Nicked

Members
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Nicked

  • Rank
    Newbie
  1. Things are looking good, Jurgen. No sign of antispyware at the moment. Thanks for all your help...I will raise a toast to you tonight.
  2. JurgenV, Done...logs to follow. Thanks for all your help with this...quite a persistent infection. Moveit log: C:\cogvvvmm1.exe moved successfully. C:\cogvvvmm3.exe moved successfully. C:\WINDOWS\SYSTEM32\scchk32.exe moved successfully. C:\cogvvvmm2.exe moved successfully. C:\WINDOWS\SYSTEM32\stfv.bin moved successfully. C:\WINDOWS\SYSTEM32\sl.bin moved successfully. C:\WINDOWS\180ax.exe moved successfully. C:\WINDOWS\stcloader.exe moved successfully. LoadLibrary failed for C:\WINDOWS\7search.dll C:\WINDOWS\7search.dll NOT unregistered. C:\WINDOWS\7search.dll moved successfully. LoadLibrary failed for C:\WINDOWS\bjam.dll C:\WINDOWS\bjam.dll NOT unregistered. C:\WINDOWS\bjam.dll moved successfully. C:\WINDOWS\wml.exe moved successfully. LoadLibrary failed for C:\WINDOWS\flt.dll C:\WINDOWS\flt.dll NOT unregistered. C:\WINDOWS\flt.dll moved successfully. C:\WINDOWS\bokja.exe moved successfully. C:\WINDOWS\SYSTEM32\wml.exe moved successfully. C:\WINDOWS\salm.exe moved successfully. C:\WINDOWS\vxddsk.exe moved successfully. LoadLibrary failed for C:\WINDOWS\swin32.dll C:\WINDOWS\swin32.dll NOT unregistered. C:\WINDOWS\swin32.dll moved successfully. LoadLibrary failed for C:\WINDOWS\SYSTEM32\WER8274.DLL C:\WINDOWS\SYSTEM32\WER8274.DLL NOT unregistered. C:\WINDOWS\SYSTEM32\WER8274.DLL moved successfully. C:\WINDOWS\satmat.exe moved successfully. LoadLibrary failed for C:\WINDOWS\SYSTEM32\MSIXU.DLL C:\WINDOWS\SYSTEM32\MSIXU.DLL NOT unregistered. C:\WINDOWS\SYSTEM32\MSIXU.DLL moved successfully. LoadLibrary failed for C:\WINDOWS\saiemod.dll C:\WINDOWS\saiemod.dll NOT unregistered. C:\WINDOWS\saiemod.dll moved successfully. LoadLibrary failed for C:\WINDOWS\mspphe.dll C:\WINDOWS\mspphe.dll NOT unregistered. C:\WINDOWS\mspphe.dll moved successfully. LoadLibrary failed for C:\WINDOWS\cdsm32.dll C:\WINDOWS\cdsm32.dll NOT unregistered. C:\WINDOWS\cdsm32.dll moved successfully. LoadLibrary failed for C:\WINDOWS\pbar.dll C:\WINDOWS\pbar.dll NOT unregistered. C:\WINDOWS\pbar.dll moved successfully. C:\WINDOWS\SYSTEM32\vxddsk.exe moved successfully. LoadLibrary failed for C:\WINDOWS\voiceip.dll C:\WINDOWS\voiceip.dll NOT unregistered. C:\WINDOWS\voiceip.dll moved successfully. C:\WINDOWS\SYSTEM32\gtv_sd.bin moved successfully. Created on 06/16/2007 16:02:31 HiJack This log: Logfile of HijackThis v1.99.1 Scan saved at 4:04:59 PM, on 6/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kuma Games\hcsystray\hc_tray.exe C:\WINDOWS\system32\scchk32.exe C:\WINDOWS\eHome\ehRecvr.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe c:\program files\mcafee.com\shared\mcinfo.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\EXPLORER.EXE C:\Documents and Settings\Kevin\Desktop\Spyware tools\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: (no name) - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - (no file) O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\yofmdcdg.dll (file missing) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
  3. Jurgenv, done... Combofix log: ComboFix 07-06-13.3 - C:\Documents and Settings\Kevin\Desktop\ComboFix.exe "Kevin" - 2007-06-16 14:26:24 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\764.exe C:\WINDOWS\csrss.exe C:\WINDOWS\hosts C:\WINDOWS\system32\~.exe ((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 ))))))))))))))))))))))))))))))) 2007-06-16 14:26 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-15 22:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2007-06-15 21:05 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys 2007-06-15 19:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\cogvvvmm 2007-06-14 18:48 99,072 --a------ C:\cogvvvmm1.exe 2007-06-14 18:48 94,464 --a------ C:\cogvvvmm3.exe 2007-06-14 18:48 286,720 --a------ C:\WINDOWS\SYSTEM32\scchk32.exe 2007-06-14 18:48 100,096 --a------ C:\cogvvvmm2.exe 2007-06-14 18:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage 2007-06-14 01:14 4 --a------ C:\WINDOWS\SYSTEM32\stfv.bin 2007-06-14 01:14 12 --a------ C:\WINDOWS\SYSTEM32\sl.bin 2007-06-14 01:12 32,256 --a------ C:\WINDOWS\180ax.exe 2007-06-14 01:12 31,232 --a------ C:\WINDOWS\stcloader.exe 2007-06-14 01:12 30,720 --a------ C:\WINDOWS\7search.dll 2007-06-14 01:12 30,464 --a------ C:\WINDOWS\bjam.dll 2007-06-14 01:12 27,136 --a------ C:\WINDOWS\wml.exe 2007-06-14 01:12 26,880 --a------ C:\WINDOWS\flt.dll 2007-06-14 01:12 26,368 --a------ C:\WINDOWS\bokja.exe 2007-06-14 01:12 25,344 --a------ C:\WINDOWS\SYSTEM32\wml.exe 2007-06-14 01:12 24,064 --a------ C:\WINDOWS\salm.exe 2007-06-14 01:12 21,760 --a------ C:\WINDOWS\vxddsk.exe 2007-06-14 01:12 20,480 --a------ C:\WINDOWS\swin32.dll 2007-06-14 01:12 19,968 --a------ C:\WINDOWS\SYSTEM32\WER8274.DLL 2007-06-14 01:12 18,688 --a------ C:\WINDOWS\satmat.exe 2007-06-14 01:12 17,920 --a------ C:\WINDOWS\SYSTEM32\MSIXU.DLL 2007-06-14 01:12 17,664 --a------ C:\WINDOWS\saiemod.dll 2007-06-14 01:12 17,408 --a------ C:\WINDOWS\mspphe.dll 2007-06-14 01:12 16,640 --a------ C:\WINDOWS\cdsm32.dll 2007-06-14 01:12 15,872 --a------ C:\WINDOWS\pbar.dll 2007-06-14 01:12 13,312 --a------ C:\WINDOWS\SYSTEM32\vxddsk.exe 2007-06-14 01:12 12,800 --a------ C:\WINDOWS\voiceip.dll 2007-06-14 01:12 12 --a------ C:\WINDOWS\SYSTEM32\gtv_sd.bin (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-16 13:43:20 -------- d-----w C:\Program Files\Google 2007-06-16 03:48:44 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-40011102}.dat 2007-06-16 03:48:44 384 ----a-w C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-40011102}.dat 2007-06-16 03:20:45 -------- d-----w C:\Program Files\QuickTime 2007-06-16 03:14:53 -------- d-----w C:\Program Files\Messenger 2007-06-16 03:04:58 -------- d-----w C:\Program Files\DellSupport 2007-06-15 03:00:19 -------- d-----w C:\Program Files\GIMP-2.0 2007-06-06 17:32:53 -------- d--h--w C:\DOCUME~1\Kevin\APPLIC~1\Move Networks 2007-05-28 03:01:03 -------- d-----w C:\DOCUME~1\Kevin\APPLIC~1\gtk-2.0 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-15 20:14:18 -------- d-----w C:\DOCUME~1\Kevin\APPLIC~1\EmuPatchMixDSP 2007-05-05 23:56:24 -------- d-----w C:\DOCUME~1\Kevin\APPLIC~1\Google 2007-05-04 22:56:48 -------- d-----w C:\Program Files\Petersons 2007-05-04 22:56:47 -------- d--h--w C:\Program Files\Zero G Registry 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2005-10-23 03:25:08 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 16:17] {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 03:05] {B7672BAF-E9A3-49B6-86B2-C81719A18A4C}=C:\WINDOWS\system32\yofmdcdg.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48] "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 14:16] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 18:54] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 03:01] "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-15 09:58] "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 17:15] "MCAgentExe"="C:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-10 17:27] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-10 17:27] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 18:55] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 17:31] "CTHelper"="CTHELPER.EXE" [2004-02-02 22:30 C:\WINDOWS\SYSTEM32\CTHELPER.EXE] "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 09:58] "hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [2006-11-01 21:46] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "SetDefaultMIDI"="MIDIDef.exe" [2003-06-20 06:13 C:\WINDOWS\MIDIDEF.EXE] "EA Core"="C:\Program Files\Electronic Arts\EA Link\Core.exe" [2007-04-17 07:59] "csrss"="C:\WINDOWS\csrss.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) "NoColorChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispCPL"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoDispSettingsPage"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSaveSettings"=0 (0x0) "NoThemesTab"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f4c9cbe-a6f6-11da-bb90-001111d16cc7}] AutoRun\command- F:\JDLightning\Windows\JDLightning.exe Contents of the 'Scheduled Tasks' folder 2007-06-16 13:43:36 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (STUDIO-Kevin).job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-16 14:28:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-16 14:29:13 C:\ComboFix-quarantined-files.txt ... 2007-06-16 14:29 --- E O F --- HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 2:42:01 PM, on 6/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kuma Games\hcsystray\hc_tray.exe C:\WINDOWS\system32\scchk32.exe C:\WINDOWS\eHome\ehRecvr.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe c:\program files\mcafee.com\shared\mcinfo.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\EXPLORER.EXE C:\DOCUME~1\Kevin\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: (no name) - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - (no file) O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\yofmdcdg.dll (file missing) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
  4. Jurgenv, Done... Move it log: C:\WINDOWS\SYSTEM32\afcdgijn.exe moved successfully. C:\WINDOWS\SYSTEM32\bjdjvjua.exe moved successfully. C:\WINDOWS\SYSTEM32\bnvdyuov.exe moved successfully. C:\WINDOWS\SYSTEM32\clrhuefi.exe moved successfully. C:\WINDOWS\SYSTEM32\cpwmihlh.exe moved successfully. C:\WINDOWS\SYSTEM32\cqnqytfa.exe moved successfully. C:\WINDOWS\SYSTEM32\evffqhsv.exe moved successfully. C:\WINDOWS\SYSTEM32\exbxiofn.exe moved successfully. C:\WINDOWS\SYSTEM32\iqvfirsr.exe moved successfully. C:\WINDOWS\SYSTEM32\kjptgocy.exe moved successfully. C:\WINDOWS\SYSTEM32\ktpnpmuv.exe moved successfully. C:\WINDOWS\SYSTEM32\lpglaxyo.exe moved successfully. C:\WINDOWS\SYSTEM32\mkbpythi.exe moved successfully. C:\WINDOWS\SYSTEM32\mosieutr.exe moved successfully. C:\WINDOWS\SYSTEM32\mxqnxycb.exe moved successfully. C:\WINDOWS\SYSTEM32\ncennayt.exe moved successfully. C:\WINDOWS\SYSTEM32\ntdjkpsu.exe moved successfully. C:\WINDOWS\SYSTEM32\pfriijti.exe moved successfully. C:\WINDOWS\SYSTEM32\qsiprklf.exe moved successfully. C:\WINDOWS\SYSTEM32\riuoragu.exe moved successfully. C:\WINDOWS\SYSTEM32\rrlwlsfl.exe moved successfully. C:\WINDOWS\SYSTEM32\ruexnveh.exe moved successfully. C:\WINDOWS\SYSTEM32\texsfavk.exe moved successfully. C:\WINDOWS\SYSTEM32\tjxhuxnw.exe moved successfully. C:\WINDOWS\SYSTEM32\tsjyempj.exe moved successfully. C:\WINDOWS\SYSTEM32\ungqkjks.exe moved successfully. C:\WINDOWS\updatetc.exe moved successfully. C:\WINDOWS\system32\msdn_lib.dll unregistered successfully. C:\WINDOWS\system32\msdn_lib.dll moved successfully. Created on 06/16/2007 09:51:27 Hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 9:54:08 AM, on 6/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kuma Games\hcsystray\hc_tray.exe C:\WINDOWS\system32\scchk32.exe C:\WINDOWS\eHome\ehRecvr.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe C:\WINDOWS\csrss.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe c:\program files\mcafee.com\shared\mcinfo.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Kevin\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: (no name) - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - (no file) O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\yofmdcdg.dll (file missing) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe O4 - HKLM\..\Run: [sC2] C:\WINDOWS\system32\scchk32.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
  5. Thanks Jurgenv I've followed your instructions completely, The symptoms seem much improved, although there is still a "your system is infected" warning coming up on the toolbar that may still be from antispycolutions. Here are the logs HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 11:36:54 PM, on 6/15/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Kuma Games\hcsystray\hc_tray.exe C:\WINDOWS\system32\scchk32.exe C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\csrss.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\Kevin\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\yofmdcdg.dll (file missing) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe O4 - HKLM\..\Run: [sC2] C:\WINDOWS\system32\scchk32.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe AVG: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 10:27:09 PM 6/15/2007 + Scan result: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined). HKU\S-1-5-21-3897814687-3101782725-2089980891-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined). C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 -> Adware.RogueSuspect : Cleaned with backup (quarantined). C:\Program Files\Ultimate Cleaner -> Adware.RogueSuspect : Cleaned with backup (quarantined). C:\Program Files\Ultimate Defender -> Adware.RogueSuspect : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\stera.job -> Adware.RogueSuspect : Cleaned with backup (quarantined). HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined). HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined). HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined). HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined). HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined). HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\wmvds32.dll -> Downloader.VB.asx : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\tmrsrv32.exe -> Downloader.VB.avl : Cleaned with backup (quarantined). C:\Documents and Settings\Dan\Local Settings\Temp\jbvqxhdc.dll -> Logger.VBStat.c : Cleaned with backup (quarantined). C:\Documents and Settings\Dan\Local Settings\Temp\lqjkhkmc.dll -> Logger.VBStat.c : Cleaned with backup (quarantined). C:\Documents and Settings\Dan\Local Settings\Temp\oonmrwys.dll -> Logger.VBStat.c : Cleaned with backup (quarantined). C:\Documents and Settings\Dan\Local Settings\Temp\vkafivya.dll -> Logger.VBStat.c : Cleaned with backup (quarantined). C:\Documents and Settings\Dan\Local Settings\Temp\vxwcfupe.dll -> Logger.VBStat.c : Cleaned with backup (quarantined). C:\Documents and Settings\Dan\Local Settings\Temp\yftynned.dll -> Logger.VBStat.c : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\wctrggdp.dll -> Logger.VBStat.c : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\glrgxcrr.dll -> Logger.VBStat.d : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\agquewnh.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\bcdqmyoq.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\blfrhiit.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\cjhtxaop.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\diklvhgn.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\dwmxcwhu.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\eevhphjj.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\fnwbnpbn.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\gkaovkai.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\gldoctrr.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\hmasabpt.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\imstsxio.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\jhmiumry.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\jmjdhtvv.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\jqwnoqbj.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\jwanertt.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\kchnolwd.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\krbfoxsw.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ktingkqm.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ludngiip.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\lufqxncq.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\mjqdxtne.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\nihhwxju.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\pksbxasg.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\qvlbthxn.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\rfdgitca.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\sdcrbjoj.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\tfobssgv.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\vqbyldqy.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\wvemlovt.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\xonuxwtv.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\yqflmyan.dll -> Logger.VBStat.e : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ajgdveoh.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\baicplcc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\bbalkvqj.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\bbyenymp.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\bchypcxw.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\bdifvqln.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\btgdbjad.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\buimfptr.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ccaokqcc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ccuimknf.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\crocutof.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\cshwwpbu.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\dlocivoi.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\dvbcylgy.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\edhsphsm.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\eqxalpan.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\etvhbdql.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\fbslmfyh.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\fcdbjbyg.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\fcnysnbq.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\gjwqejph.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\gltybrpx.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\hjusorbu.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ighaplya.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ilskjxda.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\iogspcvq.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\jgxvvreb.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\jjfbeuvs.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\jkcpduin.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\kmqwuwmj.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ksqdhxjl.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\lptkcnkj.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ltartwsa.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\lvarbjpo.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\lxwhduaq.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\mcpkjbex.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\nasbydaw.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\nfhlsopu.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\nqneiybc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\nqxfmgxy.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\nwtrutcn.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\oiljktyo.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\onjoamtq.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\oodvggqu.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\qcjnhfhx.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\qdtplacu.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\qhrqoirc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\qoryjcly.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\sysfhsdl.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\tljxclsd.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\utcjgxvc.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\uvjqmaug.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\wcsdglrv.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\wgfeepak.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\xhgkxauw.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\xjnuthlx.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\xkyxinee.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\xlhuvvdy.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ypcmstxx.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\yqipkcoh.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\yvakymum.dll -> Logger.VBStat.g : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\bhpmmnac.dll -> Logger.VBStat.i : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\birqsbdl.dll -> Logger.VBStat.i : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\grodmubc.dll -> Logger.VBStat.i : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\nqfaitkx.dll -> Logger.VBStat.i : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\omlnsvmt.dll -> Logger.VBStat.i : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ruqlbsgk.dll -> Logger.VBStat.i : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\vdttuopc.dll -> Logger.VBStat.i : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\vvrvfmpx.dll -> Logger.VBStat.i : Cleaned with backup (quarantined). C:\VundoFix Backups\bbayhify.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\VundoFix Backups\doiuhamv.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\VundoFix Backups\dqswmkeq.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\VundoFix Backups\jmuqjjib.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\VundoFix Backups\qbpjhrcm.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\VundoFix Backups\rbtvydew.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\VundoFix Backups\snenbelh.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored. C:\WINDOWS\SYSTEM32\afcdgijn.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\bjdjvjua.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\bnvdyuov.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\clrhuefi.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\cpwmihlh.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\cqnqytfa.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\evffqhsv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\exbxiofn.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\iqvfirsr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\kjptgocy.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\ktpnpmuv.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\lpglaxyo.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\mkbpythi.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\mosieutr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\mxqnxycb.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\ncennayt.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\ntdjkpsu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\pfriijti.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\qsiprklf.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\riuoragu.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\rrlwlsfl.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\ruexnveh.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\texsfavk.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\tjxhuxnw.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\tsjyempj.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\WINDOWS\SYSTEM32\ungqkjks.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. :mozilla.10:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\t9479etj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.9:C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\t9479etj.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Adobe : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Adtrak : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Belstat : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Cnn : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Connextra : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Dealtime : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Enhance : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Epilot : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Gamingpromo : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Gamingpromo : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Goclick : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Goldenpalace : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Googleadservices : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Hypertracker : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Idot : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Info : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Info : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Intelli-direct : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Live : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Masterstats : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Paypal : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Paypal : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Realmedia : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Toplist : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Yadro : Cleaned. C:\Documents and Settings\Dan\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\VundoFix Backups\DP.sys.bad -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\afywiqkj.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\auswreka.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\bpmxdhil.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\chpeejmk.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\dfminahb.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\fmhgucbv.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\frenvdwh.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\gipmwhbe.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\hauhutln.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\iuedtrqs.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\kyonqxju.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\pgsaivvl.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\pvgpgpte.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\qxxmqtet.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\sjjpqwdf.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ugvfnhma.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\vuwsreva.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\vuxgmqfg.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ygqpyomi.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\yiknvjfs.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\yysxigmd.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\yofmdcdg.dll -> Trojan.BHO.g : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP734\A0096444.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP735\A0096460.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP735\A0096659.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP736\A0096897.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\sysrlb32.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\VundoFix Backups\nclnyywr.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined). C:\VundoFix Backups\pctcjywa.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined). C:\VundoFix Backups\qaxkfuxr.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined). C:\VundoFix Backups\xibwiswv.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\khaqkwsw.exe -> Trojan.Small.ju : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ompymqqb.exe -> Trojan.Small.ju : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\xnxyxmik.exe -> Trojan.Small.ju : Cleaned with backup (quarantined). ::Report end Smitfiles: smitRem © log file version 3.2 by noahdfear Microsoft Windows XP [Version 5.1.2600] "IE"="6.0000" The current date is: Fri 06/15/2007 The current time is: 21:21:44.98 Running from C:\Documents and Settings\Kevin\Desktop\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright© 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Appinitdll check ........ Thank you Grinler! dumphive.exe ©2000-2004 Markus Stephany REGEDIT4 [Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ XP Firewall allowed access Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Documents and Settings\\Kevin\\My Documents\\EA Games\\The Sims 2\\Downloads\\utorrent.exe"="C:\\Documents and Settings\\Kevin\\My Documents\\EA Games\\The Sims 2\\Downloads\\utorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2" "C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present Trust Cleaner uninstaller NOT present SpyHeal uninstaller NOT present VirusBurst uninstaller NOT present BraveSentry uninstaller NOT present AntiVermins uninstaller NOT present VirusBursters uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ amcompat.tlb nscompat.tlb logfiles ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ susp.exe ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 [email protected] Killing PID 864 'explorer.exe' Killing PID 864 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright© 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! Activescan: Incident Status Location Virus:Bck/Agent.FSA Disinfected C:\Documents and Settings\All Users\Application Data\hwfutczk.exe Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Profiles\default\t9479etj.slt\cookies.txt[.atwola.com/] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kevin\Desktop\Spyware tools\smitRem\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kevin\Desktop\Spyware tools\smitRem.exe[smitRem/Process.exe] Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\bbayhify.exe.bad Adware:Adware/SystemDoctor Not disinfected C:\VundoFix Backups\doiuhamv.exe.bad Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\dqswmkeq.exe.bad Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jkhhf.dll.bad Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\jmuqjjib.exe.bad Adware:Adware/SystemDoctor Not disinfected C:\VundoFix Backups\qbpjhrcm.exe.bad Adware:Adware/SecurityError Not disinfected C:\VundoFix Backups\rbtvydew.exe.bad Adware:Adware/SystemDoctor Not disinfected C:\VundoFix Backups\snenbelh.exe.bad Adware:adware/ncase Not disinfected C:\WINDOWS\180ax.exe Adware:adware/wupd Not disinfected C:\WINDOWS\install.inf Virus:Bck/Agent.FSA Disinfected C:\WINDOWS\os1zn2mO7Z.exe Adware:adware/twain-tech Not disinfected C:\WINDOWS\satmat.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\afcdgijn.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\bjdjvjua.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\bnvdyuov.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\clrhuefi.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\cpwmihlh.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\cqnqytfa.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\evffqhsv.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\exbxiofn.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\iqvfirsr.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\kjptgocy.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\ktpnpmuv.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\lpglaxyo.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\mkbpythi.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\mosieutr.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\mxqnxycb.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\ncennayt.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\ntdjkpsu.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\pfriijti.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\qsiprklf.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\riuoragu.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\rrlwlsfl.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\ruexnveh.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\texsfavk.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\tjxhuxnw.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\tsjyempj.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\ungqkjks.exe Adware:adware/topconvert Not disinfected C:\WINDOWS\updatetc.exe
  6. Help My system has been infected by antispywaresolutions.com. I'm experiencing the same symptoms I've seen reported by others...constant popups, red screen, disabled task manager. I've run ad-aware, but that didn't help. So I downloaded HijackThis and ran it...the log file is as follows: Logfile of HijackThis v1.99.1 Scan saved at 8:33:57 PM, on 6/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\tmrsrv32.exe C:\WINDOWS\system32\msorcl32.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Kuma Games\hcsystray\hc_tray.exe C:\Documents and Settings\All Users\Application Data\hwfutczk.exe C:\WINDOWS\system32\scchk32.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Electronic Arts\EA Link\Core.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\csrss.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\Kevin\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: msdn_lib.msdn_hlp - {38847C4B-1AB1-4A47-9026-9A6CF7B43D31} - C:\WINDOWS\system32\msdn_lib.dll O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\yofmdcdg.dll O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe O4 - HKLM\..\Run: [hwfutczk.exe] C:\Documents and Settings\All Users\Application Data\hwfutczk.exe O4 - HKLM\..\Run: [sC2] C:\WINDOWS\system32\scchk32.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe Can someone help?