todechineys02

Members
  • Content Count

    14
  • Joined

  • Last visited

About todechineys02

  • Rank
    Member
  • Birthday 03/07/1981

Profile Information

  • Gender
    Female
  • Location
    Idaho
  1. My home computer all of the sudden has a program called Antivirus 360 on it. If you go to surf th eweb it comes up and shows it has blocked the web page. Ran spybot and removed what come up but it still is there. I am having a hard time log ing on to this site at home but can get in to my email...Is there any way you can email me as well..... Please Help Thanks so much Katie Todechiney
  2. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/06/2008 at 08:02 PM Application Version : 4.21.1004 Core Rules Database Version : 3591 Trace Rules Database Version: 1578 Scan type : Complete Scan Total Scan Time : 01:09:22 Memory items scanned : 355 Memory threats detected : 0 Registry items scanned : 6099 Registry threats detected : 1 File items scanned : 94531 File threats detected : 3 Adware.AdSponsor/ISM HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} Adware.Tracking Cookie C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Adware.k8l C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\PROFSY.HTML.VIR
  3. I haven't used it much in the last couple days.....what little bit i have been on here it seems to be running okay
  4. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:43:40 PM, on 10/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\QuickTime\bak\qttask.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.melaleuca.com O15 - Trusted Zone: http://www.wellsfargo.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103003783640 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.5.0.4.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3C640BD-7822-430B-A97D-32309D1B10D4}: NameServer = 205.171.3.65,205.171.2.65 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll O21 - SSODL: Adobe Acrobat 5.0 - {74ED521F-7B75-7458-EFE8-A5F313C962AE} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- End of file - 9428 bytes
  5. Malwarebytes' Anti-Malware 1.28 Database version: 1226 Windows 5.1.2600 Service Pack 2 10/3/2008 11:18:44 PM mbam-log-2008-10-03 (23-18-44).txt Scan type: Full Scan (C:\|) Objects scanned: 141292 Time elapsed: 54 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 13 Files Infected: 273 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{b0e43034-50f5-1f84-8098-824b44f2dbc3} (Adware.AdMedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SWD123 (Rogue.SpyDefender) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Trend Micro\HijackThis\backups\backup-20080217-203928-731.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\Program Files\AdwareAlert\AdwareAlert.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\fp.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Log\2008 Jan 28 - 05_33_44 PM_781.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Log\2008 Jan 28 - 12_31_29 PM_734.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\0.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\0.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\1.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\1.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\10.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\10.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\11.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\11.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\12.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\12.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\13.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\14.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\15.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\16.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\17.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\18.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\19.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\2.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\2.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\20.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\3.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\3.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\4.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\4.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\5.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\5.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\6.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\6.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\7.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\7.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\8.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\8.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\9.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\18-01-2008-12-36-43\9.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\0.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\0.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\1.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\1.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\10.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\10.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\11.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\11.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\12.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\12.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\13.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\13.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\14.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\14.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\15.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\15.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\16.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\16.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\17.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\17.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\18.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\18.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\19.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\2.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\2.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\20.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\21.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\22.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\23.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\24.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\25.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\26.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\3.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\3.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\4.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\4.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\5.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\5.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\6.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\6.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\7.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\7.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\8.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\8.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\9.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\19-01-2008-09-14-28\9.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15\0.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15\0.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15\1.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15\1.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15\2.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15\3.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15\4.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15\5.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15\6.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15\7.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15\8.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-10-22-15\9.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\0.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\0.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\1.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\1.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\10.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\11.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\12.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\13.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\2.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\2.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\3.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\3.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\4.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\4.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\5.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\5.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\6.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\7.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\8.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\20-01-2008-19-42-31\9.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\0.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\0.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\1.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\1.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\10.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\10.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\11.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\11.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\12.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\12.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\13.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\13.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\14.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\14.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\15.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\16.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\17.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\18.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\19.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\2.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\2.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\20.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\21.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\22.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\3.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\3.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\4.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\4.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\5.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\5.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\6.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\6.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\7.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\7.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\8.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\8.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\9.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\23-01-2008-07-33-52\9.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\0.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\0.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\1.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\1.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\10.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\11.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\12.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\13.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\14.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\15.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\16.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\17.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\2.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\2.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\3.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\3.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\4.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\4.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\5.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\5.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\6.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\6.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\7.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\7.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\8.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\8.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\9.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\24-01-2008-21-01-49\9.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\0.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\0.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\1.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\1.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\10.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\10.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\11.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\11.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\12.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\13.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\14.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\15.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\16.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\17.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\18.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\19.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\2.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\2.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\3.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\3.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\4.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\4.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\5.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\5.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\6.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\6.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\7.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\7.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\8.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\8.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\9.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\25-01-2008-08-35-41\9.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\0.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\0.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\1.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\1.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\10.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\10.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\11.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\11.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\12.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\12.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\13.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\13.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\14.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\14.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\15.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\15.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\16.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\16.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\17.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\17.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\18.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\18.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\19.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\19.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\2.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\2.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\20.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\20.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\21.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\21.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\22.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\23.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\24.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\25.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\26.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\27.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\28.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\29.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\3.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\3.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\4.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\4.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\5.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\5.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\6.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\6.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\7.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\7.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\8.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\8.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\9.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\AdwareAlert\Quarantine\27-01-2008-17-37-44\9.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\bbcscte.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jpewocmz.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Saturday, October 4, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, October 04, 2008 05:34:31 Records in database: 1288125 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ F:\ G:\ Scan statistics Files scanned 94121 Threat name 2 Infected objects 2 Suspicious objects 0 Duration of the scan 02:22:53 File name Threat name Threats count C:\Program Files\Enigma Software Group\SpyHunter\Backup\insider.exe.dat Infected: not-a-virus:AdWare.Win32.Insider.a 1 C:\QooBox\Quarantine\catchme2008-02-14_190925.29.zip Infected: Rootkit.Win32.Agent.sg 1
  6. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:36:03 PM, on 10/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\QuickTime\bak\qttask.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.melaleuca.com O15 - Trusted Zone: http://www.wellsfargo.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103003783640 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.5.0.4.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3C640BD-7822-430B-A97D-32309D1B10D4}: NameServer = 205.171.3.65,205.171.2.65 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll O21 - SSODL: Adobe Acrobat 5.0 - {74ED521F-7B75-7458-EFE8-A5F313C962AE} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- End of file - 9380 bytes
  7. It didn't show when i rebooted in safe mood. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:23:58 PM, on 2/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\bak\qttask.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.melaleuca.com O15 - Trusted Zone: http://www.wellsfargo.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103003783640 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.5.0.4.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3C640BD-7822-430B-A97D-32309D1B10D4}: NameServer = 205.171.3.65,205.171.2.65 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll O21 - SSODL: Adobe Acrobat 5.0 - {74ED521F-7B75-7458-EFE8-A5F313C962AE} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- End of file - 9701 bytes
  8. KASPERSKY ONLINE SCANNER REPORT Sunday, February 17, 2008 10:28:04 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 17/02/2008 Kaspersky Anti-Virus database records: 570059 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics Total number of scanned objects 82448 Number of viruses found 3 Number of infected objects 5 Number of suspicious objects 0 Duration of the scan process 01:15:37 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12082007-203029.log Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFF207.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped C:\Program Files\Enigma Software Group\SpyHunter\Backup\insider.exe.dat/Program Files/Insider/Insider.exe Infected: not-a-virus:AdWare.Win32.Insider.a skipped C:\Program Files\Enigma Software Group\SpyHunter\Backup\insider.exe.dat ZIP: infected - 1 skipped C:\QooBox\Quarantine\catchme2008-02-14_190925.29.zip/core.sys Infected: Rootkit.Win32.Agent.sg skipped C:\QooBox\Quarantine\catchme2008-02-14_190925.29.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{1328CE5C-DE94-4B3A-A6EA-DFC2E4247BAD}\RP1120\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\QB GDS P.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  9. Find AWF report by noahdfear ©2006 Version 1.40 Option 3 run successfully The current date is: Sat 02/16/2008 The current time is: 22:16:52.17 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\QUICKT~1\BAK 02/07/2007 08:32 PM 282,624 qttask.exe 1 File(s) 282,624 bytes Directory of C:\PROGRA~1\WIFD1F~1\BAK 11/03/2006 07:20 PM 866,584 MSASCui.exe 1 File(s) 866,584 bytes Directory of C:\PROGRA~1\ALWILS~1\AVAST4\BAK 12/04/2007 06:00 AM 79,224 ashDisp.exe 1 File(s) 79,224 bytes Directory of C:\PROGRA~1\GRISOFT\AVG7\BAK 01/11/2008 09:09 PM 579,072 avgcc.exe 1 File(s) 579,072 bytes Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK 09/28/2004 08:26 PM 32,881 jusched.exe 1 File(s) 32,881 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 282624 Feb 7 2007 "C:\Program Files\QuickTime\qttask.exe" 282624 Feb 7 2007 "C:\Program Files\QuickTime\bak\qttask.exe" 866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe" 866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe" 79224 Dec 4 2007 "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" 79224 Dec 4 2007 "C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe" 579072 Jan 11 2008 "C:\Program Files\Grisoft\AVG7\avgcc.exe" 579072 Jan 11 2008 "C:\Program Files\Grisoft\AVG7\bak\avgcc.exe" 144784 Dec 14 2007 "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" 32881 Sep 28 2004 "C:\Program Files\Java\j2re1.4.2_06\bin\bak\jusched.exe" 139264 Dec 14 2007 "C:\Program Files\Java\jdk1.6.0_04\jre\bin\jusched.exe" end of report Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:33:36 PM, on 2/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\bak\qttask.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [spyDefender Shield] "C:\Program Files\SpyDefender Pro\SpyDefender.exe" --scan2 O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.melaleuca.com O15 - Trusted Zone: http://www.wellsfargo.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103003783640 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.5.0.4.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3C640BD-7822-430B-A97D-32309D1B10D4}: NameServer = 205.171.3.65,205.171.2.65 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O21 - SSODL: Adobe Acrobat 5.0 - {74ED521F-7B75-7458-EFE8-A5F313C962AE} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- End of file - 9960 bytes
  10. Directory of C:\WINDOWS\SYSTEM32\BAK 10/19/2005 07:59 AM 126,976 hkcmd.exe 10/19/2005 07:59 AM 155,648 igfxtray.exe 07/09/2001 12:50 PM 155,648 NeroCheck.exe 3 File(s) 438,272 bytes Directory of C:\PROGRA~1\ALWILS~1\AVAST4\BAK 12/04/2007 06:00 AM 79,224 ashDisp.exe 1 File(s) 79,224 bytes Directory of C:\PROGRA~1\GRISOFT\AVG7\BAK 01/11/2008 09:09 PM 579,072 avgcc.exe 1 File(s) 579,072 bytes Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK 09/13/2004 02:49 PM 49,152 HPWuSchd2.exe 1 File(s) 49,152 bytes Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK 10/10/2007 07:51 PM 39,792 Reader_sl.exe 1 File(s) 39,792 bytes Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK 09/28/2004 08:26 PM 32,881 jusched.exe 1 File(s) 32,881 bytes Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK 12/14/2004 09:07 AM 176,128 hpztsb12.exe 1 File(s) 176,128 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 6366448 Dec 28 2007 "C:\Program Files\AdwareAlert\AdwareAlert.exe" 6366448 Dec 28 2007 "C:\Program Files\AdwareAlert\bak\AdwareAlert.exe" 590728 Dec 15 2006 "C:\Program Files\CCleaner\ccleaner.exe" 590728 Dec 15 2006 "C:\Program Files\CCleaner\bak\ccleaner.exe" 282624 Feb 7 2007 "C:\Program Files\QuickTime\qttask.exe" 282624 Feb 7 2007 "C:\Program Files\QuickTime\bak\qttask.exe" 866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe" 866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe" 126976 Oct 19 2005 "C:\WINDOWS\system32\hkcmd.exe" 114688 Apr 6 2003 "C:\Katie Todechiney\DRIVERS\VIDEO\HKCMD.EXE" 126976 Oct 19 2005 "C:\WINDOWS\system32\bak\hkcmd.exe" 114688 Apr 7 2003 "C:\DELL\drivers\R60084\Graphics\Win2000\hkcmd.exe" 118784 Feb 10 2004 "C:\WINDOWS\system32\ReinstallBackups010\DriverFiles\hkcmd.exe" 155648 Oct 19 2005 "C:\WINDOWS\system32\igfxtray.exe" 155648 Apr 6 2003 "C:\Katie Todechiney\DRIVERS\VIDEO\IGFXTRAY.EXE" 155648 Oct 19 2005 "C:\WINDOWS\system32\bak\igfxtray.exe" 155648 Apr 7 2003 "C:\DELL\drivers\R60084\Graphics\Win2000\igfxtray.exe" 155648 Feb 10 2004 "C:\WINDOWS\system32\ReinstallBackups010\DriverFiles\igfxtray.exe" 155648 Jul 9 2001 "C:\WINDOWS\system32\NeroCheck.exe" 155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe" 79224 Dec 4 2007 "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" 79224 Dec 4 2007 "C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe" 579072 Jan 11 2008 "C:\Program Files\Grisoft\AVG7\avgcc.exe" 579072 Jan 11 2008 "C:\Program Files\Grisoft\AVG7\bak\avgcc.exe" 49152 Sep 13 2004 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" 49152 Sep 13 2004 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe" 39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe" 14348 Jan 28 2008 "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe" 132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" 32881 Sep 28 2004 "C:\Program Files\Java\j2re1.4.2_06\bin\bak\jusched.exe" 176128 Dec 14 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" 176128 Dec 14 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb12.exe" end of report Ad-Aware 2007 Adobe Acrobat 5.0 Adobe Flash Player ActiveX Adobe Reader 8.1.1 Adobe Shockwave Player Advanced WindowsCare Personal 2.6.0 Ahead Nero - Burning Rom AOL Instant Messenger AOL Pictures Tools (version 10.5.0.4) avast! Antivirus BCM V.92 56K Modem Big Mutha Truckers Broadcom 440x 10/100 Integrated Controller BUM CCleaner (remove only) Dell Picture Studio - Dell Image Expert Dell ResourceCD DVC305 Google Earth Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Hard Truck 18 Wheels of Steel HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Extended Capabilities 4.7 HP Image Zone 4.7 HP PSC & OfficeJet 4.7 HP Software Update Intel® Extreme Graphics Driver Intel® Integrated Performance Primitives RTI 4.0 InterActual Player Java 2 Runtime Environment, SE v1.4.2_06 Java 6 Update 2 Java 6 Update 3 Lemonade Tycoon Melaleuca - Sun Valley Screen Saver Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2004 Microsoft Money 2004 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional with FrontPage Microsoft User-Mode Driver Framework Feature Pack 1.0 MSN Toolbar MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK Musicmatch for Windows Media Player Paint Shop Pro 7 PC Wizard 2007.1.72 PowerDVD Presto! VideoWorks 6 (VCD Version) QuickBooks Pro 2008 Rahjongg The Curse of Ra Rhapsody Player Engine RollerCoaster Tycoon 2 RollerCoaster Tycoon 2: Wacky Worlds Scrapbook Factory Deluxe 3.0 Secure Game Player Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB946026) SimCity 4 Deluxe Smart Start UP SoundMAX Spybot - Search & Destroy 1.4 Streets of SimCity SupportSoft Assisted Service Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) USB MS Windows Defender Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinZip WordPerfect Office 11 Yahoo! Toolbar
  11. WinXP_EN_HOM_BF.EXE [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons Find AWF report by noahdfear ©2006 Version 1.40 The current date is: Sat 02/16/2008 The current time is: 9:44:36.50 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\ADWARE~1\BAK 12/28/2007 03:01 PM 6,366,448 AdwareAlert.exe 1 File(s) 6,366,448 bytes Directory of C:\PROGRA~1\CCLEANER\BAK 12/15/2006 05:13 AM 590,728 ccleaner.exe 1 File(s) 590,728 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 02/07/2007 08:32 PM 282,624 qttask.exe 1 File(s) 282,624 bytes Directory of C:\PROGRA~1\WIFD1F~1\BAK 11/03/2006 07:20 PM 866,584 MSASCui.exe 1 File(s) 866,584 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 10/19/2005 07:59 AM 126,976 hkcmd.exe 10/19/2005 07:59 AM 155,648 igfxtray.exe 07/09/2001 12:50 PM 155,648 NeroCheck.exe 3 File(s) 438,272 bytes Directory of C:\PROGRA~1\ALWILS~1\AVAST4\BAK 12/04/2007 06:00 AM 79,224 ashDisp.exe 1 File(s) 79,224 bytes Directory of C:\PROGRA~1\GRISOFT\AVG7\BAK 01/11/2008 09:09 PM 579,072 avgcc.exe 1 File(s) 579,072 bytes Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK 09/13/2004 02:49 PM 49,152 HPWuSchd2.exe 1 File(s) 49,152 bytes Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK 10/10/2007 07:51 PM 39,792 Reader_sl.exe 1 File(s) 39,792 bytes Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK 09/28/2004 08:26 PM 32,881 jusched.exe 1 File(s) 32,881 bytes Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK 12/14/2004 09:07 AM 176,128 hpztsb12.exe 1 File(s) 176,128 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 6366448 Dec 28 2007 "C:\Program Files\AdwareAlert\bak\AdwareAlert.exe" 14348 Jan 28 2008 "C:\Program Files\CCleaner\ccleaner.exe" 590728 Dec 15 2006 "C:\Program Files\CCleaner\bak\ccleaner.exe" 14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe" 282624 Feb 7 2007 "C:\Program Files\QuickTime\bak\qttask.exe" 14348 Jan 28 2008 "C:\Program Files\Windows Defender\MSASCui.exe" 866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe" 14348 Jan 28 2008 "C:\WINDOWS\system32\hkcmd.exe" 114688 Apr 6 2003 "C:\Katie Todechiney\DRIVERS\VIDEO\HKCMD.EXE" 126976 Oct 19 2005 "C:\WINDOWS\system32\bak\hkcmd.exe" 114688 Apr 7 2003 "C:\DELL\drivers\R60084\Graphics\Win2000\hkcmd.exe" 118784 Feb 10 2004 "C:\WINDOWS\system32\ReinstallBackups010\DriverFiles\hkcmd.exe" 14348 Jan 28 2008 "C:\WINDOWS\system32\igfxtray.exe" 155648 Apr 6 2003 "C:\Katie Todechiney\DRIVERS\VIDEO\IGFXTRAY.EXE" 155648 Oct 19 2005 "C:\WINDOWS\system32\bak\igfxtray.exe" 155648 Apr 7 2003 "C:\DELL\drivers\R60084\Graphics\Win2000\igfxtray.exe" 155648 Feb 10 2004 "C:\WINDOWS\system32\ReinstallBackups010\DriverFiles\igfxtray.exe" 14348 Jan 28 2008 "C:\WINDOWS\system32\NeroCheck.exe" 155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe" 79224 Dec 4 2007 "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" 79224 Dec 4 2007 "C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe" 579072 Jan 11 2008 "C:\Program Files\Grisoft\AVG7\bak\avgcc.exe" 14348 Jan 28 2008 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" 49152 Sep 13 2004 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe" 14348 Jan 28 2008 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 39792 Oct 10 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe" 14348 Jan 28 2008 "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe" 132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" 32881 Sep 28 2004 "C:\Program Files\Java\j2re1.4.2_06\bin\bak\jusched.exe" 14348 Jan 28 2008 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" 176128 Dec 14 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb12.exe" end of report
  12. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:20:35 PM, on 2/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\bak\qttask.exe C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG12.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [spyDefender Shield] "C:\Program Files\SpyDefender Pro\SpyDefender.exe" --scan2 O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.melaleuca.com O15 - Trusted Zone: http://www.wellsfargo.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103003783640 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.5.0.4.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3C640BD-7822-430B-A97D-32309D1B10D4}: NameServer = 205.171.3.65,205.171.2.65 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O21 - SSODL: Adobe Acrobat 5.0 - {74ED521F-7B75-7458-EFE8-A5F313C962AE} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- End of file - 9899 bytes ComboFix 08-02-15.1 - Owner 2008-02-14 18:47:08.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.88 [GMT -7:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\core.sys C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo C:\Program Files\Common Files\appatc~1 C:\Program Files\Common Files\appatc~1\A?pPatch\ C:\Program Files\Common Files\profsy.html C:\Program Files\fnts~1 C:\Program Files\Insider C:\Program Files\Temporary C:\Program Files\WinBudget C:\Program Files\WinBudget\bin\crap.1201581084.old C:\Program Files\WinBudget\bin\matrix.dat C:\Program Files\WinBudget\bin\matrix.dll C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\bkR11 C:\Temp\bkR11\ftCa.log C:\temp\tn3 C:\WINDOWS\system32\din.ip C:\WINDOWS\system32\drivers\blank.gif C:\WINDOWS\system32\drivers\box_2.gif C:\WINDOWS\system32\drivers\button_buynow.gif C:\WINDOWS\system32\drivers\button_freescan.gif C:\WINDOWS\system32\drivers\cell_bg.gif C:\WINDOWS\system32\drivers\cell_footer.gif C:\WINDOWS\system32\drivers\cell_header_block.gif C:\WINDOWS\system32\drivers\cell_header_remove.gif C:\WINDOWS\system32\drivers\cell_header_scan.gif C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\core.sys C:\WINDOWS\system32\drivers\detect.htm C:\WINDOWS\system32\drivers\download_btn.jpg C:\WINDOWS\system32\drivers\download_now_btn.gif C:\WINDOWS\system32\drivers\footer_back.jpg C:\WINDOWS\system32\drivers\header_1.gif C:\WINDOWS\system32\drivers\header_2.gif C:\WINDOWS\system32\drivers\header_3.gif C:\WINDOWS\system32\drivers\header_4.gif C:\WINDOWS\system32\drivers\header_red_bg.gif C:\WINDOWS\system32\drivers\header_red_free_scan.gif C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif C:\WINDOWS\system32\drivers\infected.gif C:\WINDOWS\system32\drivers\main_back.gif C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\drivers\product_2_header.gif C:\WINDOWS\system32\drivers\product_2_name_small.gif C:\WINDOWS\system32\drivers\product_features.gif C:\WINDOWS\system32\drivers\pt.htm C:\WINDOWS\system32\drivers\rating.gif C:\WINDOWS\system32\drivers\s_detect.htm C:\WINDOWS\system32\drivers\screenshot.jpg C:\WINDOWS\system32\drivers\sep_hor.gif C:\WINDOWS\system32\drivers\sep_vert.gif C:\WINDOWS\system32\drivers\shadow.jpg C:\WINDOWS\system32\drivers\shadow_bg.gif C:\WINDOWS\system32\drivers\spacer.gif C:\WINDOWS\system32\drivers\star.gif C:\WINDOWS\system32\drivers\star_gray.gif C:\WINDOWS\system32\drivers\star_gray_small.gif C:\WINDOWS\system32\drivers\star_small.gif C:\WINDOWS\system32\drivers\style.css C:\WINDOWS\system32\drivers\v.gif C:\WINDOWS\system32\drivers\warning_icon.gif C:\WINDOWS\system32\drivers\win_logo.gif C:\WINDOWS\system32\drivers\x.gif C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\Packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\rev1 C:\WINDOWS\system32\v2 C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CORE -------\LEGACY_NETWORK_MONITOR -------\core ((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))) . 2008-02-14 03:01 . 2008-02-14 03:02 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-02-09 12:18 . 2008-02-09 12:18 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-07 19:55 . 2008-02-07 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-07 19:35 . 2008-02-07 19:35 <DIR> d-------- C:\Program Files\IObit 2008-02-07 19:27 . 2008-02-07 19:27 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-07 19:26 . 2008-02-07 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-07 19:24 . 2008-02-07 19:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-07 18:33 . 2008-02-07 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-01-28 21:47 . 2008-01-28 21:47 14 --a------ C:\WINDOWS\00F4-077B-D103-DBBD.dat 2008-01-28 18:57 . 2008-01-28 18:57 <DIR> d-------- C:\WINDOWS\system32\bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-15 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-08 02:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo! 2008-02-08 02:35 --------- d-----w C:\Program Files\Yahoo! 2008-02-08 01:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-08 01:23 --------- d-----w C:\Program Files\Common Files\NewSoft 2008-02-08 00:44 --------- d-----w C:\Program Files\DivX 2008-02-07 23:20 --------- d-----w C:\Program Files\AdwareAlert 2008-01-29 02:04 --------- d-----w C:\Program Files\Windows Defender 2008-01-29 02:04 --------- d-----w C:\Program Files\QuickTime 2008-01-29 02:04 --------- d-----w C:\Program Files\CCleaner 2008-01-29 00:37 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdwareAlert 2008-01-12 23:13 2,124 ---ha-w C:\Documents and Settings\All Users\Application Data\index0.dat 2008-01-12 06:08 --------- d-----w C:\Program Files\AIM 2007-12-25 06:36 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-09-01 05:06 64,960 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 39,792 2007-10-11 02:51:56 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe ----a-w 14,348 2008-01-29 02:02:36 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ----a-w 6,366,448 2007-12-28 22:01:24 C:\Program Files\AdwareAlert\bak\AdwareAlert.exe ----a-w 79,224 2007-12-04 13:00:23 C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe ----a-w 79,224 2007-12-04 13:00:23 C:\Program Files\Alwil Software\Avast4\ashDisp.exe ----a-w 590,728 2006-12-15 12:13:22 C:\Program Files\CCleaner\bak\ccleaner.exe ----a-w 14,348 2008-01-29 02:02:36 C:\Program Files\CCleaner\ccleaner.exe ----a-w 579,072 2008-01-12 04:09:24 C:\Program Files\Grisoft\AVG7\bak\avgcc.exe ----a-w 49,152 2004-09-13 21:49:00 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe ----a-w 14,348 2008-01-29 02:02:36 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe ----a-w 32,881 2004-09-29 03:26:04 C:\Program Files\Java\j2re1.4.2_06\bin\bak\jusched.exe ----a-w 14,348 2008-01-29 02:02:36 C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe ----a-w 282,624 2007-02-08 03:32:25 C:\Program Files\QuickTime\bak\qttask.exe ----a-w 14,348 2008-01-29 02:02:36 C:\Program Files\QuickTime\qttask.exe ----a-w 866,584 2006-11-04 02:20:12 C:\Program Files\Windows Defender\bak\MSASCui.exe ----a-w 14,348 2008-01-29 02:02:36 C:\Program Files\Windows Defender\MSASCui.exe ----a-w 126,976 2005-10-19 14:59:12 C:\WINDOWS\system32\bak\hkcmd.exe ----a-w 14,348 2008-01-29 02:02:36 C:\WINDOWS\system32\hkcmd.exe ----a-w 155,648 2005-10-19 14:59:14 C:\WINDOWS\system32\bak\igfxtray.exe ----a-w 14,348 2008-01-29 02:02:36 C:\WINDOWS\system32\igfxtray.exe ----a-w 155,648 2001-07-09 19:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe ----a-w 14,348 2008-01-29 02:02:36 C:\WINDOWS\system32\NeroCheck.exe ----a-w 176,128 2004-12-14 16:07:44 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb12.exe ----a-w 14,348 2008-01-29 02:02:36 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-01-28 19:02 14348] "SpyDefender Shield"="C:\Program Files\SpyDefender Pro\SpyDefender.exe" [ ] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\bak\qttask.exe" [2007-02-07 20:32 282624] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-28 19:02 14348] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-28 19:02 14348] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2008-01-28 19:02 14348] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-28 19:02 14348] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-28 19:02 14348] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-28 19:02 14348] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 06:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 17:04 5562368] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 14:34] . Contents of the 'Scheduled Tasks' folder "2008-02-14 10:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - C:\Program Files\AdwareAlert\AdwareAlert.ex - C:\Program Files\AdwareAlert "2008-02-15 02:12:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-02-15 01:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job" - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 19:10:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG12.exe . ************************************************************************** . Completion time: 2008-02-14 19:16:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-15 02:16:09 . 2008-02-15 01:20:51 --- E O F ---
  13. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:25:34 PM, on 2/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\bak\qttask.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\BCMSMMSG.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O2 - BHO: (no name) - {dd9873b6-1dd1-11b2-bf43-c53634b94b8a} - (no file) O2 - BHO: (no name) - {F503740D-389F-45CE-A9DA-2A23FF12B31E} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [spyDefender Shield] "C:\Program Files\SpyDefender Pro\SpyDefender.exe" --scan2 O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.melaleuca.com O15 - Trusted Zone: http://www.wellsfargo.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103003783640 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.5.0.4.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3C640BD-7822-430B-A97D-32309D1B10D4}: NameServer = 205.171.3.65,205.171.2.65 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O21 - SSODL: Adobe Acrobat 5.0 - {74ED521F-7B75-7458-EFE8-A5F313C962AE} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\profsy.html -- End of file - 10427 bytes