lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Slower and slower

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 1 of 5 1 2345
 
Thread Tools
  #1  
Old 4th Apr 2008, 10:57
Member Group
  
After downloading some stuff my puter is getting slower and slower with annoying spyware/malware add popping up that I cant get rid of. PLease help guys..
  #2  
Old 4th Apr 2008, 11:02
Administrator Group
  
Start Here: http://www.computer-juice.com/forums...-posting-7476/
__________________

My System: Hybr!d

Processor(s):
AMD Turion 64 x2 TL-64 2.2GHz
Motherboard:
HP nForce 560
RAM Memory:
2GB DDR2 PC2-5300
Graphics Card(s):
Nvidia 7150M Onboard Integrated
Sound Card:
5.1 Onboard Integrated
Hard Drive(s):
250GB 5400RPM SATA300
Optical Drive(s):
18x CD/DVDRW-DL ATA
Case / PSU:
Stock HP
Cooling:
Stock HP
Network / Internet:
10/100 Nic / 10MB Virgin Cable
Monitor(s):
17" WXGA+ HD BrightView Widescreen
Operating System(s):
Windows 7 Ultimate 32Bit
  #3  
Old 4th Apr 2008, 14:51
Member Group
  
ok this is the first log. I take it I just continue?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2008 at 10:06 PM
Application Version : 4.0.1154
Core Rules Database Version : 3431
Trace Rules Database Version: 1423
Scan type : Complete Scan
Total Scan Time : 01:41:45
Memory items scanned : 703
Memory threats detected : 1
Registry items scanned : 5826
Registry threats detected : 43
File items scanned : 289779
File threats detected : 158
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\MLJJJ.DLL
C:\WINDOWS\SYSTEM32\MLJJJ.DLL
Trojan.WinFixer
HKLM\Software\Classes\CLSID\{09888678-51D6-42FC-9437-CBBFDA0B86EA}
HKCR\CLSID\{09888678-51D6-42FC-9437-CBBFDA0B86EA}
HKCR\CLSID\{09888678-51D6-42FC-9437-CBBFDA0B86EA}\InprocServer32
HKCR\CLSID\{09888678-51D6-42FC-9437-CBBFDA0B86EA}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{6800D574-80D6-4F0F-B6C9-E590AF2F999B}
HKCR\CLSID\{6800D574-80D6-4F0F-B6C9-E590AF2F999B}
HKCR\CLSID\{6800D574-80D6-4F0F-B6C9-E590AF2F999B}\InprocServer32
HKCR\CLSID\{6800D574-80D6-4F0F-B6C9-E590AF2F999B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKKLL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{09888678-51D6-42FC-9437-CBBFDA0B86EA}
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}\InprocServer32
HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\TUVSQPQ.DLL
HKLM\Software\Classes\CLSID\{D85530E8-D39D-49D0-9F36-300D594556D2}
HKCR\CLSID\{D85530E8-D39D-49D0-9F36-300D594556D2}
HKCR\CLSID\{D85530E8-D39D-49D0-9F36-300D594556D2}\InprocServer32
HKCR\CLSID\{D85530E8-D39D-49D0-9F36-300D594556D2}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YAYWUVW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks#{D85530E8-D39D-49D0-9F36-300D594556D2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks#{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
HKCR\CLSID\{D85530E8-D39D-49D0-9F36-300D594556D2}
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32#ThreadingModel
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\ProgID
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\Programmable
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\TypeLib
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\VersionIndependentProgID
C:\PROGRA~1\DAP\SBSEARCH.DLL
HKU\S-1-5-21-73586283-1326574676-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks#{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\SearchHook.SrchHook.1
HKCR\SearchHook.SrchHook
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0\win32
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\FLAGS
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\HELPDIR
Adware.Tracking Cookie
C:\Documents and Settings\Danny\Cookies\danny@serving-sys[1].txt
C:\Documents and Settings\Danny\Cookies\danny@tribalfusion[1].txt
C:\Documents and Settings\Danny\Cookies\danny@doubleclick[1].txt
C:\Documents and Settings\Danny\Cookies\danny@bs.serving-sys[1].txt
C:\Documents and Settings\Danny\Cookies\danny@bs.serving-sys[2].txt
C:\Documents and Settings\Roz\Cookies\roz@ad.yieldmanager[2].txt
C:\Documents and Settings\Roz\Cookies\roz@ad.zanox[1].txt
C:\Documents and Settings\Roz\Cookies\roz@adnetserver[1].txt
C:\Documents and Settings\Roz\Cookies\roz@ads.alpharooms[2].txt
C:\Documents and Settings\Roz\Cookies\roz@ads1.alpharooms[2].txt
C:\Documents and Settings\Roz\Cookies\roz@ads2.alpharooms[1].txt
C:\Documents and Settings\Roz\Cookies\roz@ads3.alpharooms[1].txt
C:\Documents and Settings\Roz\Cookies\roz@ads4.alpharooms[1].txt
C:\Documents and Settings\Roz\Cookies\roz@adultfriendfinder[2].txt
C:\Documents and Settings\Roz\Cookies\roz@gostats[2].txt
C:\Documents and Settings\Roz\Cookies\roz@hornymatches[2].txt
C:\Documents and Settings\Roz\Cookies\roz@indexstats[1].txt
C:\Documents and Settings\Roz\Cookies\roz@indexstats[3].txt
C:\Documents and Settings\Roz\Cookies\roz@linksynergy[1].txt
C:\Documents and Settings\Roz\Cookies\roz@media2.mediafileshost[2].txt
C:\Documents and Settings\Roz\Cookies\roz@statcounter[1].txt
C:\Documents and Settings\Roz\Cookies\roz@statse.webtrendslive[2].txt
C:\Documents and Settings\Roz\Cookies\roz@tracking.summitmedia.co[1].txt
C:\Documents and Settings\Roz\Cookies\roz@webstats.wthosting.co[2].txt
C:\Documents and Settings\Roz\Cookies\roz@www.admedia365[2].txt
C:\Documents and Settings\Roz\Cookies\roz@www.admedia365[3].txt
C:\Documents and Settings\Roz\Cookies\roz@www.hxtrack[2].txt
H:\Documents and Settings\Rozzie\Cookies\rozzie@indexstats[2].txt
H:\Documents and Settings\Rozzie\Cookies\rozzie@pc-finder.co[2].txt
H:\Documents and Settings\Rozzie\Cookies\rozzie@www.pc-finder.co[2].txt
H:\Newer Docs & Sets\Rozzie\Cookies\rozzie@indexstats[2].txt
H:\Newer Docs & Sets\Rozzie\Cookies\rozzie@pc-finder.co[2].txt
H:\Newer Docs & Sets\Rozzie\Cookies\rozzie@www.pc-finder.co[2].txt
H:\Rozzie\Cookies\rozzie@indexstats[2].txt
H:\Rozzie\Cookies\rozzie@pc-finder.co[2].txt
H:\Rozzie\Cookies\rozzie@www.pc-finder.co[2].txt
Trojan.Unknown Origin
C:\WINDOWS\system32\nGpxx01
HKLM\Software\xpre
HKLM\Software\xpre#execount
Adware.VXGame-Trace
HKU\S-1-5-21-73586283-1326574676-839522115-1005\Software\kernelexe
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\ACCDD.INI
C:\WINDOWS\SYSTEM32\ACCDD.INI2
C:\WINDOWS\SYSTEM32\ILKKJ.INI
C:\WINDOWS\SYSTEM32\ILKKJ.INI2
C:\WINDOWS\SYSTEM32\JJJLM.INI
C:\WINDOWS\SYSTEM32\JJJLM.INI2
C:\WINDOWS\SYSTEM32\LLKKJ.INI
C:\WINDOWS\SYSTEM32\LLKKJ.INI2
C:\WINDOWS\SYSTEM32\LNNMP.INI2
C:\WINDOWS\SYSTEM32\MCRH.TMP
C:\WINDOWS\SYSTEM32\RRQSS.INI
C:\WINDOWS\SYSTEM32\VVVWA.INI2
Adware.Vundo-Variant
C:\WINDOWS\SYSTEM32\DDCCA.DLL
C:\WINDOWS\SYSTEM32\SSQRR.DLL
Trace.Known Threat Sources
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\index[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\bottom[2].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i53b_t1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\CAXOO75T.htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\xrest[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\ajax[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\verx[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i701_brd-top-1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\managers[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\errorhandler[2].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\i701_line2[1].jpg
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i701_boton1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\errorhandler[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\niz[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\errorhandler[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\i53b_btn-features[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i701_cor-left-1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\i53b_icon3[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\crypt[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\window[1].js
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\clean[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i53b_bg1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\stats[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\top[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\SDWBGNOV\main_02[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\CASL6F4X.htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i53b_line2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i701_cor-right-1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\AHGZAXI5\recommend[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i53b_icon5[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\styles[5].css
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\ZLGK0BFB\off_2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i701_bg2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\progress[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\i53b_btn-overview[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\index[5].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\stats[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i701_bg3[1].jpg
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\8NKJEV4R\bottom_r_2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\urgent[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\errorhandler[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\AC_RunActiveContent[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\midle[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\QX8BMXM5\styles[2].css
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i53b_boton4[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i53b_btn-purchase[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\spacer[4].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\ajax[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\G92ZKB2T\mark[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CX8VSB4B\bottom_r[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\crypt[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\LO76ZR17\errsnd[1].swf
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CX8VSB4B\bottom_l[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\i53b_brd-top-1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\crypt[2].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\AHGZAXI5\secpan[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i53b_btn-home[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\CAUJABA1.htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\AC_ActiveX[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i53b_line3[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\chec[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i53b_icon1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\ajax[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i53b_btn-download[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\ZLGK0BFB\x[2].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\CA3MKJZH.htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i701_BG[1].jpg
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i701_line1[1].jpg
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i701_brd-bot-1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i701_pc[1].jpg
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i53b_boton2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i53b_brd-bot-1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i701_bg4[1].jpg
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\managers[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i53b_btn-updates[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\managers[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\UR2NQ1UR\alert[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\flash[1].js
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i701_spacer[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\AL6HK9M7\main_06[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\head_r_back[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\LO76ZR17\shield[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i701_line3[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\i701_boton2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\flash_detect[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\M1Q5EV4X\play[1].js
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\UR2NQ1UR\main_10[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\M1Q5EV4X\main_05[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\QX8BMXM5\cross[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\G92ZKB2T\main_07[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\EJ23EDUF\closebutton[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\8NKJEV4R\main_03[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\ban_2[1].swf
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\logo2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\data[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\LO76ZR17\off_back[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\AL6HK9M7\download[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\M1Q5EV4X\main_04[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\popup[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\left_3[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\QX8BMXM5\bottom_l_2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\Z81HJ8WK\right_2[1].gif
  #4  
Old 4th Apr 2008, 19:20
Moderator Group
  
Yes please continue with the rest of the steps. Each step looks for and fixes different threats.
__________________
  #5  
Old 5th Apr 2008, 00:13
Member Group
  
OK Heres the second log..

Malwarebytes' Anti-Malware 1.10
Database version: 592
Scan type: Full Scan (A:\|C:\|D:\|E:\|H:\|I:\|J:\|)
Objects scanned: 336027
Time elapsed: 1 hour(s), 8 minute(s), 1 second(s)
Memory Processes Infected: 5
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
C:\WINDOWS\system32\drivers\ctfmon.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\ctfmon.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Danny\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Danny\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Danny\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s chedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s chedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BMafb2445c (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\rounds[1].jpg (Trojan.Madcode) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B4EDD13F-A6F1-41A1-814E-E5C94DDA45B5}\RP8\A0002994.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iupdate.exe (Trojan.Madcode) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kchkioor.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danny\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roz\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danny\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  #6  
Old 5th Apr 2008, 00:51
Member Group
  
Oh OK I didnt realise I had to post them all together. Sorry guys...Here they are:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2008 at 10:06 PM
Application Version : 4.0.1154
Core Rules Database Version : 3431
Trace Rules Database Version: 1423
Scan type : Complete Scan
Total Scan Time : 01:41:45
Memory items scanned : 703
Memory threats detected : 1
Registry items scanned : 5826
Registry threats detected : 43
File items scanned : 289779
File threats detected : 158
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\MLJJJ.DLL
C:\WINDOWS\SYSTEM32\MLJJJ.DLL
Trojan.WinFixer
HKLM\Software\Classes\CLSID\{09888678-51D6-42FC-9437-CBBFDA0B86EA}
HKCR\CLSID\{09888678-51D6-42FC-9437-CBBFDA0B86EA}
HKCR\CLSID\{09888678-51D6-42FC-9437-CBBFDA0B86EA}\InprocServer32
HKCR\CLSID\{09888678-51D6-42FC-9437-CBBFDA0B86EA}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{6800D574-80D6-4F0F-B6C9-E590AF2F999B}
HKCR\CLSID\{6800D574-80D6-4F0F-B6C9-E590AF2F999B}
HKCR\CLSID\{6800D574-80D6-4F0F-B6C9-E590AF2F999B}\InprocServer32
HKCR\CLSID\{6800D574-80D6-4F0F-B6C9-E590AF2F999B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKKLL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{09888678-51D6-42FC-9437-CBBFDA0B86EA}
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}\InprocServer32
HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\TUVSQPQ.DLL
HKLM\Software\Classes\CLSID\{D85530E8-D39D-49D0-9F36-300D594556D2}
HKCR\CLSID\{D85530E8-D39D-49D0-9F36-300D594556D2}
HKCR\CLSID\{D85530E8-D39D-49D0-9F36-300D594556D2}\InprocServer32
HKCR\CLSID\{D85530E8-D39D-49D0-9F36-300D594556D2}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YAYWUVW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks#{D85530E8-D39D-49D0-9F36-300D594556D2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks#{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
HKCR\CLSID\{D85530E8-D39D-49D0-9F36-300D594556D2}
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\InprocServer32#ThreadingModel
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\ProgID
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\Programmable
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\TypeLib
HKCR\CLSID\{F4F10C1D-87C7-404A-B4B3-000000000000}\VersionIndependentProgID
C:\PROGRA~1\DAP\SBSEARCH.DLL
HKU\S-1-5-21-73586283-1326574676-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks#{F4F10C1D-87C7-404A-B4B3-000000000000}
HKCR\SearchHook.SrchHook.1
HKCR\SearchHook.SrchHook
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\0\win32
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\FLAGS
HKCR\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}\1.0\HELPDIR
Adware.Tracking Cookie
C:\Documents and Settings\Danny\Cookies\danny@serving-sys[1].txt
C:\Documents and Settings\Danny\Cookies\danny@tribalfusion[1].txt
C:\Documents and Settings\Danny\Cookies\danny@doubleclick[1].txt
C:\Documents and Settings\Danny\Cookies\danny@bs.serving-sys[1].txt
C:\Documents and Settings\Danny\Cookies\danny@bs.serving-sys[2].txt
C:\Documents and Settings\Roz\Cookies\roz@ad.yieldmanager[2].txt
C:\Documents and Settings\Roz\Cookies\roz@ad.zanox[1].txt
C:\Documents and Settings\Roz\Cookies\roz@adnetserver[1].txt
C:\Documents and Settings\Roz\Cookies\roz@ads.alpharooms[2].txt
C:\Documents and Settings\Roz\Cookies\roz@ads1.alpharooms[2].txt
C:\Documents and Settings\Roz\Cookies\roz@ads2.alpharooms[1].txt
C:\Documents and Settings\Roz\Cookies\roz@ads3.alpharooms[1].txt
C:\Documents and Settings\Roz\Cookies\roz@ads4.alpharooms[1].txt
C:\Documents and Settings\Roz\Cookies\roz@adultfriendfinder[2].txt
C:\Documents and Settings\Roz\Cookies\roz@gostats[2].txt
C:\Documents and Settings\Roz\Cookies\roz@hornymatches[2].txt
C:\Documents and Settings\Roz\Cookies\roz@indexstats[1].txt
C:\Documents and Settings\Roz\Cookies\roz@indexstats[3].txt
C:\Documents and Settings\Roz\Cookies\roz@linksynergy[1].txt
C:\Documents and Settings\Roz\Cookies\roz@media2.mediafileshost[2].txt
C:\Documents and Settings\Roz\Cookies\roz@statcounter[1].txt
C:\Documents and Settings\Roz\Cookies\roz@statse.webtrendslive[2].txt
C:\Documents and Settings\Roz\Cookies\roz@tracking.summitmedia.co[1].txt
C:\Documents and Settings\Roz\Cookies\roz@webstats.wthosting.co[2].txt
C:\Documents and Settings\Roz\Cookies\roz@www.admedia365[2].txt
C:\Documents and Settings\Roz\Cookies\roz@www.admedia365[3].txt
C:\Documents and Settings\Roz\Cookies\roz@www.hxtrack[2].txt
H:\Documents and Settings\Rozzie\Cookies\rozzie@indexstats[2].txt
H:\Documents and Settings\Rozzie\Cookies\rozzie@pc-finder.co[2].txt
H:\Documents and Settings\Rozzie\Cookies\rozzie@www.pc-finder.co[2].txt
H:\Newer Docs & Sets\Rozzie\Cookies\rozzie@indexstats[2].txt
H:\Newer Docs & Sets\Rozzie\Cookies\rozzie@pc-finder.co[2].txt
H:\Newer Docs & Sets\Rozzie\Cookies\rozzie@www.pc-finder.co[2].txt
H:\Rozzie\Cookies\rozzie@indexstats[2].txt
H:\Rozzie\Cookies\rozzie@pc-finder.co[2].txt
H:\Rozzie\Cookies\rozzie@www.pc-finder.co[2].txt
Trojan.Unknown Origin
C:\WINDOWS\system32\nGpxx01
HKLM\Software\xpre
HKLM\Software\xpre#execount
Adware.VXGame-Trace
HKU\S-1-5-21-73586283-1326574676-839522115-1005\Software\kernelexe
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\ACCDD.INI
C:\WINDOWS\SYSTEM32\ACCDD.INI2
C:\WINDOWS\SYSTEM32\ILKKJ.INI
C:\WINDOWS\SYSTEM32\ILKKJ.INI2
C:\WINDOWS\SYSTEM32\JJJLM.INI
C:\WINDOWS\SYSTEM32\JJJLM.INI2
C:\WINDOWS\SYSTEM32\LLKKJ.INI
C:\WINDOWS\SYSTEM32\LLKKJ.INI2
C:\WINDOWS\SYSTEM32\LNNMP.INI2
C:\WINDOWS\SYSTEM32\MCRH.TMP
C:\WINDOWS\SYSTEM32\RRQSS.INI
C:\WINDOWS\SYSTEM32\VVVWA.INI2
Adware.Vundo-Variant
C:\WINDOWS\SYSTEM32\DDCCA.DLL
C:\WINDOWS\SYSTEM32\SSQRR.DLL
Trace.Known Threat Sources
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\index[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\bottom[2].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i53b_t1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\CAXOO75T.htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\xrest[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\ajax[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\verx[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i701_brd-top-1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\managers[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\errorhandler[2].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\i701_line2[1].jpg
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i701_boton1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\errorhandler[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\niz[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\errorhandler[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\i53b_btn-features[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i701_cor-left-1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\i53b_icon3[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\crypt[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\window[1].js
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\clean[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i53b_bg1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\stats[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\top[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\SDWBGNOV\main_02[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\CASL6F4X.htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i53b_line2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i701_cor-right-1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\AHGZAXI5\recommend[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i53b_icon5[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\styles[5].css
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\ZLGK0BFB\off_2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i701_bg2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\progress[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\i53b_btn-overview[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\index[5].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\stats[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i701_bg3[1].jpg
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\8NKJEV4R\bottom_r_2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\urgent[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\errorhandler[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\AC_RunActiveContent[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\midle[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\QX8BMXM5\styles[2].css
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i53b_boton4[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i53b_btn-purchase[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\spacer[4].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\ajax[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\G92ZKB2T\mark[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CX8VSB4B\bottom_r[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\crypt[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\LO76ZR17\errsnd[1].swf
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CX8VSB4B\bottom_l[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\i53b_brd-top-1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\crypt[2].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\AHGZAXI5\secpan[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i53b_btn-home[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\CAUJABA1.htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\AC_ActiveX[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i53b_line3[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\chec[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i53b_icon1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\ajax[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i53b_btn-download[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\ZLGK0BFB\x[2].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\CA3MKJZH.htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i701_BG[1].jpg
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i701_line1[1].jpg
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i701_brd-bot-1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i701_pc[1].jpg
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i53b_boton2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\i53b_brd-bot-1[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i701_bg4[1].jpg
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\managers[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i53b_btn-updates[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\managers[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\UR2NQ1UR\alert[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\flash[1].js
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\4P6RS5MF\i701_spacer[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\AL6HK9M7\main_06[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\head_r_back[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\LO76ZR17\shield[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\i701_line3[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\i701_boton2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\flash_detect[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\M1Q5EV4X\play[1].js
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\UR2NQ1UR\main_10[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\M1Q5EV4X\main_05[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\QX8BMXM5\cross[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\G92ZKB2T\main_07[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\EJ23EDUF\closebutton[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\8NKJEV4R\main_03[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\ban_2[1].swf
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\logo2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\WTAN0PYF\data[1].htm
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\LO76ZR17\off_back[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\AL6HK9M7\download[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\M1Q5EV4X\main_04[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\W9AJSLIB\popup[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\CTY381ER\left_3[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\QX8BMXM5\bottom_l_2[1].gif
C:\Documents and Settings\Roz\Local Settings\Temporary Internet Files\Content.IE5\Z81HJ8WK\right_2[1].gif



Malwarebytes' Anti-Malware 1.10
Database version: 592
Scan type: Full Scan (A:\|C:\|D:\|E:\|H:\|I:\|J:\|)
Objects scanned: 336027
Time elapsed: 1 hour(s), 8 minute(s), 1 second(s)
Memory Processes Infected: 5
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
C:\WINDOWS\system32\drivers\ctfmon.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\ctfmon.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Danny\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Danny\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Danny\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s chedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s chedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BMafb2445c (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\rounds[1].jpg (Trojan.Madcode) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B4EDD13F-A6F1-41A1-814E-E5C94DDA45B5}\RP8\A0002994.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iupdate.exe (Trojan.Madcode) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kchkioor.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danny\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roz\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danny\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:45:34, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\sjmxcfmu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (file missing)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 10856 bytes

Many thanks
  #7  
Old 5th Apr 2008, 01:27
Moderator Group
  
Looks like there was a lot removed, there are still some questionable entries in the Hijackthis log so we need to run some different tools.

Download Vundofix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • When VundoFix opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish, sometimes it can take multiple passes

----------

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard).
  • Finally add the contents of the Report.txt in your next post.
----------

Now run a new Hijackthis scan and post lot log along with the others.

Also let me know how things are now.
__________________
  #8  
Old 5th Apr 2008, 02:23
Member Group
  
OK Next two.

VundoFix V7.0.3
Scan started at 10:07:05 05/04/2008
Listing files found while scanning....
C:\WINDOWS\system32\anthkpru.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\anthkpru.dll
C:\WINDOWS\system32\anthkpru.dll Has been deleted!
Performing Repairs to the registry.
Done!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:53, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\sjmxcfmu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (file missing)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 10853 bytes
  #9  
Old 5th Apr 2008, 02:36
Moderator Group
  
SDFix log?
__________________
  #10  
Old 5th Apr 2008, 02:51
Member Group
  
OK SDFix and latest sniper:

Cheers

SDFix: Version 1.166
Run by Danny on 05/04/2008 at 10:38
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix\SDFix
Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\WINDOWS\Temp\1852.tmp.lst - Deleted
C:\WINDOWS\Temp\2723.tmp.lst - Deleted
C:\WINDOWS\Temp\2F76.tmp.lst - Deleted
C:\WINDOWS\Temp\541A.tmp.lst - Deleted
C:\WINDOWS\Temp\580D.tmp.lst - Deleted
C:\WINDOWS\Temp\6E54.tmp.lst - Deleted
C:\WINDOWS\fetchuserid.exe - Deleted

Folder C:\Program Files\drmupgds - Removed

Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 10:44:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\ICQ\\Icq.exe"="C:\\Program Files\\ICQ\\Icq.exe:*:Enabled:ICQ"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="D:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\ system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Ubisoft\\Gearbox Software\\BrothersInArmsEiB\\System\\EiB.exe"="C:\ \Program Files\\Ubisoft\\Gearbox Software\\BrothersInArmsEiB\\System\\EiB.exe:*:Ena bled:Brothers In Arms Earned In Blood"
"C:\\Valve\\Condition Zero\\czero.exe"="C:\\Valve\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\\Program Files\\Java\\jre1.6.0_04\\bin\\javaw.exe"="C:\\Pro gram Files\\Java\\jre1.6.0_04\\bin\\javaw.exe:*:Enabled :Java(TM) Platform SE binary"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoA ccelerator"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Prog ram Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled: VideoAcceleratorService"
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Pro gram Files\\Java\\jre1.6.0_05\\bin\\javaw.exe:*:Enabled :Java(TM) Platform SE binary"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :

File Backups: - C:\sdfix\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 5 Feb 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 28 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!

and

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:43, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\sjmxcfmu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (file missing)
O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 11044 bytes
Reply
Page 1 of 5 1 2345

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.