1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Major slow down with computer with added popup bonus

Discussion in 'Malware and Virus Removal Archive' started by tork30, 2007/12/27.

Page 1 of 2
  1. 2007/12/27
    tork30

    tork30 Inactive Thread Starter

    Joined:
    2006/08/13
    Messages:
    41
    Likes Received:
    0
    I have recently been getting a ton of pops up and my computer is running very slowly. I am posting the Deckards System Scan to start with. Last time this happened you guys were a huge help and I really appreciated it! Thanks!

    Deckard's System Scanner v20071014.68
    Run by Joey on 2007-12-27 17:17:00
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    28: 2007-12-27 23:17:26 UTC - RP1213 - Deckard's System Scanner Restore Point
    27: 2007-12-27 03:17:13 UTC - RP1212 - Spybot-S&D Spyware removal
    26: 2007-12-27 01:10:50 UTC - RP1211 - Last known good configuration
    25: 2007-12-26 02:50:19 UTC - RP1210 - System Checkpoint
    24: 2007-12-24 20:07:05 UTC - RP1209 - Configured Command and ConquerTM Generals Zero Hour


    -- First Restore Point --
    1: 2007-11-29 05:15:11 UTC - RP1186 - Removed Microsoft ActiveSync 4.0


    Backed up registry hives.
    Performed disk cleanup.

    Percentage of Memory in Use: 79% (more than 75%).
    Total Physical Memory: 511 MiB (512 MiB recommended).
    System Drive C: has 3.33 GiB (less than 15%) free.


    -- HijackThis (run as Joey.exe) ------------------------------------------------

    Unable to find log (file not found); running clone.
    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2007-12-27 17:24:24
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\SYSTEM32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\SYSTEM32\services.exe
    C:\WINDOWS\SYSTEM32\lsass.exe
    C:\WINDOWS\SYSTEM32\svchost.exe
    C:\WINDOWS\SYSTEM32\svchost.exe
    C:\WINDOWS\SYSTEM32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe
    C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
    C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\WINDOWS\SYSTEM32\cisvc.exe
    C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\SYSTEM32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\SYSTEM32\svchost.exe
    C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
    C:\WINDOWS\SYSTEM32\fxssvc.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\WINDOWS\SYSTEM32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray .exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt .exe
    C:\Program Files\Common Files\Real\Update_OB\realsched .exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub .exe
    C:\WINDOWS\winshow .exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4 .exe
    C:\WINDOWS\mrofinu77.exe
    C:\WINDOWS\troy44.exe
    C:\Program Files\iTunes\iTunesHelper .exe
    C:\WINDOWS\troy44.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\SYSTEM32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    C:\WINDOWS\troy44 .exe
    C:\WINDOWS\mrofinu77 .exe
    C:\WINDOWS\troy44 .exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd .exe
    C:\WINDOWS\winshow .exe
    C:\Program Files\MSN Messenger\msnmsgr .exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    C:\Program Files\Microsoft ActiveSync\rapimgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\SYSTEM32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
    C:\Documents and Settings\Joey\Local Settings\Temporary Internet Files\Content.IE5\V3KW8ZGP\dss[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R3 - Default URLSearchHook is missing
    F0 - win.ini: load=C:\WINDOWS\system32\jkkjj.exe
    F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe,
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} - C:\WINDOWS\SYSTEM32\opnnklk.dll
    O2 - BHO: (no name) - {4561510E-137C-46F9-AE80-EA6293C9DC45} - C:\WINDOWS\SYSTEM32\jkkjj.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: {f9ac4b52-af6c-f23b-1cf4-2d085caea33c} - {c33aeac5-80d2-4fc1-b32f-c6fa25b4ca9f} - C:\WINDOWS\SYSTEM32\cxvokxrk.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe "
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe "
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
    O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
    O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
    O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow .exe "
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
    O4 - HKLM\..\Run: [troy44] C:\WINDOWS\troy44.exe
    O4 - HKLM\..\Run: [d891e16f] rundll32.exe "C:\WINDOWS\system32\otsoyoil.dll ",b
    O4 - HKLM\..\Run: [troy44 ] C:\WINDOWS\troy44 .exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm .exe "
    O4 - Startup: PowerReg Scheduler V3 .exe
    O4 - Startup: PowerReg Scheduler V3 .exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    O4 - Global Startup: Windows Desktop Search.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
    O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\SYSTEM32\ackpbsc.dll
    O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
    O20 - Winlogon Notify: opnnklk - C:\WINDOWS\system32\opnnklk.dll
    O23 - Service: ActivClient Authentication Service (acachsrv) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe
    O23 - Service: ActivClient Auto-Update Service (acautoup) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
    O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
    O24 - Desktop Component 0: Desktop Uninstall - C:\WINDOWS\warnhp.html

    --
    End of file - 14489 bytes

    -- HijackThis Fixed Entries (C:\ANTISP~1\backups\) -----------------------------

    backup-20060820-201604-102 O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    backup-20060820-201604-351 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    backup-20060820-201604-579 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    backup-20060820-201604-583 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    backup-20060820-201604-615 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    backup-20060820-201604-716 O20 - Winlogon Notify: cdoss50 - C:\WINDOWS\SYSTEM32\cdoss50.dll
    backup-20060820-201604-792 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    backup-20060820-201604-803 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    backup-20060820-201604-842 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    backup-20060820-201604-886 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    backup-20060820-201604-956 O2 - BHO: (no name) - {44fce9b7-0b73-4e0c-aa40-e08bd01fef6c} - C:\WINDOWS\system32\cdoss50.dll
    backup-20060820-201604-978 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    backup-20060820-204615-339 O2 - BHO: (no name) - {44fce9b7-0b73-4e0c-aa40-e08bd01fef6c} - C:\WINDOWS\system32\cdoss50.dll
    backup-20060820-204653-356 O20 - Winlogon Notify: cdoss50 - C:\WINDOWS\SYSTEM32\cdoss50.dll
    backup-20060824-203015-685 O20 - Winlogon Notify: cdoss50 - cdoss50.dll (file missing)
    backup-20060824-222726-460 O2 - BHO: (no name) - {44fce9b7-0b73-4e0c-aa40-e08bd01fef6c} - C:\WINDOWS\system32\cdoss50.dll (file missing)

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
    R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
    R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
    R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
    R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
    R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
    R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

    S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
    S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 acachsrv (ActivClient Authentication Service) - "c:\program files\actividentity\activclient\acachsrv.exe" <Not Verified; ActivIdentity; ActivClient Services>
    R2 acautoup (ActivClient Auto-Update Service) - "c:\program files\actividentity\activclient\acautoup.exe" <Not Verified; ActivIdentity; ActivClient Services>
    R2 accoca (ActivClient Middleware Service) - "c:\program files\actividentity\activclient\accoca.exe" <Not Verified; ActivIdentity; ActivClient Services>
    R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

    S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2007-12-22 07:36:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2007-11-27 and 2007-12-27 -----------------------------

    2007-12-27 17:04:47 35840 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow>
    2007-12-27 16:32:09 212992 --a------ C:\WINDOWS\troy44 .exe <Not Verified; ; troy44>
    2007-12-27 16:31:53 386048 --a------ C:\WINDOWS\winshow .exe <Not Verified; ; winshow>
    2007-12-27 16:31:09 406016 --a------ C:\WINDOWS\system32\PSDrvCheck .exe
    2007-12-27 07:14:44 81984 --a------ C:\WINDOWS\system32\cxvokxrk.dll
    2007-12-27 07:14:06 90176 --a------ C:\WINDOWS\system32\otsoyoil.dll
    2007-12-26 19:10:41 348160 --a------ C:\WINDOWS\system32\jkkjj.exe
    2007-12-26 19:10:03 84886 --ahs---- C:\WINDOWS\system32\jjkkj.ini2
    2007-12-26 19:09:56 344576 --a------ C:\WINDOWS\system32\jkkjj.dll
    2007-12-26 19:05:18 39936 --a------ C:\WINDOWS\mrofinu77.exe
    2007-12-26 19:04:41 39936 --a------ C:\WINDOWS\system32\opnnklk.dll
    2007-12-26 19:04:28 0 d-------- C:\WINDOWS\system32\ardCo02
    2007-12-26 19:04:27 0 d-------- C:\Temp
    2007-12-26 19:04:14 386048 --a------ C:\WINDOWS\winshow.exe <Not Verified; ; winshow>
    2007-12-25 04:55:00 53760 --a------ C:\WINDOWS\b122.exe
    2007-12-24 14:31:11 0 d-------- C:\WINDOWS\system32\NtmsData
    2007-12-19 16:05:48 563200 --a------ C:\WINDOWS\troy44.exe <Not Verified; ; troy44>
    2007-12-09 15:06:02 0 d-------- C:\Documents and Settings\Joey\System
    2007-12-09 15:06:02 0 d-------- C:\Documents and Settings\Joey\Application Data\SmartDraw
    2007-12-09 14:56:53 0 d-------- C:\Program Files\SmartDraw 2008
    2007-12-04 20:41:10 0 d-------- C:\Program Files\ApproveIt
    2007-12-03 09:04:07 0 d-------- C:\Documents and Settings\Joey\Application Data\PureEdge
    2007-12-03 09:03:56 0 d-------- C:\Documents and Settings\All Users\Application Data\PureEdge
    2007-12-03 09:03:53 172032 --a------ C:\WINDOWS\system32\SSCE5332.dll <Not Verified; Wintertree Software Inc.; Sentry Spelling-Checker Engine Windows SDK>
    2007-12-03 09:03:23 0 d-------- C:\Program Files\PureEdge


    -- Find3M Report ---------------------------------------------------------------

    2007-12-27 17:05:05 0 d-------- C:\Program Files\Microsoft ActiveSync
    2007-12-27 17:04:38 0 d-------- C:\Program Files\QuickTime
    2007-12-27 17:03:52 0 d-------- C:\Program Files\iTunes
    2007-12-27 17:03:40 763904 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
    2007-12-27 17:03:35 0 d-------- C:\Program Files\MSN Messenger
    2007-12-27 10:27:50 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
    2007-12-27 10:27:50 288 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
    2007-12-26 21:19:19 0 d-------- C:\Program Files\Common Files
    2007-12-24 14:19:35 0 d-------- C:\Program Files\MySpace
    2007-12-24 14:10:20 0 d-------- C:\Program Files\VISTAS2e
    2007-12-24 14:08:52 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-12-15 21:10:11 0 d-------- C:\Documents and Settings\Joey\Application Data\Canon
    2007-12-09 06:55:27 0 d-------- C:\Documents and Settings\Joey\Application Data\AdobeUM
    2007-12-09 06:55:24 0 d-------- C:\Program Files\Common Files\Adobe
    2007-11-28 23:18:09 2528 --a------ C:\Documents and Settings\Joey\Application Data\$_hpcst$.hpc
    2007-11-18 22:24:05 0 d-------- C:\Program Files\DivX
    2007-11-18 21:10:52 0 d-------- C:\Program Files\Dell Support Center
    2007-11-18 21:10:31 0 d-------- C:\Program Files\Common Files\supportsoft
    2007-11-13 21:50:47 81 --a------ C:\CTX.DAT
    2007-11-05 16:24:10 0 d-------- C:\Program Files\Dell
    2007-10-27 09:12:17 0 d-------- C:\Program Files\Apple Software Update


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73}]
    12/26/2007 07:04 PM 39936 --a------ C:\WINDOWS\system32\opnnklk.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4561510E-137C-46F9-AE80-EA6293C9DC45}]
    12/26/2007 07:09 PM 344576 --a------ C:\WINDOWS\system32\jkkjj.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c33aeac5-80d2-4fc1-b32f-c6fa25b4ca9f}]
    12/27/2007 07:14 AM 81984 --a------ C:\WINDOWS\system32\cxvokxrk.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vptray "= "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [12/27/2007 05:03 PM]
    "PinnacleDriverCheck "= "C:\WINDOWS\system32\PSDrvCheck.exe" [12/27/2007 05:03 PM]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [12/10/2005 03:06 AM]
    "nwiz "= "nwiz.exe" [12/10/2005 03:06 AM C:\WINDOWS\SYSTEM32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [12/10/2005 03:06 AM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/27/2007 05:03 PM]
    "@ "=" " []
    "accrdsub "= "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [12/27/2007 05:03 PM]
    "CanonMyPrinter "= "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [12/27/2007 05:03 PM]
    "SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [12/27/2007 05:03 PM]
    "OpwareSE4 "= "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [12/27/2007 05:03 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [12/27/2007 05:03 PM]
    "KernelFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -k" []
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask .exe" [12/27/2007 05:04 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [12/27/2007 05:03 PM]
    "masqform.exe "= "C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [12/27/2007 05:04 PM]
    "AprvRemoveLegacyExcelKeys "= "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" [12/27/2007 05:04 PM]
    "AprvRemoveLegacyWordKeys "= "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" [12/27/2007 05:04 PM]
    "winshow "= "C:\WINDOWS\winshow .exe" [12/27/2007 05:04 PM]
    "runner1 "= "C:\WINDOWS\mrofinu77.exe" [12/27/2007 05:04 PM]
    "troy44 "= "C:\WINDOWS\troy44.exe" [12/27/2007 05:04 PM]
    "d891e16f "= "C:\WINDOWS\system32\otsoyoil.dll" [12/27/2007 07:14 AM]
    "troy44 "= "C:\WINDOWS\troy44 .exe" [12/27/2007 05:04 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [12/27/2007 05:03 PM]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/27/2007 05:03 PM]
    "DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [12/27/2007 05:03 PM]
    "MoneyAgent "= "C:\Program Files\Microsoft Money\System\mnyexpr.exe" []
    "H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\wcescomm .exe" [12/27/2007 05:05 PM]

    C:\Documents and Settings\Joey\Start Menu\Programs\Startup\
    DESKTOP.INI [9/3/2002 8:00:00 AM]
    PowerReg Scheduler V3 .exe [12/27/2007 5:06:23 PM]
    PowerReg Scheduler V3 .exe [12/27/2007 5:03:28 PM]
    PowerReg Scheduler V3.exe [12/27/2007 5:03:29 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe [7/15/2007 8:18:01 PM]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DESKTOP.INI [9/3/2002 8:00:00 AM]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [11/22/2005 6:34:48 PM]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [11/22/2005 6:34:42 PM]
    Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [9/20/2005 6:10:04 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoActiveDesktop "=0 (0x0)
    "ForceActiveDesktopOn "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\WINDOWS\warnhp.html
    FriendlyName= Desktop Uninstall

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} "= C:\WINDOWS\system32\opnnklk.dll [12/26/2007 07:04 PM 39936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    C:\WINDOWS\system32\ackpbsc.dll 07/15/2007 08:18 PM 101888 C:\WINDOWS\SYSTEM32\ackpbsc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    C:\Program Files\ActivIdentity\ActivClient\acunlock.dll 07/15/2007 08:18 PM 260096 C:\Program Files\ActivIdentity\ActivClient\acunlock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnklk]
    opnnklk.dll 12/26/2007 07:04 PM 39936 C:\WINDOWS\SYSTEM32\opnnklk.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages "= msv1_0 C:\WINDOWS\system32\jkkjj

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
    REGSVR32.EXE /S CTASIO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    C:\WINDOWS\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
    C:\WINDOWS\System32\DSentry.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
    C:\WINDOWS\system32\gah95on6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iwuz]
    C:\PROGRA~1\COMMON~1\iwuz\iwuzm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnwfraup]
    c:\windows\system32\jnwfraup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
    C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
    "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "C:\Program Files\Dell\Media Experience\PCMService.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSync]
    C:\WINDOWS\system32\netsync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
    /L:ENG

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\secure]
    C:\WINDOWS\system32\Wxcqzo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    C:\WINDOWS\UpdReg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\version]
    C:\WINDOWS\system32\Elwcfv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
    C:\WINDOWS\wupdt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe




    -- End of Deckard's System Scanner: finished at 2007-12-27 17:27:07 ------------
     
    tork30,
    #1
  2. 2007/12/28
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi tork30

    Please do these in the order given.

    Please download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


    Download ComboFix from [color= "Red"]Here[/color] to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


    Please post the Vundo log and the Combofix log. and a new HJT log.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2007/12/30
    tork30

    tork30 Inactive Thread Starter

    Joined:
    2006/08/13
    Messages:
    41
    Likes Received:
    0
    Thanks for the reply...here is the progress

    Geri- Thanks for the reply. I tried the Vundo remover and it could not get rid of one of the files so I couldn't get the vundofix.txt for some reason. I will although post the combofix and the new hijack this log. Thanks a lot for your help. Hopefully together we can solve this problem!

    Joey - 07-12-30 15:04:52.95
    ComboFix 06.08.18 - Running from: C:\Documents and Settings\Joey\Desktop\Spyware

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\Joey\Application Data\Install.dat
    C:\WINDOWS\SYSTEM32\atmtd.dll
    C:\WINDOWS\SYSTEM32\atmtd.dll._
    C:\WINDOWS\Sm9leQ
    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Documents and Settings\Joey\My Documents\SSTEM~1
    C:\QooBox\Purity\Documents and Settings\Joey\My Documents\SSTEM~1\svchost.exe
    C:\QooBox\Purity\Documents and Settings\Joey\My Documents\SSTEM~1\s?stem


    ((((((((((((((((((((((((((((((( Files Created from 2007-11-30 to 2007-12-30 ))))))))))))))))))))))))))))))))))


    2007-12-27 16:32 212,992 C:\WINDOWS\troy44 .exe
    2007-12-27 16:31 406,016 C:\WINDOWS\system32\PSDrvCheck .exe
    2007-12-26 19:05 39,936 C:\WINDOWS\mrofinu77.exe
    2007-12-26 19:04 39,936 C:\WINDOWS\system32\opnnklk.dll
    2007-12-25 04:55 53,760 C:\WINDOWS\b122.exe
    2007-12-19 16:05 212,992 C:\WINDOWS\troy44.exe
    2007-12-03 09:03 172,032 C:\WINDOWS\system32\SSCE5332.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-12-29 09:35 406016 --a------ C:\WINDOWS\SYSTEM32\PSDrvCheck.exe
    2007-12-29 09:25 39936 --a------ C:\WINDOWS\mrofinu77.exe
    2007-12-29 09:25 212992 --a------ C:\WINDOWS\troy44.exe
    2007-12-29 09:25 212992 --a------ C:\WINDOWS\troy44 .exe
    2007-12-29 09:19 -------- d-------- C:\Program Files\QuickTime
    2007-12-29 09:19 -------- d-------- C:\Program Files\Microsoft ActiveSync
    2007-12-29 09:19 -------- d-------- C:\Program Files\iTunes
    2007-12-29 09:18 -------- d-------- C:\Program Files\MSN Messenger
    2007-12-27 17:04 406016 --a------ C:\WINDOWS\SYSTEM32\PSDrvCheck .exe
    2007-12-26 21:19 -------- d-------- C:\Program Files\Common Files
    2007-12-26 19:04 39936 --------- C:\WINDOWS\SYSTEM32\opnnklk.dll
    2007-12-25 02:54 53760 --a------ C:\WINDOWS\b122.exe
    2007-12-24 14:19 -------- d-------- C:\Program Files\MySpace
    2007-12-24 14:15 -------- d-------- C:\Program Files\SmartDraw 2008
    2007-12-24 14:10 -------- d-------- C:\Program Files\VISTAS2e
    2007-12-24 14:08 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-12-15 21:13 -------- d---s---- C:\Documents and Settings\Joey\Application Data\Microsoft
    2007-12-15 21:10 -------- d-------- C:\Documents and Settings\Joey\Application Data\Canon
    2007-12-12 03:03 -------- d-------- C:\Program Files\Internet Explorer
    2007-12-09 16:43 -------- d-------- C:\Documents and Settings\Joey\Application Data\SmartDraw
    2007-12-09 06:55 -------- d-------- C:\Program Files\Common Files\Adobe
    2007-12-09 06:55 -------- d-------- C:\Documents and Settings\Joey\Application Data\AdobeUM
    2007-12-04 20:41 -------- d-------- C:\Program Files\ApproveIt
    2007-12-03 09:04 -------- d-------- C:\Documents and Settings\Joey\Application Data\PureEdge
    2007-12-03 09:03 -------- d-------- C:\Program Files\PureEdge
    2007-11-28 23:18 2528 --a------ C:\Documents and Settings\Joey\Application Data\$_hpcst$.hpc
    2007-11-18 22:24 -------- d-------- C:\Program Files\DivX
    2007-11-18 21:10 -------- d-------- C:\Program Files\Dell Support Center
    2007-11-18 21:10 -------- d-------- C:\Program Files\Common Files\supportsoft
    2007-11-13 05:31 60416 --a------ C:\WINDOWS\SYSTEM32\tzchange.exe
    2007-11-13 04:25 20480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys
    2007-11-05 16:24 -------- d-------- C:\Program Files\Dell
    2007-10-29 16:43 1287680 --a------ C:\WINDOWS\SYSTEM32\quartz.dll
    2007-10-27 17:40 227328 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
    2007-10-10 17:56 232960 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
    2007-10-10 17:55 63488 --a------ C:\WINDOWS\SYSTEM32\icardie.dll
    2007-10-10 17:55 6065664 --a------ C:\WINDOWS\SYSTEM32\ieframe.dll
    2007-10-10 17:55 52224 --a------ C:\WINDOWS\SYSTEM32\msfeedsbs.dll
    2007-10-10 17:55 459264 --a------ C:\WINDOWS\SYSTEM32\msfeeds.dll
    2007-10-10 17:55 44544 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
    2007-10-10 17:55 384512 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
    2007-10-10 17:55 383488 --a------ C:\WINDOWS\SYSTEM32\ieapfltr.dll
    2007-10-10 17:55 267776 --a------ C:\WINDOWS\SYSTEM32\iertutil.dll
    2007-10-10 17:55 230400 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
    2007-10-10 17:55 153088 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
    2007-10-10 17:55 124928 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
    2007-10-10 17:55 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
    2007-10-10 17:55 102400 --a------ C:\WINDOWS\SYSTEM32\occache.dll
    2007-10-10 04:59 70656 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
    2007-10-10 04:59 13824 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
    2007-10-09 23:46 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vptray "= "C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe "
    "PinnacleDriverCheck "= "C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg "
    "NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
    "nwiz "= "nwiz.exe /install "
    "NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
    "TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
    @=" "
    "accrdsub "= "\ "C:\\Program Files\\ActivIdentity\\ActivClient\\accrdsub.exe\" "
    "CanonMyPrinter "= "C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon "
    "SSBkgdUpdate "= "\ "C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot "
    "OpwareSE4 "= "\ "C:\\Program Files\\ScanSoft\\OmniPageSE4.0\\OpwareSE4.exe\" "
    "iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
    "QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask .exe\" -atboottime "
    "dscactivate "= "\ "C:\\Program Files\\Dell Support Center\\gs_agent\\custom\\dsca.exe\" "
    "masqform.exe "= "C:\\Program Files\\PureEdge\\Viewer 6.5\\masqform.exe -RunOnce "
    "AprvRemoveLegacyExcelKeys "= "\ "C:\\Program Files\\ApproveIt\\Support\\Tools\\AprvClean.exe\" -k HKCU SOFTWARE\\Microsoft\\Office\\Excel\\Addins\\OfficeAddIn.OfficeAddIn "
    "AprvRemoveLegacyWordKeys "= "\ "C:\\Program Files\\ApproveIt\\Support\\Tools\\AprvClean.exe\" -k HKCU SOFTWARE\\Microsoft\\Office\\Word\\Addins\\OfficeAddIn.OfficeAddIn "
    "winshow "= "\ "C:\\WINDOWS\\winshow .exe\" "
    "runner1 "= "C:\\WINDOWS\\mrofinu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DBE80DC744B6CDE3F516CAC59B6 "
    "troy44 "= "C:\\WINDOWS\\troy44.exe "
    "d891e16f "= "rundll32.exe \ "C:\\WINDOWS\\system32\\otsoyoil.dll\ ",b "
    "troy44 "= "C:\\WINDOWS\\troy44 .exe "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed "= "1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed "= "1 "
    "NoChange "= "1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed "= "1 "

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "\ "C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background "
    "ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "
    "swg "= "C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe "
    "DellSupportCenter "= "\ "C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter "
    "MoneyAgent "= "\ "C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\" "
    "H/PC Connection Agent "= "\ "C:\\Program Files\\Microsoft ActiveSync\\wcescomm .exe\" "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoCDBurning "=dword:00000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "dontdisplaylastusername "=dword:00000000
    "legalnoticecaption "=" "
    "legalnoticetext "=" "
    "shutdownwithoutlogon "=dword:00000001
    "undockwithoutlogon "=dword:00000001

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091
    "NoActiveDesktop "=dword:00000000
    "ClassicShell "=dword:00000000
    "ForceActiveDesktopOn "=dword:00000000

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion "=dword:00000110
    "DeskHtmlMinorVersion "=dword:00000005
    "Settings "=dword:00000001
    "GeneralFlags "=dword:00000001

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source "= "C:\\WINDOWS\\warnhp.html "
    "SubscribedURL "=" "
    "FriendlyName "= "Desktop Uninstall "
    "Flags "=dword:00000002
    "Position "=hex:2c,00,00,00,b0,00,00,00,38,00,00,00,1c,01,00,00,27,01,00,00,e8,\
    03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState "=hex:01,00,00,40
    "OriginalStateInfo "=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,02,00,00,00
    "RestoredStateInfo "=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,01,00,00,00

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source "= "About:Home "
    "SubscribedURL "= "About:Home "
    "FriendlyName "= "My Current Home Page "
    "Flags "=dword:00000002
    "Position "=hex:2c,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,ea,\
    03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState "=hex:01,00,00,00
    "OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo "=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe "

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe "

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
    "{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
    "{2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} "=" "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    "path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digital Line Detect.lnk "
    "backup "= "C:\\WINDOWS\\pss\\Digital Line Detect.lnkCommon Startup "
    "location "= "Common Startup "
    "command "= "C:\\PROGRA~1\\DIGITA~1\\DLG.exe "
    "item "= "Digital Line Detect "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    "path "= "C:\\Documents and Settings\\Joey\\Start Menu\\Programs\\Startup\\PowerReg Scheduler V3.exe "
    "backup "= "C:\\WINDOWS\\pss\\PowerReg Scheduler V3.exeStartup "
    "location "= "Startup "
    "command "= "C:\\Documents and Settings\\Joey\\Start Menu\\Programs\\Startup\\PowerReg Scheduler V3.exe "
    "item "= "PowerReg Scheduler V3 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\AsioReg]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "REGSVR32 "
    "hkey "= "HKLM "
    "command "= "REGSVR32.EXE /S CTASIO.DLL "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\CTDVDDet]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "CTDVDDet "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\CTHelper]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "CTHELPER "
    "hkey "= "HKLM "
    "command "= "CTHELPER.EXE "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\CTSysVol]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "CTSysVol "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\dla]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "tfswctrl "
    "hkey "= "HKLM "
    "command "= "C:\\WINDOWS\\system32\\dla\\tfswctrl.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\DVDSentry]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "DSentry "
    "hkey "= "HKLM "
    "command "= "C:\\WINDOWS\\System32\\DSentry.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\gah95on6]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "gah95on6 "
    "hkey "= "HKLM "
    "command "= "C:\\WINDOWS\\system32\\gah95on6.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\iwuz]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "iwuzm "
    "hkey "= "HKCU "
    "command "= "C:\\PROGRA~1\\COMMON~1\\iwuz\\iwuzm.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\jnwfraup]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "jnwfraup "
    "hkey "= "HKLM "
    "command "= "c:\\windows\\system32\\jnwfraup.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MCAgentExe]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "mcagent "
    "hkey "= "HKLM "
    "command "= "c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MCUpdateExe]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "McUpdate "
    "hkey "= "HKLM "
    "command "= "C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\mmtask]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "mmtask "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MMTray]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "mm_tray "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MPFExe]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "MpfTray "
    "hkey "= "HKLM "
    "command "= "C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MPSExe]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "mscifapp "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\McAfee.com\\MPS\\mscifapp.exe /embedding "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\msnappau]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "msnappau "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\MSN Apps\\Updater\\01.02.3000.1001\\en-us\\msnappau.exe\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MsnMsgr]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "MsnMsgr "
    "hkey "= "HKCU "
    "command "= "\ "C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NvCplDaemon]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "NvCpl "
    "hkey "= "HKLM "
    "command "= "RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Omnipage]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "opware32 "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\PCMService]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "PCMService "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\QuickTime Task]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "qttask "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\RSync]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "netsync "
    "hkey "= "HKLM "
    "command "= "C:\\WINDOWS\\system32\\netsync.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SB Audigy 2 Startup Menu]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "=" /L:ENG "
    "hkey "= "HKCU "
    "command "=" /L:ENG "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\secure]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "Wxcqzo "
    "hkey "= "HKLM "
    "command "= "C:\\WINDOWS\\system32\\Wxcqzo.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Sonic RecordNow!]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "=" "
    "hkey "= "HKCU "
    "command "=" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\TkBellExe]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "realsched "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\UpdateManager]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "sgtray "
    "hkey "= "HKLM "
    "command "= "\ "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\UpdReg]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "UpdReg "
    "hkey "= "HKLM "
    "command "= "C:\\WINDOWS\\UpdReg.EXE "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\version]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "Elwcfv "
    "hkey "= "HKLM "
    "command "= "C:\\WINDOWS\\system32\\Elwcfv.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\VirusScan Online]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "mcvsshld "
    "hkey "= "HKLM "
    "command "= "\ "c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\VSOCheckTask]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "mcmnhdlr "
    "hkey "= "HKLM "
    "command "= "\ "c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Win Server Updt]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "wupdt "
    "hkey "= "HKLM "
    "command "= "C:\\WINDOWS\\wupdt.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\_AntiSpyware]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "MssCli "
    "hkey "= "HKLM "
    "command "= "C:\\Program Files\\McAfee\\McAfee AntiSpyware\\MssCli.exe "
    "inimapping "= "0 "

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    Completion time: Sun 12/30/2007 15:14:48.45
    ComboFix.txt
    ComboFix2.txt
    ComboFix3.txt
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:21:20 PM, on 12/30/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe
    C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
    C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\mrofinu77.exe
    C:\WINDOWS\troy44.exe
    C:\WINDOWS\troy44.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm .exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Joey\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
    R3 - Default URLSearchHook is missing
    F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkjj.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} - C:\WINDOWS\system32\opnnklk.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Antispyware\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: (no name) - {718E9124-5DB0-4E71-8D11-EE3C299C1A72} - C:\WINDOWS\system32\jkkjj.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: {f9ac4b52-af6c-f23b-1cf4-2d085caea33c} - {c33aeac5-80d2-4fc1-b32f-c6fa25b4ca9f} - C:\WINDOWS\system32\cxvokxrk.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe "
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe "
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
    O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
    O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
    O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow .exe "
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DBE80DC744B6CDE3F516CAC59B6
    O4 - HKLM\..\Run: [troy44] C:\WINDOWS\troy44.exe
    O4 - HKLM\..\Run: [d891e16f] rundll32.exe "C:\WINDOWS\system32\otsoyoil.dll ",b
    O4 - HKLM\..\Run: [troy44 ] C:\WINDOWS\troy44 .exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm .exe "
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Startup: PowerReg Scheduler V3 .exe
    O4 - Startup: PowerReg Scheduler V3 .exe
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
    O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
    O23 - Service: ActivClient Authentication Service (acachsrv) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe
    O23 - Service: ActivClient Auto-Update Service (acautoup) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
    O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O24 - Desktop Component 0: Desktop Uninstall - C:\WINDOWS\warnhp.html

    --
    End of file - 12585 bytes
     
    tork30,
    #3
  5. 2007/12/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Excuse me for the interuption. tork, where did you get that copy of ComboFix? I ask because it is a very outdated version. Please delete it and download a copy from the link Geri provided then run it according to his instructions and post the log.
     
    noahdfear,
    #4
  6. 2007/12/30
    tork30

    tork30 Inactive Thread Starter

    Joined:
    2006/08/13
    Messages:
    41
    Likes Received:
    0
    Oops

    Sorry about that; here is the log from the updated version.

    ComboFix 07-12-21.4 - Joey 2007-12-30 16:07:55.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.166 [GMT -6:00]
    Running from: C:\Documents and Settings\Joey\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\b104.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\mrofinu77.exe
    C:\WINDOWS\system32\opnnklk.dll
    C:\WINDOWS\system32\pac.txt

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_NETWORK_MONITOR


    ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
    .

    2007-12-29 17:37 . 2007-12-30 14:47 <DIR> d-------- C:\VundoFix Backups
    2007-12-27 17:16 . 2007-12-27 17:16 <DIR> d-------- C:\Deckard
    2007-12-27 16:32 . 2007-12-29 09:25 212,992 --a------ C:\WINDOWS\troy44 .exe
    2007-12-27 16:31 . 2007-12-27 17:04 406,016 --a------ C:\WINDOWS\SYSTEM32\PSDrvCheck .exe
    2007-12-27 07:14 . 2007-12-29 20:56 1,438,273 --ahs---- C:\WINDOWS\SYSTEM32\lioyosto.ini
    2007-12-26 19:04 . 2007-12-26 19:04 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo02
    2007-12-26 19:04 . 2007-12-26 19:04 <DIR> d-------- C:\Temp\cEeer12
    2007-12-26 19:04 . 2007-12-26 19:04 <DIR> d-------- C:\Temp
    2007-12-24 14:31 . 2007-12-24 14:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
    2007-12-19 16:05 . 2007-12-29 09:25 212,992 --a------ C:\WINDOWS\troy44.exe
    2007-12-09 15:06 . 2007-12-09 15:06 <DIR> d-------- C:\Documents and Settings\Joey\System
    2007-12-09 15:06 . 2007-12-09 16:43 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\SmartDraw
    2007-12-09 14:56 . 2007-12-24 14:15 <DIR> d-------- C:\Program Files\SmartDraw 2008
    2007-12-04 20:41 . 2007-12-04 20:41 <DIR> d-------- C:\Program Files\ApproveIt
    2007-12-04 20:41 . 2007-12-04 20:41 4,751 --a------ C:\WINDOWS\SigPlus.ini
    2007-12-03 09:04 . 2007-12-03 09:04 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\PureEdge
    2007-12-03 09:03 . 2007-12-03 09:03 <DIR> d-------- C:\Program Files\PureEdge
    2007-12-03 09:03 . 2007-12-03 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PureEdge
    2007-12-03 09:03 . 2003-02-21 11:44 172,032 --a------ C:\WINDOWS\SYSTEM32\SSCE5332.dll
    2007-11-18 21:11 . 2007-11-18 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-11-18 21:10 . 2007-11-18 21:10 <DIR> d-------- C:\Program Files\Dell Support Center
    2007-11-18 21:10 . 2007-11-18 21:10 <DIR> d-------- C:\Program Files\Common Files\supportsoft
    2007-11-18 12:33 . 2007-12-24 16:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-11-18 12:33 . 2007-11-18 12:33 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-11-13 21:50 . 2007-11-13 21:50 <DIR> d-------- C:\Documents and Settings\Joey\Citrix
    2007-11-13 21:50 . 2007-11-13 21:50 81 --a------ C:\CTX.DAT

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-29 15:19 --------- d-----w C:\Program Files\QuickTime
    2007-12-29 15:19 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-12-29 15:19 --------- d-----w C:\Program Files\iTunes
    2007-12-29 15:18 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-24 20:19 --------- d-----w C:\Program Files\MySpace
    2007-12-24 20:10 --------- d-----w C:\Program Files\VISTAS2e
    2007-12-24 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-16 03:10 --------- d-----w C:\Documents and Settings\Joey\Application Data\Canon
    2007-12-09 12:55 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-12-09 12:55 --------- d-----w C:\Documents and Settings\Joey\Application Data\AdobeUM
    2007-11-19 04:24 --------- d-----w C:\Program Files\DivX
    2007-11-19 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-05 22:24 --------- d-----w C:\Program Files\Dell
    2005-11-23 02:26 284 ----a-w C:\Documents and Settings\Joey\Application Data\ViewerApp.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{718E9124-5DB0-4E71-8D11-EE3C299C1A72}]
    C:\WINDOWS\system32\jkkjj.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c33aeac5-80d2-4fc1-b32f-c6fa25b4ca9f}]
    C:\WINDOWS\system32\cxvokxrk.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-12-29 16:33]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-29 10:11]
    "DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-12-29 16:34]
    "MoneyAgent "= "C:\Program Files\Microsoft Money\System\mnyexpr.exe" []
    "H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\wcescomm .exe" [2007-12-29 09:44]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vptray "= "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2007-12-29 10:11]
    "PinnacleDriverCheck "= "C:\WINDOWS\system32\PSDrvCheck.exe" [2007-12-29 09:35]
    "NvCplDaemon "= "RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
    "nwiz "= "nwiz.exe" [2005-12-10 03:06 C:\WINDOWS\SYSTEM32\nwiz.exe]
    "NvMediaCenter "= "RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-29 16:31]
    "accrdsub "= "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2007-12-29 16:31]
    "CanonMyPrinter "= "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-12-29 16:32]
    "SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-12-29 16:32]
    "OpwareSE4 "= "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2007-12-29 16:32]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-29 16:32]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask .exe" [2007-12-29 16:32]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-12-29 16:32]
    "masqform.exe "= "C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [2007-12-29 16:32]
    "AprvRemoveLegacyExcelKeys "= "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" [2007-12-29 16:33]
    "AprvRemoveLegacyWordKeys "= "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" [2007-12-29 16:33]
    "troy44 "= "C:\WINDOWS\troy44.exe" [2007-12-29 09:25]
    "d891e16f "= "C:\WINDOWS\system32\otsoyoil.dll" []
    "troy44 "= "C:\WINDOWS\troy44 .exe" [2007-12-29 09:25]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-29 10:11]

    C:\Documents and Settings\Joey\Start Menu\Programs\Startup\
    PowerReg Scheduler V3 .exe [2007-12-29 10:32:09]
    PowerReg Scheduler V3 .exe [2007-12-29 10:32:12]
    PowerReg Scheduler V3.exe [2007-12-29 10:32:17]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe [2007-07-15 20:18:01]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-11-22 18:34:48]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-11-22 18:34:42]
    Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 18:10:04]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\WINDOWS\warnhp.html
    FriendlyName= Desktop Uninstall

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    C:\WINDOWS\system32\ackpbsc.dll 2007-07-15 20:18 101888 C:\WINDOWS\SYSTEM32\ackpbsc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    C:\Program Files\ActivIdentity\ActivClient\acunlock.dll 2007-07-15 20:18 260096 C:\Program Files\ActivIdentity\ActivClient\acunlock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
    REGSVR32.EXE /S CTASIO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
    2002-09-30 00:00 45056 --a------ C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
    2002-10-29 08:18 49152 --a------ C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2003-08-06 00:04 114741 --a------ C:\WINDOWS\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
    2003-08-13 09:27 28672 --a------ C:\WINDOWS\System32\DSentry.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
    C:\WINDOWS\system32\gah95on6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iwuz]
    C:\PROGRA~1\COMMON~1\iwuz\iwuzm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnwfraup]
    c:\windows\system32\jnwfraup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2004-10-08 08:49 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2004-10-08 08:49 131072 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
    C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2003-08-26 18:47 204800 --------- C:\Program Files\Dell\Media Experience\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSync]
    C:\WINDOWS\system32\netsync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
    /L:ENG

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\secure]
    C:\WINDOWS\system32\Wxcqzo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\version]
    C:\WINDOWS\system32\Elwcfv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
    C:\WINDOWS\wupdt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

    R2 acachsrv;ActivClient Authentication Service; "C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe" [2007-07-15 20:18]
    R2 acautoup;ActivClient Auto-Update Service; "C:\Program Files\ActivIdentity\ActivClient\acautoup.exe" [2007-07-15 20:18]
    R2 accoca;ActivClient Middleware Service; "C:\Program Files\ActivIdentity\ActivClient\accoca.exe" [2007-07-15 20:18]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter []
    R3 SCR111;SCM Microsystems SCR111 Serial SmartCard Reader;C:\WINDOWS\system32\DRIVERS\SCR111.sys [2001-08-17 13:51]
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-22 13:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-30 17:41:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\NavLogon.dll
    .
    Completion time: 2007-12-30 17:45:07 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-30 15:14
    C:\ComboFix3.txt ... 2006-08-23 05:29
    .
    2007-12-12 09:08:38 --- E O F ---
     
    tork30,
    #5
  7. 2007/12/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi tork,

    Not sure how, but you still have an older version of ComboFix than what is available. We need the latest for the infection you have. It's a new Vundo variant that infects legitimate files and gets recreated each time you reboot your machine if not killed off properly.

    Please delete all copies of ComboFix you have and download the latest ComboFix from here, saving the file to your desktop.

    We're going to need another tool also. Download RenV.exe and save it to your desktop.

    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Once you've posted the ComboFix log, double click RenV.exe to run it. Please post the log it produces.
     
    noahdfear,
    #6
  8. 2007/12/30
    tork30

    tork30 Inactive Thread Starter

    Joined:
    2006/08/13
    Messages:
    41
    Likes Received:
    0
    Okay here is the new Combofix Log...Hopefully this one is the right one. Also included is the the RenV log. Hopefully this helps! Thanks again!

    ComboFix 07-12-31.4 - Joey 2007-12-30 20:02:14.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.216 [GMT -6:00]
    Running from: C:\Documents and Settings\Joey\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
    .

    2007-12-30 20:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-12-29 17:37 . 2007-12-30 14:47 <DIR> d-------- C:\VundoFix Backups
    2007-12-27 17:16 . 2007-12-27 17:16 <DIR> d-------- C:\Deckard
    2007-12-27 16:32 . 2007-12-29 09:25 212,992 --a------ C:\WINDOWS\troy44 .exe
    2007-12-27 16:31 . 2007-12-27 17:04 406,016 --a------ C:\WINDOWS\SYSTEM32\PSDrvCheck .exe
    2007-12-27 07:14 . 2007-12-29 20:56 1,438,273 --ahs---- C:\WINDOWS\SYSTEM32\lioyosto.ini
    2007-12-26 19:04 . 2007-12-26 19:04 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo02
    2007-12-26 19:04 . 2007-12-26 19:04 <DIR> d-------- C:\Temp\cEeer12
    2007-12-26 19:04 . 2007-12-26 19:04 <DIR> d-------- C:\Temp
    2007-12-24 14:31 . 2007-12-24 14:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
    2007-12-19 16:05 . 2007-12-29 09:25 212,992 --a------ C:\WINDOWS\troy44.exe
    2007-12-09 15:06 . 2007-12-09 15:06 <DIR> d-------- C:\Documents and Settings\Joey\System
    2007-12-09 15:06 . 2007-12-09 16:43 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\SmartDraw
    2007-12-09 14:56 . 2007-12-24 14:15 <DIR> d-------- C:\Program Files\SmartDraw 2008
    2007-12-04 20:41 . 2007-12-04 20:41 <DIR> d-------- C:\Program Files\ApproveIt
    2007-12-04 20:41 . 2007-12-04 20:41 4,751 --a------ C:\WINDOWS\SigPlus.ini
    2007-12-03 09:04 . 2007-12-03 09:04 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\PureEdge
    2007-12-03 09:03 . 2007-12-03 09:03 <DIR> d-------- C:\Program Files\PureEdge
    2007-12-03 09:03 . 2007-12-03 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PureEdge
    2007-12-03 09:03 . 2003-02-21 11:44 172,032 --a------ C:\WINDOWS\SYSTEM32\SSCE5332.dll
    2007-11-18 21:11 . 2007-11-18 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-11-18 21:10 . 2007-11-18 21:10 <DIR> d-------- C:\Program Files\Dell Support Center
    2007-11-18 21:10 . 2007-11-18 21:10 <DIR> d-------- C:\Program Files\Common Files\supportsoft
    2007-11-18 12:33 . 2007-12-24 16:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-11-18 12:33 . 2007-11-18 12:33 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-11-13 21:50 . 2007-11-13 21:50 <DIR> d-------- C:\Documents and Settings\Joey\Citrix
    2007-11-13 21:50 . 2007-11-13 21:50 81 --a------ C:\CTX.DAT

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-29 15:35 406,016 ----a-w C:\WINDOWS\SYSTEM32\PSDrvCheck.exe
    2007-12-29 15:19 --------- d-----w C:\Program Files\QuickTime
    2007-12-29 15:19 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-12-29 15:19 --------- d-----w C:\Program Files\iTunes
    2007-12-29 15:18 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-24 20:19 --------- d-----w C:\Program Files\MySpace
    2007-12-24 20:10 --------- d-----w C:\Program Files\VISTAS2e
    2007-12-24 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-16 03:10 --------- d-----w C:\Documents and Settings\Joey\Application Data\Canon
    2007-12-09 12:55 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-12-09 12:55 --------- d-----w C:\Documents and Settings\Joey\Application Data\AdobeUM
    2007-11-19 04:24 --------- d-----w C:\Program Files\DivX
    2007-11-19 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-05 22:24 --------- d-----w C:\Program Files\Dell
    2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
    2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
    2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
    2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
    2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
    2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
    2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
    2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
    2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
    2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
    2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
    2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
    2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
    2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
    2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
    2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
    2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
    2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
    2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
    2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
    2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
    2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
    2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
    2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
    2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
    2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
    2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
    2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
    2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
    2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
    2005-11-23 02:26 284 ----a-w C:\Documents and Settings\Joey\Application Data\ViewerApp.dat
    .
    Code:
    ----a-w           225,280 2007-12-29 16:32:09  C:\Documents and Settings\Joey\Start Menu\Programs\Startup\PowerReg Scheduler V3  .exe
----a-w           225,280 2007-12-29 16:32:12  C:\Documents and Settings\Joey\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
----a-w           275,968 2007-12-27 23:04:25  C:\Program Files\ActivIdentity\ActivClient\accrdsub .exe
----a-w            73,728 2007-12-27 23:04:42  C:\Program Files\ApproveIt\Support\Tools\AprvClean .exe
----a-w         1,197,648 2007-12-27 23:04:28  C:\Program Files\Canon\MyPrinter\BJMyPrt .exe
----a-w           180,269 2007-12-27 23:04:22  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           185,896 2007-12-27 23:04:27  C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w           202,544 2007-12-27 23:05:02  C:\Program Files\Dell Support Center\bin\sprtcmd .exe
----a-w            16,384 2007-12-27 23:04:37  C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
----a-w            68,856 2007-12-28 04:21:44  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           257,088 2007-12-27 23:04:32  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,289,000 2007-12-29 15:44:58  C:\Program Files\Microsoft ActiveSync\wcescomm  .exe
----a-w                 0 2007-12-30 12:19:00  C:\Program Files\Microsoft ActiveSync\wcescomm .exe
----a-w         5,674,352 2007-12-27 23:05:30  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w           643,072 2007-12-27 23:04:40  C:\Program Files\PureEdge\Viewer 6.5\masqform .exe
----a-w           286,720 2007-12-29 22:32:36  C:\Program Files\QuickTime\qttask  .exe
----a-w                 0 2007-12-30 12:04:41  C:\Program Files\QuickTime\qttask .exe
----a-w            75,304 2007-12-27 23:04:31  C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4 .exe
----a-w            90,112 2007-12-27 23:04:18  C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray .exe
----a-w           212,992 2007-12-29 15:25:34  C:\WINDOWS\troy44 .exe
----a-w           406,016 2007-12-27 23:04:18  C:\WINDOWS\SYSTEM32\PSDrvCheck .exe

    ((((((((((((((((((((((((((((( snapshot@2007-12-30_17.42.56.85 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-14 03:26:50 156,160 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
    + 2000-08-31 14:00:00 156,160 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{718E9124-5DB0-4E71-8D11-EE3C299C1A72}]
    C:\WINDOWS\system32\jkkjj.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c33aeac5-80d2-4fc1-b32f-c6fa25b4ca9f}]
    C:\WINDOWS\system32\cxvokxrk.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-12-29 16:33 5674352]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-29 10:11 68856]
    "DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-12-29 16:34 202544]
    "MoneyAgent "= "C:\Program Files\Microsoft Money\System\mnyexpr.exe" [ ]
    "H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\wcescomm .exe" [2007-12-29 09:44 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vptray "= "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2007-12-29 10:11 90112]
    "PinnacleDriverCheck "= "C:\WINDOWS\system32\PSDrvCheck.exe" [2007-12-29 09:35 406016]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06 7311360]
    "nwiz "= "nwiz.exe" [2005-12-10 03:06 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06 86016]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-29 16:31 180269]
    "accrdsub "= "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2007-12-29 16:31 275968]
    "CanonMyPrinter "= "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-12-29 16:32 1197648]
    "SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-12-29 16:32 185896]
    "OpwareSE4 "= "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2007-12-29 16:32 75304]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-29 16:32 257088]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask .exe" [2007-12-29 16:32 286720]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-12-29 16:32 16384]
    "masqform.exe "= "C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [2007-12-29 16:32 643072]
    "AprvRemoveLegacyExcelKeys "= "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" [2007-12-29 16:33 73728]
    "AprvRemoveLegacyWordKeys "= "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" [2007-12-29 16:33 73728]
    "troy44 "= "C:\WINDOWS\troy44.exe" [2007-12-29 09:25 212992]
    "d891e16f "= "C:\WINDOWS\system32\otsoyoil.dll" [ ]
    "troy44 "= "C:\WINDOWS\troy44 .exe" [2007-12-29 09:25 212992]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-29 10:11 68856]

    C:\Documents and Settings\Joey\Start Menu\Programs\Startup\
    PowerReg Scheduler V3 .exe [2007-12-29 10:32:09]
    PowerReg Scheduler V3 .exe [2007-12-29 10:32:12]
    PowerReg Scheduler V3.exe [2007-12-29 10:32:17]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe [2007-07-15 20:18:01]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-11-22 18:34:48]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-11-22 18:34:42]
    Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 18:10:04]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\WINDOWS\warnhp.html
    FriendlyName= Desktop Uninstall

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    C:\WINDOWS\system32\ackpbsc.dll 2007-07-15 20:18 101888 C:\WINDOWS\SYSTEM32\ackpbsc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    C:\Program Files\ActivIdentity\ActivClient\acunlock.dll 2007-07-15 20:18 260096 C:\Program Files\ActivIdentity\ActivClient\acunlock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
    REGSVR32.EXE /S CTASIO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
    2002-09-30 00:00 45056 --a------ C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
    2002-10-29 08:18 49152 --a------ C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2003-08-06 00:04 114741 --a------ C:\WINDOWS\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
    2003-08-13 09:27 28672 --a------ C:\WINDOWS\System32\DSentry.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
    C:\WINDOWS\system32\gah95on6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iwuz]
    C:\PROGRA~1\COMMON~1\iwuz\iwuzm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnwfraup]
    c:\windows\system32\jnwfraup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2004-10-08 08:49 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2004-10-08 08:49 131072 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
    C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2003-08-26 18:47 204800 --------- C:\Program Files\Dell\Media Experience\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSync]
    C:\WINDOWS\system32\netsync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
    /L:ENG

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\secure]
    C:\WINDOWS\system32\Wxcqzo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\version]
    C:\WINDOWS\system32\Elwcfv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
    C:\WINDOWS\wupdt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

    R2 acachsrv;ActivClient Authentication Service; "C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe" [2007-07-15 20:18]
    R2 acautoup;ActivClient Auto-Update Service; "C:\Program Files\ActivIdentity\ActivClient\acautoup.exe" [2007-07-15 20:18]
    R2 accoca;ActivClient Middleware Service; "C:\Program Files\ActivIdentity\ActivClient\accoca.exe" [2007-07-15 20:18]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
    R3 SCR111;SCM Microsystems SCR111 Serial SmartCard Reader;C:\WINDOWS\system32\DRIVERS\SCR111.sys [2001-08-17 13:51]
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-22 13:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-30 20:10:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\NavLogon.dll
    .
    Completion time: 2007-12-30 20:12:20
    C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 02:11:36
    C:\qoobox\ComboFix2.txt 2007-12-30 23:45:08
    C:\qoobox\ComboFix3.txt 2007-12-30 21:14:48
    C:\qoobox\ComboFix4.txt 2006-08-23 11:29:45
    .
    2007-12-12 09:08:38 --- E O F ---

    Code:
    Ran on Sun 12/30/2007 - 20:23:39.68

----a-w           225,280 2007-12-29 16:32:09  C:\Documents and Settings\Joey\Start Menu\Programs\Startup\PowerReg Scheduler V3  .exe
----a-w           225,280 2007-12-29 16:32:12  C:\Documents and Settings\Joey\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
----a-w           275,968 2007-12-27 23:04:25  C:\Program Files\ActivIdentity\ActivClient\accrdsub .exe
----a-w            73,728 2007-12-27 23:04:42  C:\Program Files\ApproveIt\Support\Tools\AprvClean .exe
----a-w         1,197,648 2007-12-27 23:04:28  C:\Program Files\Canon\MyPrinter\BJMyPrt .exe
----a-w           180,269 2007-12-27 23:04:22  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           185,896 2007-12-27 23:04:27  C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w           202,544 2007-12-27 23:05:02  C:\Program Files\Dell Support Center\bin\sprtcmd .exe
----a-w            16,384 2007-12-27 23:04:37  C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
----a-w            68,856 2007-12-28 04:21:44  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           257,088 2007-12-27 23:04:32  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,289,000 2007-12-29 15:44:58  C:\Program Files\Microsoft ActiveSync\wcescomm  .exe
----a-w                 0 2007-12-30 12:19:00  C:\Program Files\Microsoft ActiveSync\wcescomm .exe
----a-w         5,674,352 2007-12-27 23:05:30  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w           643,072 2007-12-27 23:04:40  C:\Program Files\PureEdge\Viewer 6.5\masqform .exe
----a-w           286,720 2007-12-29 22:32:36  C:\Program Files\QuickTime\qttask  .exe
----a-w                 0 2007-12-30 12:04:41  C:\Program Files\QuickTime\qttask .exe
----a-w            75,304 2007-12-27 23:04:31  C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4 .exe
----a-w            90,112 2007-12-27 23:04:18  C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray .exe
----a-w           212,992 2007-12-29 15:25:34  C:\WINDOWS\troy44 .exe
----a-w           406,016 2007-12-27 23:04:18  C:\WINDOWS\SYSTEM32\PSDrvCheck .exe

 Entries:               21  (21)
 Directories:            0  Files:            21
 Bytes:         11,586,509  Blocks:       22,636
     
    Last edited: 2007/12/30
    tork30,
    #7
  9. 2007/12/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    While I'm analyzing the ComboFix log, lets work on this Vundo. Drag the log.txt file created by RenV onto RenV.exe and drop it. RenV should run and produce a new log. Post the contents of that log.
     
    noahdfear,
    #8
  10. 2007/12/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    tork, did you miss my last post?
     
    noahdfear,
    #9
  11. 2007/12/30
    tork30

    tork30 Inactive Thread Starter

    Joined:
    2006/08/13
    Messages:
    41
    Likes Received:
    0
    I just recieved your last post and I am doing as you instructed. I will post the results when it is finished.
     
    tork30,
    #10
  12. 2007/12/30
    tork30

    tork30 Inactive Thread Starter

    Joined:
    2006/08/13
    Messages:
    41
    Likes Received:
    0
    Alright here is all that it came up with:

    Code:
    Ran on Sun 12/30/2007 - 21:54:45.45

------w            90,112 2007-12-27 23:04:18  C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray .exe

 Entries:                1  (1)
 Directories:            0  Files:             1
 Bytes:             90,112  Blocks:          176
     
    tork30,
    #11
  13. 2007/12/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I've not used Symantec for a long, long time, so I'm no so sure how to go about doing this, but see if you can get that vptray process shut down and drop the new log.txt on RenV.exe again. You might be able to just select the process in the Task Manager and end task on it, since it's just the tray icon. If successful, post the new log.txt generated by RenV.
     
    noahdfear,
    #12
  14. 2007/12/30
    tork30

    tork30 Inactive Thread Starter

    Joined:
    2006/08/13
    Messages:
    41
    Likes Received:
    0
    Sweet, I love this computer stuff even though I don't know what I'm doing. :) Alright I did get the vptray stopped and this is what we got:

    Code:
    Ran on Sun 12/30/2007 - 22:13:54.28

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0
     
    tork30,
    #13
  15. 2007/12/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Good job! :)

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    File::
C:\WINDOWS\SYSTEM32\lioyosto.ini
C:\WINDOWS\system32\otsoyoil.dll
Folder::
C:\WINDOWS\SYSTEM32\ardCo02
C:\Temp\cEeer12
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{718E9124-5DB0-4E71-8D11-EE3C299C1A72}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c33aeac5-80d2-4fc1-b32f-c6fa25b4ca9f}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iwuz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnwfraup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\secure]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\version]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "d891e16f "=-
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a new HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
     
    noahdfear,
    #14
  16. 2007/12/30
    tork30

    tork30 Inactive Thread Starter

    Joined:
    2006/08/13
    Messages:
    41
    Likes Received:
    0
    Okay so here is both the Combo and new hijack this log

    ComboFix 07-12-31.4 - Joey 2007-12-30 22:22:55.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.217 [GMT -6:00]
    Running from: C:\Documents and Settings\Joey\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Joey\Desktop\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\SYSTEM32\lioyosto.ini
    C:\WINDOWS\system32\otsoyoil.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\cEeer12
    C:\WINDOWS\SYSTEM32\ardCo02
    C:\WINDOWS\SYSTEM32\lioyosto.ini

    .
    ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
    .

    2007-12-30 20:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-12-29 17:37 . 2007-12-30 14:47 <DIR> d-------- C:\VundoFix Backups
    2007-12-27 17:16 . 2007-12-27 17:16 <DIR> d-------- C:\Deckard
    2007-12-26 19:04 . 2007-12-30 22:27 <DIR> d-------- C:\Temp
    2007-12-24 14:31 . 2007-12-24 14:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
    2007-12-09 15:06 . 2007-12-09 15:06 <DIR> d-------- C:\Documents and Settings\Joey\System
    2007-12-09 15:06 . 2007-12-09 16:43 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\SmartDraw
    2007-12-09 14:56 . 2007-12-24 14:15 <DIR> d-------- C:\Program Files\SmartDraw 2008
    2007-12-04 20:41 . 2007-12-04 20:41 <DIR> d-------- C:\Program Files\ApproveIt
    2007-12-04 20:41 . 2007-12-04 20:41 4,751 --a------ C:\WINDOWS\SigPlus.ini
    2007-12-03 09:04 . 2007-12-03 09:04 <DIR> d-------- C:\Documents and Settings\Joey\Application Data\PureEdge
    2007-12-03 09:03 . 2007-12-03 09:03 <DIR> d-------- C:\Program Files\PureEdge
    2007-12-03 09:03 . 2007-12-03 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PureEdge
    2007-12-03 09:03 . 2003-02-21 11:44 172,032 --a------ C:\WINDOWS\SYSTEM32\SSCE5332.dll
    2007-11-18 21:11 . 2007-11-18 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-11-18 21:10 . 2007-11-18 21:10 <DIR> d-------- C:\Program Files\Dell Support Center
    2007-11-18 21:10 . 2007-11-18 21:10 <DIR> d-------- C:\Program Files\Common Files\supportsoft
    2007-11-18 12:33 . 2007-12-24 16:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-11-18 12:33 . 2007-11-18 12:33 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-11-13 21:50 . 2007-11-13 21:50 <DIR> d-------- C:\Documents and Settings\Joey\Citrix
    2007-11-13 21:50 . 2007-11-13 21:50 81 --a------ C:\CTX.DAT

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-31 03:54 --------- d-----w C:\Program Files\QuickTime
    2007-12-31 03:54 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-31 03:54 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-12-31 03:54 --------- d-----w C:\Program Files\iTunes
    2007-12-24 20:19 --------- d-----w C:\Program Files\MySpace
    2007-12-24 20:10 --------- d-----w C:\Program Files\VISTAS2e
    2007-12-24 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-16 03:10 --------- d-----w C:\Documents and Settings\Joey\Application Data\Canon
    2007-12-09 12:55 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-12-09 12:55 --------- d-----w C:\Documents and Settings\Joey\Application Data\AdobeUM
    2007-11-19 04:24 --------- d-----w C:\Program Files\DivX
    2007-11-19 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-05 22:24 --------- d-----w C:\Program Files\Dell
    2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
    2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
    2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
    2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
    2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
    2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
    2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
    2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
    2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
    2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
    2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
    2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
    2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
    2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
    2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
    2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
    2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
    2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
    2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
    2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
    2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
    2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
    2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
    2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
    2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
    2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
    2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
    2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
    2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
    2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
    2005-11-23 02:26 284 ----a-w C:\Documents and Settings\Joey\Application Data\ViewerApp.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-30_17.42.56.85 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-14 03:26:50 156,160 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
    + 2000-08-31 14:00:00 156,160 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-12-27 17:05 5674352]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 22:21 68856]
    "DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-12-27 17:05 202544]
    "MoneyAgent "= "C:\Program Files\Microsoft Money\System\mnyexpr.exe" [ ]
    "H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\wcescomm .exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vptray "= "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2007-12-27 17:04 90112]
    "PinnacleDriverCheck "= "C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06 7311360]
    "nwiz "= "nwiz.exe" [2005-12-10 03:06 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06 86016]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
    "accrdsub "= "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2007-12-27 17:04 275968]
    "CanonMyPrinter "= "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [ ]
    "SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [ ]
    "OpwareSE4 "= "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [ ]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-27 17:04 257088]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask .exe" [ ]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [ ]
    "masqform.exe "= "C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [ ]
    "AprvRemoveLegacyExcelKeys "= "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" [ ]
    "AprvRemoveLegacyWordKeys "= "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" [ ]
    "troy44 "= "C:\WINDOWS\troy44.exe" [ ]
    "troy44 "= "C:\WINDOWS\troy44 .exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 22:21 68856]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe [2007-07-15 20:18:01]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-11-22 18:34:48]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-11-22 18:34:42]
    Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 18:10:04]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\WINDOWS\warnhp.html
    FriendlyName= Desktop Uninstall

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    C:\WINDOWS\system32\ackpbsc.dll 2007-07-15 20:18 101888 C:\WINDOWS\SYSTEM32\ackpbsc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    C:\Program Files\ActivIdentity\ActivClient\acunlock.dll 2007-07-15 20:18 260096 C:\Program Files\ActivIdentity\ActivClient\acunlock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joey^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=C:\Documents and Settings\Joey\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
    REGSVR32.EXE /S CTASIO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
    2002-09-30 00:00 45056 --a------ C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
    2002-10-29 08:18 49152 --a------ C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2003-08-06 00:04 114741 --a------ C:\WINDOWS\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
    2003-08-13 09:27 28672 --a------ C:\WINDOWS\System32\DSentry.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2004-10-08 08:49 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2004-10-08 08:49 131072 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
    C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2003-08-26 18:47 204800 --------- C:\Program Files\Dell\Media Experience\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSync]
    C:\WINDOWS\system32\netsync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
    /L:ENG

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
    C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

    R2 acachsrv;ActivClient Authentication Service; "C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe" [2007-07-15 20:18]
    R2 acautoup;ActivClient Auto-Update Service; "C:\Program Files\ActivIdentity\ActivClient\acautoup.exe" [2007-07-15 20:18]
    R2 accoca;ActivClient Middleware Service; "C:\Program Files\ActivIdentity\ActivClient\accoca.exe" [2007-07-15 20:18]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
    R3 SCR111;SCM Microsystems SCR111 Serial SmartCard Reader;C:\WINDOWS\system32\DRIVERS\SCR111.sys [2001-08-17 13:51]
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-22 13:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-30 22:27:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\NavLogon.dll
    .
    Completion time: 2007-12-30 22:28:24
    C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 04:27:49
    C:\qoobox\ComboFix2.txt 2007-12-31 02:12:20
    C:\qoobox\ComboFix3.txt 2007-12-30 23:45:08
    C:\qoobox\ComboFix4.txt 2007-12-30 21:14:48
    C:\qoobox\ComboFix5.txt 2006-08-23 11:29:45
    .
    2007-12-12 09:08:38 --- E O F ---


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:33:06 PM, on 12/30/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe
    C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
    C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\System32\rsvp.exe
    C:\Documents and Settings\Joey\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Antispyware\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe "
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe "
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
    O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
    O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
    O4 - HKLM\..\Run: [troy44] C:\WINDOWS\troy44.exe
    O4 - HKLM\..\Run: [troy44 ] C:\WINDOWS\troy44 .exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe "
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm .exe "
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
    O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
    O23 - Service: ActivClient Authentication Service (acachsrv) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\acachsrv.exe
    O23 - Service: ActivClient Auto-Update Service (acautoup) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\acautoup.exe
    O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O24 - Desktop Component 0: Desktop Uninstall - C:\WINDOWS\warnhp.html

    --
    End of file - 10977 bytes
     
    tork30,
    #15
  17. 2007/12/30
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looking good. Scan again with HijackThis and place a check next to the following entries, close all other windows then click Fix Checked.

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [troy44] C:\WINDOWS\troy44.exe
    O4 - HKLM\..\Run: [troy44 ] C:\WINDOWS\troy44 .exe
    O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn << you have two of these entries .... fix one


    Close HijackThis.

    Right click the desktop and select Properties. Select the Desktop tab, then click Customize Desktop. Select the Web tab. Select the entry containing C:\WINDOWS\warnhp.html then click Delete. OK out.

    If the file C:\WINDOWS\troy44.exe is still present, delete it.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
    Reboot

    Now we need to see if we've overlooked anything. Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log and one more fresh HijackThis log. Let me know how your computer is behaving, and if things seem to be working as they should.
     
    noahdfear,
    #16
  18. 2007/12/31
    tork30

    tork30 Inactive Thread Starter

    Joined:
    2006/08/13
    Messages:
    41
    Likes Received:
    0
    Okay so the compuer is really improved actually. It is a ton faster and the popupsare basically gone. My symantec still keeps popping up and finding viruses a lot more than before this whole fiasco happened so I'm a little curious about that. Well here is half of the Kaspersky log. I will post the other half in a sec.

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Monday, December 31, 2007 5:18:11 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 31/12/2007
    Kaspersky Anti-Virus database records: 500861
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan Statistics:
    Total number of scanned objects: 130679
    Number of viruses found: 58
    Number of infected objects: 308
    Number of suspicious objects: 2
    Duration of the scan process: 01:49:17

    Infected Object Name / Virus Name / Last Action
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\k11u88.exe/data0006 Infected: Trojan-Downloader.Win32.VB.caw skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\k11u88.exe NSIS: infected - 1 skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\mcrbfgsf.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\setup.exe Infected: Trojan-Downloader.Win32.VB.bwb skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\Setup195.exe/data0008 Infected: Trojan-Clicker.Win32.VB.vx skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\Setup195.exe/data0009 Infected: Trojan-Clicker.Win32.VB.vx skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\Setup195.exe NSIS: infected - 2 skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\T0CHD001.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\temp.frD8CE Infected: Trojan-Downloader.Win32.PurityScan.ey skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\TMP14E8.tmp Infected: Trojan-Downloader.Win32.Adload.ni skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ABetterInternetiSearch10.zip/3p_1.exe Suspicious: Password-protected-EXE skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ABetterInternetiSearch10.zip ZIP: suspicious - 1 skipped
    C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00A40000.VBN Infected: Trojan-Clicker.Win32.VB.vx skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00A80001.VBN Infected: Trojan-Downloader.Win32.Agent.cbx skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00A80002.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00A80003.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01A40000.VBN Infected: Trojan-Downloader.Win32.ConHook.aa skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B80001.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B80002.VBN Infected: Trojan-Clicker.Win32.VB.vx skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B80003.VBN Infected: Trojan-Downloader.Win32.VB.bzi skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01C40000.VBN Infected: Trojan-Downloader.Win32.ConHook.aa skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0000.VBN ZIP: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0000.VBN CryptZ: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0001.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0001.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0001.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0001.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0001.VBN ZIP: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0001.VBN CryptZ: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04A40000.VBN Infected: Trojan-Downloader.Win32.Ieser.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C80000.VBN Infected: Trojan-Downloader.Win32.ConHook.ab skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05340000.VBN Infected: Trojan.Win32.Small.ev skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05A80000.VBN Infected: Trojan.Win32.Small.ev skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05C80000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80004.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80005.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80006.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80007.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80008.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80009.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0004.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0005.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0006.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0007.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0008.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D40000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D40001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D40002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D40003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A00001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A00002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A40000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A40001.VBN Infected: Trojan-Downloader.Win32.VB.bvj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07AC0000.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN/Counter.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN/VerifierBug.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN/web.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN/Worker.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN/Xeyond.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN ZIP: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN CryptZ: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN ZIP: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN CryptZ: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN/Counter.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN/VerifierBug.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN/web.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN/Worker.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN/Xeyond.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN ZIP: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN CryptZ: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN/Counter.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN/VerifierBug.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN/web.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN/Worker.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN/Xeyond.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN ZIP: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN CryptZ: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN/Counter.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN/VerifierBug.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN/web.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN/Worker.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN/Xeyond.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN ZIP: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN CryptZ: infected - 5 skipped
     
    tork30,
    #17
  19. 2008/01/01
    tork30

    tork30 Inactive Thread Starter

    Joined:
    2006/08/13
    Messages:
    41
    Likes Received:
    0
    Redo

    Okay so I had to stop about half way into posting that last one so I am going to basically start over. Over these next couple posts I will have the Kaspersky and new Hijack this log. Everything seems to be working a lot better so letme know what you think from these logs. Thanks again and I hope you have a Happy New Year!!


    KASPERSKY ONLINE SCANNER REPORT
    Monday, December 31, 2007 5:18:11 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 31/12/2007
    Kaspersky Anti-Virus database records: 500861
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan Statistics:
    Total number of scanned objects: 130679
    Number of viruses found: 58
    Number of infected objects: 308
    Number of suspicious objects: 2
    Duration of the scan process: 01:49:17

    Infected Object Name / Virus Name / Last Action
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\k11u88.exe/data0006 Infected: Trojan-Downloader.Win32.VB.caw skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\k11u88.exe NSIS: infected - 1 skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\mcrbfgsf.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\setup.exe Infected: Trojan-Downloader.Win32.VB.bwb skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\Setup195.exe/data0008 Infected: Trojan-Clicker.Win32.VB.vx skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\Setup195.exe/data0009 Infected: Trojan-Clicker.Win32.VB.vx skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\Setup195.exe NSIS: infected - 2 skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\T0CHD001.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\temp.frD8CE Infected: Trojan-Downloader.Win32.PurityScan.ey skipped
    C:\Deckard\System Scanner\backup\DOCUME~1\Joey\LOCALS~1\Temp\TMP14E8.tmp Infected: Trojan-Downloader.Win32.Adload.ni skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ABetterInternetiSearch10.zip/3p_1.exe Suspicious: Password-protected-EXE skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ABetterInternetiSearch10.zip ZIP: suspicious - 1 skipped
    C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00A40000.VBN Infected: Trojan-Clicker.Win32.VB.vx skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00A80001.VBN Infected: Trojan-Downloader.Win32.Agent.cbx skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00A80002.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00A80003.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01A40000.VBN Infected: Trojan-Downloader.Win32.ConHook.aa skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B80001.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B80002.VBN Infected: Trojan-Clicker.Win32.VB.vx skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B80003.VBN Infected: Trojan-Downloader.Win32.VB.bzi skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01C40000.VBN Infected: Trojan-Downloader.Win32.ConHook.aa skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0000.VBN ZIP: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0000.VBN CryptZ: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0001.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0001.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0001.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0001.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0001.VBN ZIP: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03DC0001.VBN CryptZ: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04A40000.VBN Infected: Trojan-Downloader.Win32.Ieser.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C80000.VBN Infected: Trojan-Downloader.Win32.ConHook.ab skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05340000.VBN Infected: Trojan.Win32.Small.ev skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05A80000.VBN Infected: Trojan.Win32.Small.ev skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05C80000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80004.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80005.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80006.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80007.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80008.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80009.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0004.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0005.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0006.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0007.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0008.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D40000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D40001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D40002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D40003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A00001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A00002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A40000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A40001.VBN Infected: Trojan-Downloader.Win32.VB.bvj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07AC0000.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN/Counter.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN/VerifierBug.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN/web.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN/Worker.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN/Xeyond.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN ZIP: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07B40000.VBN CryptZ: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN ZIP: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN CryptZ: infected - 4 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN/Counter.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN/VerifierBug.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN/web.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN/Worker.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN/Xeyond.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN ZIP: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40001.VBN CryptZ: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN/Counter.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN/VerifierBug.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN/web.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN/Worker.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN/Xeyond.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN ZIP: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN CryptZ: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN/Counter.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN/VerifierBug.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN/web.exe Infected: Trojan-Clicker.Win32.Small.gj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN/Worker.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN/Xeyond.class Infected: Trojan.Java.Femad skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN ZIP: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C80001.VBN CryptZ: infected - 5 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08140000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08380000.VBN Infected: Trojan-Downloader.Win32.VB.bvj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08380001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08380002.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08380003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08380004.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08380005.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0004.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0005.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0006.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0007.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0008.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0009.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C000A.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C000B.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C000C.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C000D.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C000E.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C000F.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0010.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0011.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0012.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0013.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\083C0014.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08400000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08400001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\084C0000.VBN Infected: Trojan-Downloader.Win32.VB.bzi skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540004.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540005.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540006.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540007.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540008.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540009.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0854000A.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0854000B.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0854000C.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0854000D.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0854000E.VBN Infected: Trojan-Downloader.Win32.VB.bvj skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0854000F.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540010.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540011.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640000.VBN Infected: Trojan-Downloader.Win32.VB.bzi skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\086C0000.VBN Infected: Trojan-Downloader.Win32.VB.caw skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08700000.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08780000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08780000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08780000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
     
    tork30,
    #18
  20. 2008/01/01
    tork30

    tork30 Inactive Thread Starter

    Joined:
    2006/08/13
    Messages:
    41
    Likes Received:
    0
    Here is the next bit...

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08780000.VBN ZIP: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08780000.VBN CryptZ: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\087C0000.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08800000.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08840000.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08840001.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08E40000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F40000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F40001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F40002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F40003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F40004.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80005.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08FC0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08FC0001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08FC0002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08FC0003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08FC0004.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08FC0005.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08FC0006.VBN Infected: not-a-virus:AdWare.Win32.Rond.d skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08FC0007.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000004.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000005.VBN Infected: Trojan-Dropper.Win32.Agent.ctu skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09080000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09080001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\090C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09100000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09100001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09100002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09100003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09100004.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09100005.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09140000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09140001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09140002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09140003.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09180000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09180001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09180002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09180003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09180004.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09180005.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09180006.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09440000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09700000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09700001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09700002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09740001.VBN Infected: Trojan.Win32.Small.ev skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09740003.VBN Infected: Trojan.Win32.Small.ev skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09740005.VBN Infected: Trojan.Win32.Small.ev skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09740007.VBN Infected: Trojan.Win32.Small.ev skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09780000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09780001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\097C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09840000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09880000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09880001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09880002.VBN Infected: Trojan-Downloader.Win32.ConHook.ab skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\098C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\098C0001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09900000.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09900001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09900002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09900003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09940000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC0001.VBN Infected: Trojan-Downloader.Java.OpenStream.y skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC0003.VBN Infected: Trojan-Downloader.Win32.Harnig.ax skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC0005.VBN Infected: Trojan.Win32.StartPage.agq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC0007.VBN Infected: Trojan-Downloader.Win32.Harnig.ax skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09AC0009.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09C40000.VBN Infected: Exploit.HTML.Mht skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AE40001.VBN/BlackBox.class Infected: Trojan.Java.ClassLoader.ak skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AE40001.VBN/VB.class Infected: Trojan.Java.ClassLoader.ak skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AE40001.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AE40001.VBN ZIP: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AE40001.VBN CryptZ: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF80001.VBN/enhupdt.exe Infected: Trojan-Downloader.Win32.Intexp.c skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF80001.VBN ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF80001.VBN CryptZ: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF80003.VBN Infected: Trojan-Downloader.Java.OpenStream.y skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B3C0000.VBN Infected: Trojan-Downloader.Win32.ConHook.ab skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B4C0001.VBN Infected: Trojan-Downloader.JS.Agent.cy skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN Infected: Trojan.Win32.Agent.rx skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040000.VBN Infected: Trojan-Downloader.Win32.Ieser.a skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C300000.VBN Infected: Trojan-Downloader.Win32.ConHook.ab skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C8C0000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CA00000.VBN Infected: Trojan-Downloader.Win32.Agent.acd skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E780001.VBN Infected: Exploit.VBS.Phel.i skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40000.VBN/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40000.VBN/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40000.VBN/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40000.VBN ZIP: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40000.VBN CryptZ: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40001.VBN/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40001.VBN/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40001.VBN/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40001.VBN ZIP: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40001.VBN CryptZ: infected - 3 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40002.VBN/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40002.VBN ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40002.VBN CryptZ: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40003.VBN/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap
     
    tork30,
    #19
  21. 2008/01/01
    tork30

    tork30 Inactive Thread Starter

    Joined:
    2006/08/13
    Messages:
    41
    Likes Received:
    0
    The Last Bit...

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40003.VBN ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\17F40003.VBN CryptZ: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1BB40000.VBN Infected: Trojan-Downloader.JS.Agent.bx skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1BB40001.VBN Infected: Trojan-Downloader.JS.Agent.bx skipped
    C:\Documents and Settings\Joey\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Messenger\tork30@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Messenger\tork30@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Messenger\tork30@hotmail.com\SharingMetadata\Working\database_B0D8_921D_D891_E1C0\dfsr.db Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Messenger\tork30@hotmail.com\SharingMetadata\Working\database_B0D8_921D_D891_E1C0\fsr.log Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Messenger\tork30@hotmail.com\SharingMetadata\Working\database_B0D8_921D_D891_E1C0\fsrtmp.log Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Messenger\tork30@hotmail.com\SharingMetadata\Working\database_B0D8_921D_D891_E1C0\tmp.edb Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Windows Live Contacts\tork30@hotmail.com\real\members.stg Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Windows Live Contacts\tork30@hotmail.com\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Application Data\SupportSoft\DellSupportCenter\Joey\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Temp\~DFA534.tmp Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Temp\~DFADCE.tmp Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Temp\~DFC0D2.tmp Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Temp\~DFC0FE.tmp Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Joey\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Joey\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Joey\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Aprps\ace.dll Infected: Trojan.Win32.Crypt.t skipped
    C:\Program Files\Aprps\CxtPls.dll Infected: Trojan-Downloader.Win32.Apropo.ag skipped
    C:\Program Files\Aprps\CxtPls.exe Infected: Trojan-Downloader.Win32.Apropo.ag skipped
    C:\Program Files\Aprps\libexpat.dll Infected: Trojan.Win32.Crypt.t skipped
    C:\Program Files\Aprps\ProxyStub.dll Infected: Trojan.Win32.Crypt.t skipped
    C:\Program Files\Aprps\uninstaller.exe Infected: Trojan.Win32.Crypt.t skipped
    C:\Program Files\Aprps\WinGenerics.dll Infected: Trojan.Win32.Crypt.t skipped
    C:\QooBox\Purity\Documents and Settings\Joey\My Documents\SSTEM~1\svchost.exe Infected: Trojan-Downloader.Win32.PurityScan.ey skipped
    C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir NSIS: infected - 3 skipped
    C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Backdoor.Win32.Agobot.amp skipped
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\opnnklk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dgw skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1211\A0102697.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1212\A0102733.exe Infected: Trojan-Downloader.Win32.Agent.hw skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1212\A0102734.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1212\A0102735.exe Infected: Trojan.Win32.Agent.crf skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1212\A0102736.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1212\A0102736.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1212\A0102795.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1212\A0103795.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1216\A0103899.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1218\A0104967.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1218\A0104968.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1219\A0105008.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1219\A0105008.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1219\A0105008.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1219\A0105008.exe NSIS: infected - 3 skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1219\A0105009.exe Infected: Backdoor.Win32.Agobot.amp skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1219\A0105010.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dgw skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1221\A0105173.exe Infected: Trojan-Downloader.Win32.PurityScan.ey skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1221\change.log Object is locked skipped
    C:\VundoFix Backups\opnnklk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dgw skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{A94D969B-D856-4DBD-B0C0-20E34D731F58}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\desktrf-111419.exe/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.b skipped
    C:\WINDOWS\SYSTEM32\desktrf-111419.exe NSIS: infected - 1 skipped
    C:\WINDOWS\SYSTEM32\desktrf-b2s.exe/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.b skipped
    C:\WINDOWS\SYSTEM32\desktrf-b2s.exe NSIS: infected - 1 skipped
    C:\WINDOWS\SYSTEM32\desktrf-cat_b2s.exe/data0002 Infected: not-a-virus:AdWare.Win32.HotSearchBar.b skipped
    C:\WINDOWS\SYSTEM32\desktrf-cat_b2s.exe NSIS: infected - 1 skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\rtneg2.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.d skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
    C:\WINDOWS\WIASERVC.LOG Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
     
    tork30,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...