gonna be allllll righhhtt.

I'll do this tonight. Just one question, when i run hijackthis and have it "fix checked ", do i check the boxes on everything that it reported and have hijackthis fix everything?

Also, i'm not quite sure how edit out any cookie, Recyler and System Volume Information Folder references from the ewido report, but i'll try and just delete anything that looks normal!

 

You only need to tick the entries which I listed, and nothing more, then you hit the 'Fix' button.

Once the report is saved and you open it to paste it, look at the lines contained and if you see the words 'cookies' or 'tracking cookies' or the file paths which indicate they are in the 'system volume information' and remove those.

 

Logfile of HijackThis v1.99.1
Scan saved at 02:08:19, on 13/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\gdimx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
c:\program files\common files\system\deb60b12.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - (no file)
O2 - BHO: SSL encrypt - {0B6899B6-1564-43e0-BD93-F7CF930A5E5C} - C:\WINDOWS\system32\nst7.dll
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\system32\rsyncmon.dll (file missing)
O2 - BHO: Katze - {2A611133-1C57-4DFB-A05C-07EE3BFE6D34} - C:\WINDOWS\system32\nsz231.dll
O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbltria.dll (file missing)
O2 - BHO: SelasI Class - {59F4F380-01A0-4083-9FA4-E3B827319F7E} - C:\WINDOWS\system32\vcbhsvpi.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmaawi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Iconizer - {AA1A4F83-B4AC-4859-8C91-21DBE6C5625B} - C:\WINDOWS\system32\nodeipproc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclcceo.dll
O2 - BHO: Root.CERT - {D6EAC4ED-2842-4FB6-A8B4-B1A300A1F2F9} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\root\root.dll (file missing)
O2 - BHO: AD Rotator - {EEC590D8-0A3C-4464-BB20-25A4747992F9} - C:\WINDOWS\system32\adrotate.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [FSWebServer] C:\Program Files\Easy File Sharing Web Server\fsws.exe
O4 - HKLM\..\Run: [PG09¿ÃŒ*ú*ÀaîžaaîžaaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\pghvmhr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [PG09¿ÃŒ*ÀaîžaîžaaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\pghvmhr.exe
O4 - HKLM\..\Run: [UsbD] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [Irzzz] C:\Program Files\Tmug\Wrnzx.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe "
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [enydghp] C:\WINDOWS\enydghp.EXE
O4 - HKLM\..\Run: [yoegtcq] C:\WINDOWS\yoegtcq.EXE
O4 - HKLM\..\Run: [sdjxryb] C:\WINDOWS\sdjxryb.EXE
O4 - HKLM\..\Run: [adodtuv] C:\WINDOWS\adodtuv.EXE
O4 - HKLM\..\Run: [qxjgaqn] C:\WINDOWS\qxjgaqn.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [iplknxv] C:\WINDOWS\iplknxv.exe
O4 - HKLM\..\Run: [xxknquc] C:\WINDOWS\xxknquc.EXE
O4 - HKLM\..\Run: [uoapzoa] C:\WINDOWS\uoapzoa.EXE
O4 - HKLM\..\Run: [hxtxzoa] C:\WINDOWS\hxtxzoa.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ijhxgnd] C:\WINDOWS\ijhxgnd.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gdimx] c:\windows\system32\gdimx.exe /nocomm
O4 - HKLM\..\Run: [mplay64] c:\program files\common files\system\deb60b12.exe /noerrorinfo
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adrotate.dll" DllVerify
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10908.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O18 - Protocol: advert - {7DC356B2-7366-4F19-BF7A-4875F6AABEA0} - C:\WINDOWS\system32\nodeipproc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\bdwyvgx.exe (file missing)

 

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:17:05 12/01/2007

+ Scan result:



C:\WINDOWS\system32\saie.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\INSTAFIN -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFIN\Cache -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFIN\Cache\ErrorLog.txt -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFIN\Cache\NewCfg -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFIN\Cache\instafintb0300.cfg -> Adware.404Search : Cleaned with backup (quarantined).
C:\Program Files\INSTAFIN\Uninstall.exe -> Adware.404Search : Cleaned with backup (quarantined).
C:\WINDOWS\system32\auto_update_uninstall.exe -> Adware.Apropos : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\Common Files\sysdir\Switp_bund_ar13.exe -> Adware.Atlas : Cleaned with backup (quarantined).
C:\WINDOWS\switpa.exe -> Adware.Atlas : Cleaned with backup (quarantined).
C:\WINDOWS\switpb.exe -> Adware.Atlas : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{98640C3B-0699-4D51-ADB4-A6FC48ACB966} -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr.1 -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr\CLSID -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Var3.RsyncHlpr\CurVer -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Netsync -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RsyncMon -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98640C3B-0699-4D51-ADB4-A6FC48ACB966} -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\ABI941 -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\ABI942 -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\BTNet3 -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\BTNet4 -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\CPDEF2 -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\CPDEF2_F -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\IDCS52 -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\RMGVDX -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\RMGVSX -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\SAH -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\SLC -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\SSUP5 -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\THIN1161 -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\TS -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Run\VC -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\RSyncMon\Sys -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01EB5130-FC0C-4D75-B9CE-4801B1B854F5} -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98640C3B-0699-4D51-ADB4-A6FC48ACB966} -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\Program Files\Common Files\sysdir\thin-75-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\Buddy.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\inst\3p.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\irsmaawi.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\thin-75-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\thin-94-5-x-x.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BTGrabDll.BTGrabDllObj -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BTGrabDll.BTGrabDllObj.1 -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BTGrabDll.BTGrabDllObj\CLSID -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BTGrabDll.BTGrabDllObj\CurVer -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\sPeerDll.sPeerDllObj -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\sPeerDll.sPeerDllObj.1 -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\sPeerDll.sPeerDllObj\CLSID -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\sPeerDll.sPeerDllObj\CurVer -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\BTGrab -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\sPeer -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tcbltria.dll -> Adware.BHO : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Windows ServeAd -> Adware.BlazeFind : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_207400.HTM -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_283500.HTM -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_336_0_4_283500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_336_0_4_283500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_336_1_4_207400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_336_1_4_207400.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\Temp -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\CD_CLINT.DLL -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Ghzabm.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Mqayum.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Nxuvty.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Uninstaller.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Vlmaqn.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Vqbrxo.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dun.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\version.exe -> Adware.DealHelper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dealhelper -> Adware.DealHelper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Adware.DealHelper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\dealhelper -> Adware.DealHelper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\dealhelper\KeyWord -> Adware.DealHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\b2search.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bho.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ezStub.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nsa16D.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nse22.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nsg1D0.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nso16C.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nso6.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nsq153.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nsq1BA.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nst1D5.dll -> Adware.EZula : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4006DCA3-433D-4FC8-AC36-42DA7797DCB7} -> Adware.eZula : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ATPartners.dll -> Adware.F1Organizer : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Log\1004.exe -> Adware.FastFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3E4563A4-2A9B-4912-BE38-906A0CB702CC} -> Adware.FastFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EEBA788A-C268-492A-B7FE-42C2B6C553D4} -> Adware.FastFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E4563A4-2A9B-4912-BE38-906A0CB702CC} -> Adware.FastFind : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E4563A4-2A9B-4912-BE38-906A0CB702CC} -> Adware.FastFind : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEBA788A-C268-492A-B7FE-42C2B6C553D4} -> Adware.FastFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{746455FE-D059-47e7-AF0E-140E03F5A447} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{746455FE-D059-47E7-AF0E-140E03F5A447} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\_hsrb -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\_hsrb\kkws -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\_hsrb\ppops -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\_hsrb\ssites -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\hsb -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\hsb\ccc -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\hsb\eee -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\hsb\rrr -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\hsb\ttt -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\hsb\www -> Adware.HotBar : Cleaned with backup (quarantined).
C:\WINDOWS\system320nsl60 -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dsktrf.dll -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dsktrf1.dll -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hsrb.dll -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nsb3F.dll -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nsh7.dll -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINDOWS\isrvs\msdbhk.dll -> Adware.IESearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} -> Adware.iLookup : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} -> Adware.iLookup : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} -> Adware.iLookup : Cleaned with backup (quarantined).
C:\WINDOWS\system32\InstaFinder_inst.exe -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\INSTAFIN -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\INSTAFIN -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\INSTAFIN\Reports -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\INSTAFIN\Reports\38363 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\INSTAFIN\Reports\38364 -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Common Files\sysdir\ODQ6ODoxMg.exe -> Adware.ISearch : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar/content/isearch/isearch.js -> Adware.ISearch : Cleaned with backup (quarantined).
C:\WINDOWS\isrvs\desktop.exe -> Adware.ISearch : Cleaned with backup (quarantined).
C:\WINDOWS\isrvs\isearch.xpi/chrome/isearch.jar/content/isearch/isearch.js -> Adware.ISearch : Cleaned with backup (quarantined).
C:\WINDOWS\isrvs\mfiltis.dll -> Adware.ISearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ODQ6ODoxMg.exe -> Adware.ISearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -> Adware.Isearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{950238FB-C706-4791-8674-4D429F85897E} -> Adware.Isearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -> Adware.Isearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -> Adware.Isearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\WINDOWS\HLInstaller3.exe -> Adware.MDH : Cleaned with backup (quarantined).
C:\WINDOWS\isrvs\ffisearch.exe -> Adware.MDH : Cleaned with backup (quarantined).
C:\WINDOWS\system32\HyperLinker3.exe -> Adware.MDH : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Bin\4003.exe -> Adware.MediaBack : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Tools\1.exe -> Adware.MediaBack : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Tools\tools.dll -> Adware.MediaBack : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\megasear.dll -> Adware.MegaSearch : Cleaned with backup (quarantined).
C:\temp\SearchRelevancy.exe -> Adware.Relevance : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\INV104.tmp -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\INV108.tmp -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\INV114.tmp -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\INV115.tmp -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\INV120.tmp -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\INV124.tmp -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temporary Internet Files\Content.IE5\016JO1ER\SS-dll-current[1].dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temporary Internet Files\Content.IE5\016JO1ER\SS-dll-current[2].dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ichckupd.exe -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\system32\irasdjtc.dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iraspjmd.dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\system32\irasyncd.exe -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iraszryd.dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\system32\irismon.dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\system32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\system32\netsync.exe -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pdrpdb.dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rastmon.dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rsyncmon.dll -> Adware.SafeSurfing : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{95C60327-8E17-44D6-98EB-7EB70CC606DD} -> Adware.SafeSurfing : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95C60327-8E17-44D6-98EB-7EB70CC606DD} -> Adware.SafeSurfing : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70230839-555C-4862-8D42-BB1E2352502C} -> Adware.SafeSurfing : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95C60327-8E17-44D6-98EB-7EB70CC606DD} -> Adware.SafeSurfing : Cleaned with backup (quarantined).
C:\temp\SAHPackage.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\temp\sahagent.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\ReadMe.txt -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\save.db -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\save.htm -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SearchRelevancy\CLSID -> Adware.SearchRelevancy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Xhrmy -> Adware.SecondThought : Cleaned with backup (quarantined).
C:\Program Files\SideFind -> Adware.SideFind : Cleaned with backup (quarantined).
C:\Program Files\SideFind\sfbho.dll -> Adware.SideFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\SideFind -> Adware.SideFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00000000-F09C-02B4-6EC2-AD0300000000} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-F09C-02B4-6EC2-AD0300000000} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-F09C-02B4-6EC2-AD0300000000} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMO -> Adware.VX2 : Cleaned with backup (quarantined).
C:\WINDOWS\webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\whAgent.inf -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\whInstaller.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\WINDOWS\wt\backup\1.6.0.037\wcmdmgr.exe -> Adware.Wildtangent : Cleaned with backup (quarantined).
C:\WINDOWS\wt\updater\wcmdmgr.exe -> Adware.Wildtangent : Cleaned with backup (quarantined).
C:\Program Files\Windows ServeAd\WinAtServ.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\temp\Remover.exe -> Adware.Winad : Cleaned with backup (quarantined).
C:\WINDOWS\system32\protect1.exe -> Adware.WinComm : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\USDR6_0001_D19M2108\installer.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temporary Internet Files\Content.IE5\WTM7OXEZ\SystemDoctor2006FreeSetup[1].exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\Update\DialerOffline.dll.010 -> Dialer.DialerOffline : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Totem Shared\Update\dial.dll.015 -> Dialer.DialerOffline : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Video1\Dialers -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Siteicons -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Siteicons\gdimx -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Video1\Dialers -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1371315241-2291903390-2805738209-1003\Software\Video1\Dialers\Hot_Tarts_ie -> Dialer.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\iedisco.exe -> Dialer.Minidial.a : Cleaned with backup (quarantined).
C:\WINDOWS\Ole32ws.dll -> Dialer.OnlineDialer : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\inverstt.tmp -> Downloader.Age : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\supbkwxk.tmp -> Downloader.Age : Cleaned with backup (quarantined).
C:\WINDOWS\system32\BastaYa.exe -> Downloader.Age : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Netverchk.exe -> Downloader.Age : Cleaned with backup (quarantined).
C:\WINDOWS\system32\italfds.exe -> Downloader.Age : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\qms1.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\qms10.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\qms12.tmp -> Downloader.Age.c : Cleaned with backup (quarantined).

 

C:\WINDOWS\system32\MegasearchBarSetup.exe -> Downloader.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_17C.tmp -> Downloader.Agent.wp : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_18C.tmp -> Downloader.Agent.wp : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_AAC.tmp -> Downloader.Agent.wp : Cleaned with backup (quarantined).
C:\Program Files\Common Files\System\mplay64.exe -> Downloader.Agent.wp : Cleaned with backup (quarantined).
C:\Program Files\Common Files\sysdir\cxtpls_loader.exe -> Downloader.Apropo.r : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\sq4.3.exe -> Downloader.Bomka.r : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_688.tmp -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_6D8.tmp -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_A8.tmp -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\berxfglr.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bmcxurtd.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\brvktgrh.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cynynizj.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dondehdq.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\eavmxlux.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\eiqsxych.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\elxiwded.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\evqvexqq.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ewbdbfaj.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hgfedcba.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hwdfpamh.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\idvtobmg.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\imtiroyk.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\khamddqa.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kkbxczak.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\klcytziq.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kwkcprej.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ligohvoj.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lujwyfjm.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\luwomffs.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ndxvikvm.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nmmxzmmk.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\omethsxk.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ptseyrmf.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rwmwuhrc.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\shqfmhiq.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\stskszuh.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tfssmfir.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vnohoczq.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vrcqztli.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ytyxwcft.exe -> Downloader.Dluca : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_17CC.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_1A8.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_1D8.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_1DC.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_1F0.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_1F4.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_204.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_208.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_230.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_238.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_250.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_258.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_26C.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_280.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_2A4.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_2E0.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_2F4.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_350.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_368.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_40C.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_450.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_468.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_4F8.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_514.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_53C.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_580.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_58C.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_5EC.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_5F4.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_628.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_634.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_63C.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_640.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_64C.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_69C.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_6A8.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_6E0.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_6FC.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_710.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_720.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_724.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_734.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_738.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_744.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_760.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_770.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_7E4.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_81C.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_820.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_824.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_840.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_848.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_864.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_86C.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_870.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_884.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_888.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_894.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_898.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_89C.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_8D0.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_904.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_920.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_954.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_96C.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_970.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_9CC.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_9D0.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_A00.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_A04.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_A10.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_A24.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_A60.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_AC8.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_BC0.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_C4.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_C8.tmp -> Downloader.Dluca.ci : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_2C0.tmp -> Downloader.Dluca.cp : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Local Settings\Temp\lf_AB4.tmp -> Downloader.Dluca.cp : Cleaned with backup (quarantined).
C:\temp\optimize.exe -> Downloader.Dyfuca.du : Cleaned with backup (quarantined).
C:\Program Files\Common Files\sysdir\istinstall_157756.exe -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\istinstall_157756.exe -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\istinstall_145938.exe -> Downloader.IstBar.er : Cleaned with backup (quarantined).
C:\WINDOWS\system32\PreInstaller_p1.exe -> Downloader.Keenval.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\Ole32ws.inf -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TVM_B542.EXE -> Downloader.Small.wk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TVM_B5_42.EXE -> Downloader.Small.wk : Cleaned with backup (quarantined).
C:\WINDOWS\farmmext.exe -> Downloader.Stubby.c : Cleaned with backup (quarantined).
C:\WINDOWS\offun.exe -> Downloader.VB.hw : Cleaned with backup (quarantined).
C:\temp\NCasePackage.exe -> Dropper.180Solutions.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\trafficsector_b2search.exe -> Dropper.Agent.abb : Cleaned with backup (quarantined).
C:\Program Files\Common Files\sysdir\HeidiNorthcott_11yf05fg.exe -> Dropper.Mudrop.o : Cleaned with backup (quarantined).
C:\WINDOWS\system32\HeidiNorthcott_11yf05fg.exe -> Dropper.Small.nt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\11yf05fg.exe -> Dropper.Small.sc : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Tools\4002.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\ActiveSecurity.ocx -> Not-A-Virus.VirTool.Win32.Collector : Cleaned with backup (quarantined).
:mozilla.260:C:\Documents and Settings\Own
C:\WINDOWS\Q2238796.exe -> Trojan.Dialer.j : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\root\root.dll -> Trojan.IEService : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tdopqhky.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\Program Files\Tmug\Wrnzx.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).


::Report end

 

The ComoFix log:

"Owner" - 07-01-12 22:31:04 Service Pack 2
ComboFix 07-01-12 - Running from: "C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Desktop "

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adrot-uninst.exe
C:\WINDOWS\system32\adrotate.dll
C:\INSTALL.LOG


((((((((((((((((((((((((((((((( Files Created from 2006-12-12 to 2007-01-12 ))))))))))))))))))))))))))))))))))


2007-01-12 22:22 54,845 --a------ C:\WINDOWS\system32\newtrafficsector-remove.exe
2007-01-12 17:27 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-12 17:27 <DIR> d-------- C:\Program Files\Grisoft
2007-01-12 15:31 <DIR> d-------- C:\HJT
2007-01-10 12:36 119,808 --a------ C:\WINDOWS\system32\nst7.dll
2007-01-07 18:15 421,888 --a------ C:\WINDOWS\system32\asclcceo.dll
2007-01-07 18:15 36,864 --a------ C:\WINDOWS\system32\wbhllyjd.exe
2006-12-31 16:02 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\Morpheus
2006-12-31 16:00 <DIR> d-------- C:\Program Files\Morpheus
2006-12-17 21:40 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\SecondLife
2006-12-17 21:39 <DIR> d-------- C:\Program Files\SecondLife
2006-12-12 17:27 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-12 17:18 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-12 17:18 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-12 22:20 0 --a------ C:\DOCUME~1\OWNER~1.YOU\Application Data\internaldb41.dat
2007-01-12 22:20 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-12 22:19 -------- d-------- C:\Program Files\mozilla firefox
2007-01-12 22:15 -------- d-------- C:\Program Files\tmug
2007-01-12 17:00 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\xfire
2007-01-11 14:49 -------- d-------- C:\Program Files\call of duty
2007-01-07 18:15 45321 --a------ C:\WINDOWS\system32\caunst.exe
2007-01-01 19:58 -------- d-------- C:\Program Files\java
2006-12-22 12:53 -------- d---s---- C:\Program Files\xfire
2006-12-13 13:20 -------- d-------- C:\Program Files\google
2006-12-12 19:12 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\adobeum
2006-12-12 17:25 -------- d-------- C:\DOCUME~1\OWNER~1.YOU\Application Data\imvu
2006-12-05 18:45 71680 --a------ C:\WINDOWS\system32\gdimx.exe
2006-11-16 14:45 36864 --a------ C:\WINDOWS\system32\slimptfr.exe
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-03 02:36 81408 --a------ C:\WINDOWS\system32\nsy4.dll
2006-10-19 13:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 10:21 79360 --a------ C:\WINDOWS\system32\nst11f.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"updateMgr "= "\ "C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1 "
"swg "= "C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" "
"ccRegVfy "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\" "
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"Blubster "= "C:\\Program Files\\Blubster\\Blubster.exe SILENT "
"FSWebServer "= "C:\\Program Files\\Easy File Sharing Web Server\\fsws.exe "
"PG09¿ÃŒ*ú*ÀaîžaaîžaaC:\\Program Files\\ISTsvc\\istsvc.exe "= "C:\\WINDOWS\\pghvmhr.exe "
"SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\" "
"PG09¿ÃŒ*ÀaîžaîžaaøYC:\\Program Files\\ISTsvc\\istsvc.exe "= "C:\\WINDOWS\\pghvmhr.exe "
"UsbD "= "C:\\WINDOWS\\system32\\smss32.exe "
"SearchUpgrader "= "C:\\Program Files\\Common files\\SearchUpgrader\\SearchUpgrader.exe "
"Irzzz "= "C:\\Program Files\\Tmug\\Wrnzx.exe "
"AutoUpdater "= "\ "C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\" "
"UserFaultCheck "=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"Symantec NetDriver Monitor "= "C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer "
"enydghp "= "C:\\WINDOWS\\enydghp.EXE "
"yoegtcq "= "C:\\WINDOWS\\yoegtcq.EXE "
"sdjxryb "= "C:\\WINDOWS\\sdjxryb.EXE "
"adodtuv "= "C:\\WINDOWS\\adodtuv.EXE "
"qxjgaqn "= "C:\\WINDOWS\\qxjgaqn.EXE "
"WT GameChannel "= "C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe "
"wcmdmgr "= "C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch "
"iplknxv "= "C:\\WINDOWS\\iplknxv.exe "
"xxknquc "= "C:\\WINDOWS\\xxknquc.EXE "
"uoapzoa "= "C:\\WINDOWS\\uoapzoa.EXE "
"hxtxzoa "= "C:\\WINDOWS\\hxtxzoa.EXE "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"ijhxgnd "= "C:\\WINDOWS\\ijhxgnd.EXE "
"nwiz "= "nwiz.exe /install "
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
"KernelFaultCheck "=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"gdimx "= "c:\\windows\\system32\\gdimx.exe /nocomm "
"mplay64 "= "c:\\program files\\common files\\system\\deb60b13.exe /noerrorinfo "
"TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"adstart "= "C:\\WINDOWS\\System32\\Rundll32.exe \ "C:\\WINDOWS\\system32\\adrotate.dll\" DllVerify "
"!AVG Anti-Spyware "= "\ "C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange "= "1 "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj "= "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"\\1.exe "= "C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Tools\\1.exe "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"\\1.exe "= "C:\\DOCUME~1\\ALLUSE~1\\APPLIC~1\\Tools\\1.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-12 22:36:48

 

I'm drunk god dam it. but i'm happy. To hell with these virus. soon they will be mine...

 

Quick question:

Was the HJT log file created after running the AVG scan and after running ComboFix?

It will be a while before I post back, not til either very late tonite or tomorrow morning. I'm in AZ on MST time and I'm on til bout 2AM on weekends.

 

Yes

 

OK, lets fix some stuff and then get some more scans.

Please do as instructed below in the order presented.

Update the AVG anti-spyware scanner, there was an update already this morning.

Download Atribunes ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
• Tick the following boxes:
  • Windows Temp
  • Current User Temp
  • All User Temp
  • Cookies<<<<---by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.
  • Temporary Internet Files
  • History
  • Prefetch
  • Java Cache
• Click the [Empty Selected] button.

We'll empty the Recycle Bin later, once we know you're all cleaned up and nothing needs to be restored.


Then we need to stop the Windows Overlay Components service:
Go to: Start > Run > type " services.msc ", then click OK

When the Services window appears scroll down to the Windows Overlay Components service.

Click it to highlight it, then <right-click> and select: Properties
Select and set "Service Status" option to "Stop"
Select: "Startup type" and set it to "Disabled ", click Apply, then OK.


Access your Add or Remove Programs Control Panel by hitting your [Start] button, select Control Panel and click on Add or Remove Programs. Then find the following programs and click the [Change|Remove] button for each, if they are listed. If they are not, continue with instructions
Tmug
AutoUpdate
Wild Tangent
ISTsvc


Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =


O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)

O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - (no file)

O2 - BHO: SSL encrypt - {0B6899B6-1564-43e0-BD93-F7CF930A5E5C} - C:\WINDOWS\system32\nst7.dll

O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\system32\rsyncmon.dll (file missing)

O2 - BHO: Katze - {2A611133-1C57-4DFB-A05C-07EE3BFE6D34} - C:\WINDOWS\system32\nsz231.dll

O2 - BHO: RunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcbltria.dll (file missing)

O2 - BHO: SelasI Class - {59F4F380-01A0-4083-9FA4-E3B827319F7E} - C:\WINDOWS\system32\vcbhsvpi.dll

O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmaawi.dll (file missing)

O2 - BHO: Iconizer - {AA1A4F83-B4AC-4859-8C91-21DBE6C5625B} - C:\WINDOWS\system32\nodeipproc.dll

O2 - BHO: Hoja Class - {C07F60AC-688D-4F3E-89EC-30B281BDD2CC} - C:\WINDOWS\system32\asclcceo.dll

O2 - BHO: Root.CERT - {D6EAC4ED-2842-4FB6-A8B4-B1A300A1F2F9} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\root\root.dll (file missing)

O2 - BHO: AD Rotator - {EEC590D8-0A3C-4464-BB20-25A4747992F9} - C:\WINDOWS\system32\adrotate.dll (file missing)


O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT

O4 - HKLM\..\Run: [FSWebServer] C:\Program Files\Easy File Sharing Web Server\fsws.exe

O4 - HKLM\..\Run: [PG09¿ÃŒ*ú*ÀaîžaaîžaaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\pghvmhr.exe

O4 - HKLM\..\Run: [PG09¿ÃŒ*ÀaîžaîžaaøYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\pghvmhr.exe

O4 - HKLM\..\Run: [UsbD] C:\WINDOWS\system32\smss32.exe

O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe

O4 - HKLM\..\Run: [Irzzz] C:\Program Files\Tmug\Wrnzx.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe "

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [enydghp] C:\WINDOWS\enydghp.EXE

O4 - HKLM\..\Run: [yoegtcq] C:\WINDOWS\yoegtcq.EXE

O4 - HKLM\..\Run: [sdjxryb] C:\WINDOWS\sdjxryb.EXE

O4 - HKLM\..\Run: [adodtuv] C:\WINDOWS\adodtuv.EXE

O4 - HKLM\..\Run: [qxjgaqn] C:\WINDOWS\qxjgaqn.EXE

O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [iplknxv] C:\WINDOWS\iplknxv.exe

O4 - HKLM\..\Run: [xxknquc] C:\WINDOWS\xxknquc.EXE

O4 - HKLM\..\Run: [uoapzoa] C:\WINDOWS\uoapzoa.EXE

O4 - HKLM\..\Run: [hxtxzoa] C:\WINDOWS\hxtxzoa.EXE

O4 - HKLM\..\Run: [ijhxgnd] C:\WINDOWS\ijhxgnd.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [gdimx] c:\windows\system32\gdimx.exe /nocomm

O4 - HKLM\..\Run: [mplay64] c:\program files\common files\system\deb60b12.exe /noerrorinfo

O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adrotate.dll" DllVerify


O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab


O18 - Protocol: advert - {7DC356B2-7366-4F19-BF7A-4875F6AABEA0} - C:\WINDOWS\system32\nodeipproc.dll


O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\bdwyvgx.exe (file missing)


Reboot the system into safe mode, run the AVG scan, quarentining anything it finds.


Reboot back into normal and run ComboFix again, then run HJT and post all 3 logs for me to view.

 

Sorry for the delay, i had college exams.

Logfile of HijackThis v1.99.1
Scan saved at 17:19:27, on 18/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner.YOUR-MROVHEFA71\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10908.dll' missing
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe