Help with computer!! - Free Antivirus Forum

Help with computer!!

BullGuard Antivirus Forum > Virus Removal > Removal Help > Help with computer!!

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Casey17648
New Member

Date Joined Sep 2006
Total Posts : 13

Posted 6-20-2007 3:14 (GMT +1)

Somebody said...
Logfile of HijackThis v1.99.1
Scan saved at 8:11:44 PM, on 6/19/2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
E:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
E:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
E:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\AIM\aim.exe
E:\PROGRA~2\SSTEM3~1\explorer.exe
E:\Program Files (x86)\DAEMON Tools\daemon.exe
E:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files (x86)\AGLOCO Viewbar\Viewbar.exe
E:\WINDOWS\SysWOW64\ctfmon.exe
E:\Program Files (x86)\Microsoft AntiSpyware\gcasDtServ.exe
E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
E:\WINDOWS\SysWOW64\HPZipm12.exe
E:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Administrator\Desktop\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 65.14.123.238:80
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - E:\WINDOWS\SysWow64\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - E:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: (no name) - {9BCADA28-67FB-4236-B541-97316282C5E1} - E:\WINDOWS\SysWow64\wdllfuf-32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files (x86)\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C45E1939-D0DC-DD55-887C-8BADA9E22395} - E:\WINDOWS\SysWow64\avkcbgkv.dll
O2 - BHO: (no name) - {F6429848-E4B3-4445-B024-AFE3771E7CEC} - E:\Program Files (x86)\MSN Gaming Zone\mecor.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files (x86)\google\googletoolbar3.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - E:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files (x86)\AOL Toolbar\toolbar.dll
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - E:\Program Files (x86)\OIN Search\OINSearch.dll
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files (x86)\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [w378a393.dll] RUNDLL32.EXE w378a393.dll,I2 000d10530378a393
O4 - HKLM\..\Run: [xuqmofnA] E:\WINDOWS\xuqmofnA.exe
O4 - HKLM\..\Run: [errorhandler] E:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [w06ed72e.dll] RUNDLL32.EXE w06ed72e.dll,I2 000d1053006ed72e
O4 - HKLM\..\Run: [sys028026695616] E:\WINDOWS\sys028026695616.exe
O4 - HKLM\..\Run: [gvtkvosd] E:\WINDOWS\SysWow64\gvtkvosd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Internet] E:\WINDOWS\SysWow64\
O4 - HKLM\..\Run: [UVS10 Preload] "E:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 10\uvPL.exe"
O4 - HKLM\..\Run: [Viewbar] "E:\Program Files (x86)\AGLOCO Viewbar\Viewbar.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Internet] E:\WINDOWS\system32\
O4 - HKLM\..\RunOnce: [SpybotDeletingA6577] command /c del "E:\WINDOWS\system32\vcmgcd32.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5837] cmd /c del "E:\WINDOWS\system32\vcmgcd32.dll_tobedeleted_old"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [EQAdvice] "E:\Program Files (x86)\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [PECarlin] "E:\Program Files (x86)\PECarlin\PECarlin.exe"
O4 - HKCU\..\Run: [irssyncd] E:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [gvtkvosd] E:\WINDOWS\SysWow64\gvtkvosd.exe
O4 - HKCU\..\Run: [Stit] "E:\PROGRA~2\SSTEM3~1\explorer.exe" -vt yazr
O4 - HKCU\..\Run: [Isaps] "E:\WINDOWS\s?stem32\userinit.exe" 99001275
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8794] command /c del "E:\WINDOWS\system32\vcmgcd32.dll_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1474] cmd /c del "E:\WINDOWS\system32\vcmgcd32.dll_tobedeleted_old"
O4 - Startup: Adobe Gamma.lnk = E:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://E:\Program Files (x86)\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://e:\program files (x86)\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program files (x86)\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files (x86)\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files (x86)\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all by NetXfer - E:\Program Files (x86)\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - E:\Program Files (x86)\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://E:\Program Files (x86)\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O8 - Extra context menu item: Similar Pages - res://e:\program files (x86)\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files (x86)\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.6.9/cab/aolpPlugins.10.6.0.4.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182297713765
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flash.7sultans.com/7sultans/FlashAX2.cab
O20 - AppInit_DLLs: inicfg32.dll,e:\windows\system32\syst1t.dll ping.dll
O20 - Winlogon Notify: dimsntfy - E:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - E:\WINDOWS\SYSTEM32\sclgntfy.dll
O20 - Winlogon Notify: Themes - E:\WINDOWS\system32\bDtmeter.dll (file missing)
O21 - SSODL: IEFilter - {5A69C4C9-93AA-4972-A0D1-1171AEB7895F} - E:\WINDOWS\SysWow64\IEFilter.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - E:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - E:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Fax - Unknown owner - E:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - E:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - E:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - E:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - E:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - E:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - E:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - E:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - E:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Computer has been acting wierd for a while. I have some virus that I can't figure out. Every time I open up Internet Explorer a prompt will pop up saying it is installing Adobe Acrobat. Sometimes it does it even without Internet Explorer opening. I already ran Spybot Search and Destroy and it found 209 problems...and I am still having this problem.

Thanks

Post Edited (Casey17648) : 20-06-2007 03:44:38 GMT

Casey17648
New Member

Date Joined Sep 2006
Total Posts : 13

Posted 6-20-2007 4:43 (GMT +1)

Any ideas?! I am running Dr. Web Cureit right now.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14295

Posted 6-20-2007 7:59 (GMT +1)

Hi and welcome smile

Click here - ->> Before posting a log

After You have run the scan tools -

Reboot normally

Post AVG Antispyware log along with hijackthis log, rootchk log

in this thread and tell how things are running

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

Casey17648
New Member

Date Joined Sep 2006
Total Posts : 13

Posted 6-22-2007 3:58 (GMT +1)

HijackThis said...
Logfile of HijackThis v1.99.1
Scan saved at 8:52:26 PM, on 6/21/2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
E:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
E:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
E:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files (x86)\Bonjour\mDNSResponder.exe
E:\WINDOWS\SysWOW64\HPZipm12.exe
E:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
E:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\AIM\aim.exe
E:\PROGRA~2\SSTEM3~1\explorer.exe
E:\Program Files (x86)\DAEMON Tools\daemon.exe
E:\WINDOWS\SysWOW64\ctfmon.exe
E:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files (x86)\Microsoft AntiSpyware\gcasDtServ.exe
E:\Program Files (x86)\Safari\Safari.exe
E:\Program Files (x86)\Safari\Safari.exe
E:\Documents and Settings\Administrator\Desktop\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 65.14.123.238:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - E:\WINDOWS\SysWow64\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {613B49F4-D51A-DB9C-4B60-8A8DCB2485C2} - E:\WINDOWS\SysWow64\qnm.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - E:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: (no name) - {9BCADA28-67FB-4236-B541-97316282C5E1} - E:\WINDOWS\SysWow64\wdllfuf-32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files (x86)\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F6429848-E4B3-4445-B024-AFE3771E7CEC} - E:\Program Files (x86)\MSN Gaming Zone\mecor.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files (x86)\google\googletoolbar3.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - E:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files (x86)\AOL Toolbar\toolbar.dll
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - E:\Program Files (x86)\OIN Search\OINSearch.dll
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files (x86)\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [w378a393.dll] RUNDLL32.EXE w378a393.dll,I2 000d10530378a393
O4 - HKLM\..\Run: [xuqmofnA] E:\WINDOWS\xuqmofnA.exe
O4 - HKLM\..\Run: [errorhandler] E:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [w06ed72e.dll] RUNDLL32.EXE w06ed72e.dll,I2 000d1053006ed72e
O4 - HKLM\..\Run: [sys028026695616] E:\WINDOWS\sys028026695616.exe
O4 - HKLM\..\Run: [gvtkvosd] E:\WINDOWS\SysWow64\gvtkvosd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Internet] E:\WINDOWS\SysWow64\
O4 - HKLM\..\Run: [UVS10 Preload] "E:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 10\uvPL.exe"
O4 - HKLM\..\Run: [Viewbar] "E:\Program Files (x86)\AGLOCO Viewbar\Viewbar.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Internet] E:\WINDOWS\system32\
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [EQAdvice] "E:\Program Files (x86)\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [PECarlin] "E:\Program Files (x86)\PECarlin\PECarlin.exe"
O4 - HKCU\..\Run: [irssyncd] E:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [gvtkvosd] E:\WINDOWS\SysWow64\gvtkvosd.exe
O4 - HKCU\..\Run: [Stit] "E:\PROGRA~2\SSTEM3~1\explorer.exe" -vt yazr
O4 - HKCU\..\Run: [Isaps] "E:\WINDOWS\s?stem32\userinit.exe" 99001275
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = E:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://E:\Program Files (x86)\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://e:\program files (x86)\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program files (x86)\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files (x86)\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files (x86)\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all by NetXfer - E:\Program Files (x86)\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - E:\Program Files (x86)\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://E:\Program Files (x86)\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O8 - Extra context menu item: Similar Pages - res://e:\program files (x86)\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files (x86)\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: e:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.6.9/cab/aolpPlugins.10.6.0.4.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182297713765
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://flash.7sultans.com/7sultans/FlashAX2.cab
O20 - AppInit_DLLs: inicfg32.dll,e:\windows\system32\syst1t.dll ping.dll
O20 - Winlogon Notify: dimsntfy - E:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - E:\WINDOWS\SYSTEM32\sclgntfy.dll
O20 - Winlogon Notify: Themes - E:\WINDOWS\system32\bDtmeter.dll (file missing)
O21 - SSODL: IEFilter - {5A69C4C9-93AA-4972-A0D1-1171AEB7895F} - E:\WINDOWS\SysWow64\IEFilter.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - E:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - E:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - E:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Fax - Unknown owner - E:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - E:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - E:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - E:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - E:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - E:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - E:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - E:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - E:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

AVG said...

I have removed AVG log, it was huge shocked

rootchk said...
********************************* ROOTCHK-()-LOG, by ejvindh
Thu 06/21/2007 20:51:47.26

I know AVG says it ignored everything, but I saved the log file before I deleted the files so I didn't ignore them. I am still getting the Adobe Acrobat thing every time I click on Internet Explorer. It says "Preparing to install..." and then I hit cancel and it keeps popping up and I keep hitting cancel and finally it closes and some ads pop up. Any ideas?

Thanks

Post Edited By Moderator (Touch) : 22-06-2007 09:21:14 GMT

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14295

Posted 6-22-2007 10:24 (GMT +1)

I´ll post a fix asap. Unfortunately it seems to be a problem with the server right now

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14295

Posted 6-22-2007 10:24 (GMT +1)

It´s not optimal shakehead

Copy the links up in the adress bar in Your browser, then hit Enter

Please download free Trial of Superantispyware
http://www.superantispyware.com/superantispywarefreevspro.html

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program

Download and install DrWebCureit:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
http://spywareinfo.dk/download/drweb-cureit.exe

to your desktop.

Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the green screwdriver-
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select -Delete
Click on the drive(s) you want to scan . A red dot will mark the selected drive(s) . Then hit the green arrow in lower right corner It will now scan your drive(s), say yes to all

After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.

Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Start Superantispyware/rightclick on the black/yellow bug in tray.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,
it will scan now. When scan have finished, put a checkmark with all items it found. Next, after cleaning, allow it to Reboot

Start Superantispyware again –
Click Preferences and then click the statistics/logs tab.
Click the dated log and press view log and a text file will appear.

Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running ?

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

Casey17648
New Member

Date Joined Sep 2006
Total Posts : 13

Posted 6-23-2007 5:30 (GMT +1)

Dr. Web Cureit is still running...and while it was running the Acrobat thing popped up again. Any way, I know I should wait until the scan is done but I noticed that when the ad popped up, in the address bar it said "oinad" and I don't remember the rest. Does this help at all?

Thanks

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14295

Posted 6-23-2007 5:38 (GMT +1)

Sounds like it help, as You have a oin/outerinfo infection

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

Casey17648
New Member

Date Joined Sep 2006
Total Posts : 13

Posted 6-24-2007 9:36 (GMT +1)

SUPERAntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/24/2007 at 01:47 AM

Application Version : 3.8.1002

Core Rules Database Version : 3260
Trace Rules Database Version: 1271

Scan type : Complete Scan
Total Scan Time : 02:21:00

Memory items scanned : 255
Memory threats detected : 0
Registry items scanned : 6270
Registry threats detected : 38
File items scanned : 218395
File threats detected : 388

Adware.Tracking Cookie
E:\Documents and Settings\Administrator\Cookies\administrator@atdmt.txt
E:\Documents and Settings\Administrator\Cookies\administrator@superstats.txt
E:\Documents and Settings\Administrator\Cookies\administrator@ads.realtechnetwork.txt
E:\Documents and Settings\Administrator\Cookies\administrator@empornium.txt
E:\Documents and Settings\Administrator\Cookies\administrator@ads.addesktop.txt
E:\Documents and Settings\Administrator\Cookies\administrator@adbrite.txt
E:\Documents and Settings\Administrator\Cookies\administrator@specificclick.txt
E:\Documents and Settings\Administrator\Cookies\administrator@cbs.112.2o7.txt
E:\Documents and Settings\Administrator\Cookies\administrator@revsci.txt
E:\Documents and Settings\Administrator\Cookies\administrator@sexuality.about.txt
E:\Documents and Settings\Administrator\Cookies\administrator@mb.txt
E:\Documents and Settings\Administrator\Cookies\administrator@34292599.txt
E:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7.txt
E:\Documents and Settings\Administrator\Cookies\administrator@perf.overture.txt
E:\Documents and Settings\Administrator\Cookies\administrator@2o7.txt
E:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion.txt
E:\Documents and Settings\Administrator\Cookies\administrator@entrepreneur.122.2o7.txt
E:\Documents and Settings\Administrator\Cookies\administrator@login.revenueloop.txt
E:\Documents and Settings\Administrator\Cookies\administrator@citi.bridgetrack.txt
E:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon.txt
E:\Documents and Settings\Administrator\Cookies\administrator@entrepreneur.txt
E:\Documents and Settings\Administrator\Cookies\administrator@overture.txt
E:\Documents and Settings\Administrator\Cookies\administrator@htmlgear.tripod.txt
E:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin.txt
E:\Documents and Settings\Administrator\Cookies\administrator@marketlive.122.2o7.txt
E:\Documents and Settings\Administrator\Cookies\administrator@ad.outerinfo.txt
E:\Documents and Settings\Administrator\Cookies\administrator@gtmedia.us.intellitxt.txt
E:\Documents and Settings\Administrator\Cookies\administrator@atwola.txt
E:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4.txt
E:\Documents and Settings\Administrator\Cookies\administrator@serving.rpowermedia.txt
E:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin.txt
E:\Documents and Settings\Administrator\Cookies\administrator@track.pharmaday.txt
E:\Documents and Settings\Administrator\Cookies\administrator@nextag.txt
E:\Documents and Settings\Administrator\Cookies\administrator@sportingnews.122.2o7.txt
E:\Documents and Settings\Administrator\Cookies\administrator@interclick.txt
E:\Documents and Settings\Administrator\Cookies\administrator@www.gamestracker.co.txt
E:\Documents and Settings\Administrator\Cookies\administrator@doubleclick.txt
E:\Documents and Settings\Administrator\Cookies\administrator@server.lon.liveperson.txt
E:\Documents and Settings\Administrator\Cookies\administrator@questionmarket.txt
E:\Documents and Settings\Administrator\Cookies\administrator@itxt.vibrantmedia.txt
E:\Documents and Settings\Administrator\Cookies\administrator@track.bestbuy.txt
E:\Documents and Settings\Administrator\Cookies\administrator@trafficmp.txt
E:\Documents and Settings\Administrator\Cookies\administrator@serving-sys.txt
E:\Documents and Settings\Administrator\Cookies\administrator@ad.txt
E:\Documents and Settings\Administrator\Cookies\administrator@1068284050.txt
E:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson.txt
E:\Documents and Settings\Administrator\Cookies\administrator@adserver.adreactor.txt
E:\Documents and Settings\Administrator\Cookies\administrator@www.jackpotmadness.txt
E:\Documents and Settings\Administrator\Cookies\administrator@mediaplex.txt
E:\Documents and Settings\Administrator\Cookies\administrator@advertising.txt
E:\Documents and Settings\Administrator\Cookies\administrator@LPpacificsunwear.txt
E:\Documents and Settings\Administrator\Cookies\administrator@ad1.clickhype.txt
E:\Documents and Settings\Administrator\Cookies\administrator@web-stat.txt
E:\Documents and Settings\Administrator\Cookies\administrator@tripod.txt
E:\Documents and Settings\Administrator\Cookies\administrator@21375168.txt
E:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll.txt
E:\Documents and Settings\Administrator\Cookies\administrator@da-tracking.txt
E:\Documents and Settings\Administrator\Cookies\administrator@zedo.txt
E:\Documents and Settings\Administrator\Cookies\administrator@adinterax.txt
E:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager.txt
E:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet.txt
E:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick.txt
E:\Documents and Settings\Administrator\Cookies\administrator@anat.tacoda.txt
E:\Documents and Settings\Administrator\Cookies\administrator@mb.txt
E:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick.txt
E:\Documents and Settings\Administrator\Cookies\administrator@1072393568.txt
E:\Documents and Settings\Administrator\Cookies\administrator@ar.atwola.txt
E:\Documents and Settings\Administrator\Cookies\administrator@angelus777.mx.tripod.txt
E:\Documents and Settings\Administrator\Cookies\administrator@247realmedia.txt
E:\Documents and Settings\Administrator\Cookies\administrator@tacoda.txt
E:\Documents and Settings\Administrator\Cookies\administrator@anad.tacoda.txt
E:\Documents and Settings\Administrator\Cookies\administrator@realmedia.txt
E:\Documents and Settings\Administrator\Cookies\administrator@adserver.txt
E:\Documents and Settings\Administrator\Cookies\administrator@1070027514.txt
E:\Documents and Settings\Administrator\Cookies\administrator@ads.cnn.txt
E:\Documents and Settings\Administrator\Cookies\administrator@azjmp.txt
E:\Documents and Settings\Administrator\Cookies\administrator@cz8.clickzs.txt
E:\Documents and Settings\Administrator\Cookies\administrator@mb.txt
E:\Documents and Settings\Administrator\Cookies\administrator@www.clicktorrent.txt
E:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox.txt
E:\Documents and Settings\Administrator\Cookies\administrator@yadro.txt
E:\Documents and Settings\Administrator\Cookies\administrator@qksrv.txt
E:\Documents and Settings\Administrator\Cookies\administrator@as-us.falkag.txt
E:\Documents and Settings\Administrator\Cookies\administrator@electronicarts.112.2o7.txt
E:\Documents and Settings\Administrator\Cookies\administrator@entrepreneur.us.intellitxt.txt
E:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys.txt
E:\Documents and Settings\Administrator\Cookies\administrator@66702201.txt
E:\Documents and Settings\Administrator\Cookies\administrator@2.adbrite.txt
E:\Documents and Settings\Administrator\Cookies\administrator@54341825.txt
E:\Documents and Settings\Administrator\Cookies\administrator@rocku.adbureau.txt
E:\Documents and Settings\Administrator\Cookies\administrator@1071769317.txt
E:\Documents and Settings\Administrator\Cookies\administrator@clicks.emarketmakers.txt
E:\Documents and Settings\Administrator\Cookies\administrator@divx.112.2o7.txt
E:\Documents and Settings\Administrator\Cookies\administrator@findwhat.txt
E:\Documents and Settings\Administrator\Cookies\administrator@onlinerewardcenter.txt
E:\Documents and Settings\Administrator\Cookies\administrator@1.affiliateclicks.txt
E:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler.txt
E:\Documents and Settings\Administrator\Cookies\administrator@hollywoodentertainment.122.2o7.txt
E:\Documents and Settings\Administrator\Cookies\administrator@burstnet.txt
E:\Documents and Settings\Administrator\Cookies\administrator@www.xctrk.txt
E:\Documents and Settings\Administrator\Cookies\administrator@clicktorrent.txt
E:\Documents and Settings\Administrator\Cookies\administrator@redorbit.txt
E:\Documents and Settings\Administrator\Cookies\administrator@media.hotels.txt
E:\Documents and Settings\Administrator\Cookies\administrator@70668281.txt
E:\Documents and Settings\Administrator\Cookies\administrator@keywordmax.txt
E:\Documents and Settings\Administrator\Cookies\administrator@ads.web.aol.txt
E:\Documents and Settings\Administrator\Cookies\administrator@toplist.txt
E:\Documents and Settings\Administrator\Cookies\administrator@gamestracker.uk.intellitxt.txt
E:\Documents and Settings\Administrator\Cookies\administrator@adv.webmd.txt
E:\Documents and Settings\Administrator\Cookies\administrator@divx.adbureau.txt
E:\Documents and Settings\Administrator\Cookies\administrator@184905.txt
E:\Documents and Settings\Administrator\Cookies\administrator@metacafe.122.2o7.txt
E:\Documents and Settings\Administrator\Cookies\administrator@tracking.summitmedia.co.txt
C:\Documents and Settings\Hell\Cookies\hell@ads.gorillanation.txt
C:\Documents and Settings\Hell\Cookies\hell@ads.orsm.txt
C:\Documents and Settings\Hell\Cookies\hell@ads.pricescan.txt
C:\Documents and Settings\Hell\Cookies\hell@adverts.digitalspy.co.txt
C:\Documents and Settings\Hell\Cookies\hell@atwola.txt
C:\Documents and Settings\Hell\Cookies\hell@clickfrom.buy.txt
C:\Documents and Settings\Hell\Cookies\hell@creativeby.viewpoint.txt
C:\Documents and Settings\Hell\Cookies\hell@nextag.txt
C:\Documents and Settings\Hell\Cookies\hell@streamit.hardwarezone.txt
C:\Documents and Settings\Hell\Cookies\hell@tracking.txt
C:\Documents and Settings\Hell\Cookies\hell@usnews.vibrantmedia.txt
C:\Documents and Settings\Hell\Cookies\hell@www.adultdvdemporium.txt
C:\Documents and Settings\Hell\Cookies\hell@www.adultdvdtalk.txt
C:\Documents and Settings\Hell\Cookies\hell@www.partypoker.txt
C:\Documents and Settings\Hell\Local Settings\Temp\Cookies\hell@atwola.txt
C:\Documents and Settings\Server11\Cookies\server11@atwola.txt
C:\Documents and Settings\Slave\Cookies\slave@ads.stileproject.txt
C:\Documents and Settings\Slave\Cookies\slave@adv.webmd.txt
C:\Documents and Settings\Slave\Cookies\slave@atwola.txt
C:\Documents and Settings\Slave\Cookies\slave@focalex.txt
C:\Documents and Settings\Slave\Cookies\slave@media.txt
C:\Documents and Settings\Slave\Cookies\slave@www.hotsexxxlinks.txt
C:\Documents and Settings\Slave\Cookies\slave@www.pornstudsearch.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@ads.cdfreaks.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@ads.ecomplanet.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@ads.stileproject.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@ads.techtv.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@adv.webmd.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@audit.median.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@counter.sparklit.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@cracks.thebugs.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@macromedia.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@mediamgr.ugo.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@media.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@media.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@metareward.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@nextag.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@oddcast.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@sex2go.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@stats.klsoft.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@superstats.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@tracking.cashpartner.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@vhost.oddcast.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@windowsmedia.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@www.nextag.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@www.partsexpress.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@www.sex2go.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@www.stilemedia.txt
C:\Documents and Settings\Steve Markson\Cookies\steve markson@xiti.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@ads.as4x.tmcs.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@adv.webmd.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@adx.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@click.absoluteagency.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@clicks.asianamateurpages.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@directtrack.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@teenpeople.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@windowsmedia.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@www.sexy-photos.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@www.stilemedia.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@www.teenpeople.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@xiti.txt
D:\Documents and Settings\LIMPJUNK\Cookies\limpjunk@youcansave.directtrack.txt
E:\Documents and Settings\Administrator\Cookies\administrator@Click87.txt
E:\Documents and Settings\Administrator\Cookies\administrator@track.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adknowledge.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.1001skins.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.clubplanet.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.ussearch.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ath.belnk.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@banner.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@belnk.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@dist.belnk.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@empornium.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@media.putfile.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@www.euros4click.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@www.xxx-tracker.txt
E:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@xxxbookies.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@a.websponsors.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@ad.reunion.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@adinterax.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@adknowledge.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@adprofile.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@ads.abcteach.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@ads.belointeractive.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@ads.cc214142.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@ads.contactmusic.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@ads.digitalpoint.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@ads.ft.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@ads.ussearch.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@ads.vnuemedia.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@adsense.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@ath.belnk.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@atwola.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@banner.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@belnk.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@cassava.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@clickaudit.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@coolsavings.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@crack!!!!!confessions.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@creativeby.viewpoint.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@dist.belnk.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@experclick.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@gostats.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@icc.intellisrv.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@intellisrv.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@itnnetmedia.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@kwpop.webstats.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@media1.washingtontechnology.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@mediats.lostfrog.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@metareward.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@nextag.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@oddcast.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@partner2profit.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@qnsr.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@rightmedia.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@usenext.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@vhost.oddcast.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@www.oddcast.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@www.screensavers.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@www.usenext.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@www.webstats.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@www.winantiviruspro.txt
E:\Documents and Settings\Administrator\My Documents\download\brock2001\cholzer.CANYONCREEK.001\Cookies\cholzer@xiti.txt

Adware.180solutions/ZangoSearch
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/SAIX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/SAIX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/SAIX.dll#{DECEAAA2-370A-49BB-9362-68C3A58DDC62}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#E:\WINDOWS\Downloaded Program Files\SAIX.dll [ ]

Adware.WebNexus
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{886DDE35-E585-11D0-A707-000000521958}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{886DDE35-E585-11D0-A707-000000521958}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{886DDE35-E585-11D0-A707-000000521958}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{886DDE35-E585-11D0-A707-000000521958}\Contains
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{886DDE35-E585-11D0-A707-000000521958}\Contains\Files
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{886DDE35-E585-11D0-A707-000000521958}\Contains\Files#E:\WINDOWS\wupdt.exe
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{886DDE35-E585-11D0-A707-000000521958}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{886DDE35-E585-11D0-A707-000000521958}\DownloadInformation#CODEBASE
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{886DDE35-E585-11D0-A707-000000521958}\DownloadInformation#INF
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{886DDE35-E585-11D0-A707-000000521958}\InstalledVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{886DDE35-E585-11D0-A707-000000521958}\InstalledVersion#LastModified

Adware.MediaMotor
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#E:\WINDOWS\Downloaded Program Files\amm06.ocx [ ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#E:\WINDOWS\System32\safe.tlb [ ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/amm06.ocx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/amm06.ocx#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/amm06.ocx#{5526B4C6-63D6-41A1-9783-0FABF529859A}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/System32/safe.tlb
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/System32/safe.tlb#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/System32/safe.tlb#{5526B4C6-63D6-41A1-9783-0FABF529859A}
E:\WINDOWS\Downloaded Program Files\amm06.inf
E:\WINDOWS\System32\safe.tlb

Trojan.Malware
C:\asdf.txt

Adware.NewAds1/EQAdvice
E:\Program Files (x86)\EQAdvice\sf.txt
E:\Program Files (x86)\EQAdvice\Uninstall.exe
E:\Program Files (x86)\EQAdvice
HKU\S-1-5-21-3787675391-3776198437-4134780848-500\Software\EQAdvice
HKU\S-1-5-21-3787675391-3776198437-4134780848-500\Software\Microsoft\Windows\CurrentVersion\Run#EQAdvice [ "E:\Program Files (x86)\EQAdvice\EQAdvice.exe" ]

Adware.ErrorHandler
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#errorhandler [ E:\WINDOWS\errorhandler.exe ]

Adware.FullContext
HKU\S-1-5-21-3787675391-3776198437-4134780848-500\Software\Microsoft\Windows\CurrentVersion\Run#PECarlin [ "E:\Program Files (x86)\PECarlin\PECarlin.exe" ]

Trojan.SVCHostSYS
E:\Program Files (x86)\Common Files\svchostsys
E:\Program Files (x86)\Common Files\simtest

Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
E:\Program Files (x86)\Outerinfo\outerinfo.ico
E:\Program Files (x86)\Outerinfo\Terms.rtf
E:\Program Files (x86)\Outerinfo
E:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Terms.lnk
E:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Uninstall.lnk
E:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\OIUNINSTALLER.EXE
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\OIUNINSTALLER.EXE

Trojan.IEFilterSpy
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#IEFilter [ {5A69C4C9-93AA-4972-A0D1-1171AEB7895F} ]

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\MEDIUM !!!!IN\LOCAL SETTINGS\TEMP\S40O.5.EXE
C:\DOCUMENTS AND SETTINGS\MEDIUM !!!!IN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\W7UNM7U9\EBO_1.0.3.9.EXE
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\S1DO.8.EXE
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\S3L8.9.EXE

Malware.SystemDoctor
C:\DOCUMENTS AND SETTINGS\MEDIUM !!!!IN\LOCAL SETTINGS\TEMP\SYSTEMDOCTORFREESETUP.EXE

Adware.SurfSideKick
C:\DOCUMENTS AND SETTINGS\MEDIUM !!!!IN\LOCAL SETTINGS\TEMP\U8A.BAT
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\U24.BAT
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\U502.BAT

Adware.ClickSpring/Yazzle
C:\DOCUMENTS AND SETTINGS\MEDIUM !!!!IN\LOCAL SETTINGS\TEMP\YAZZLEBUNDLE-1281.EXE
C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE\YAZZLE1275OINADMIN.EXE
E:\PROGRAM FILES (X86)\COMMON FILES\YAZZLE1275OINUNINSTALLER.EXE
E:\WINDOWS\Prefetch\YAZZLE1275OINUNINSTALLER.EXE-217BFF6B.pf

Trojan.ZenoSearch
C:\DOCUMENTS AND SETTINGS\MEDIUM !!!!IN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WJ0BUFO3\ES.EXE

Browser Hijacker.Deskbar
C:\DOCUMENTS AND SETTINGS\MEDIUM !!!!IN\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WJ6NW7OP\DESKBAR_E.EXE

Adware.AdRotate-Uninstaller
C:\WINDOWS\SYSTEM32\ADROT-UNINST.EXE

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINPFG32.SYS

Browser Hijacker.Favorites
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\CLICK TO FIND AND FIX ERRORS.URL
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\DESKTOP\DESKTOP6\CLICK TO FIND AND FIX ERRORS.URL

Unclassified.Unknown Origin
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\DESKTOP\DESKTOP6\DESKTOP2\DESKTOP\NERO.6.6.0.8.INCL.KEYGEN-ORION\AHEAD.NERO.BURNING.ROM.V6.6.0.8.KEYMAKER.ONLY\KEYGEN.EXE

Trojan.Downloader-Gen/Update
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE\!UPDATE.EXE

Trojan.CUpdater
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE\SVCHOSTUPDATE.EXE

Trojan.Downloader-AUPD
E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\AUPD.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\WJ6NW7OP\logo.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\1OP17DPR\logo.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\YT2985IH\ico1.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\Y3OVD6J2\box4.png
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\Y3OVD6J2\box1c.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\1OP17DPR\yes.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\PKS3HTCD\ico5.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\PKS3HTCD\button_download.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\1OP17DPR\bar.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\OZJFE8D5\ico3.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\Y3OVD6J2\ico1.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\473VQW1T\scanner.htm
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\W7UNM7U9\client_settings_3.bin
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\WJ6NW7OP\new-edition-label.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\Y3OVD6J2\win-c.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\IJ09QTOF\box6.png
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\IJ09QTOF\ctxad-479.0000
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\Y3OVD6J2\ico4.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\PKS3HTCD\bkg3.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\WJ0BUFO3\tsupdate2.php
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\Y3OVD6J2\ico3.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\PKS3HTCD\no.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\STYFOXMJ\affupdate2.php
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\1OP17DPR\top_pic2.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\O74NMPKN\ctxad-479.0001
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\MZE7MT6J\ctxad-479.0006
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\1OP17DPR\div.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\Y3OVD6J2\ico2.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\Y3OVD6J2\bg_header.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\MZE7MT6J\ico2.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\WJ0BUFO3\ctxad-479.0003
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\PKS3HTCD\bkg7.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\S9QNK1U7\ctxad-479.0002
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\QDI169SR\ctxad-477.0001
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\QDI169SR\ctxad-479.sig
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\JWTH7O8K\ctxad-477.0005
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\IPE589CN\ctxad-477.0003
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\W7UNM7U9\CAC9E78D.php
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\QDI169SR\ctxad-477.0002
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\O74NMPKN\index[6].htm
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\MZE7MT6J\solution.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\IHO5Q9CL\page.screenshot.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\IJ09QTOF\ctxad-480.0006
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\2HNO54FA\main.shadow.btm.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\222HTD0Q\scan.bg.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\O74NMPKN\ctxad-477.0004
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\QDI169SR\icon.arrow.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\222HTD0Q\scan.txt.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\I9GZE565\ctxad-480.sig
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\STYFOXMJ\index3.htm
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\S9QNK1U7\styler.css
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\IHO5Q9CL\main.shadow.top.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\WJ0BUFO3\ctxad-477.sig
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\M9SZ0BYJ\button.download.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\IHO5Q9CL\ctxad-477.0006
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\MZE7MT6J\ctxad-494.sig
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\ODSDUZST\scan.bar.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\S9QNK1U7\ctxad-477.0000
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\KDEZ4X6Z\ctxad-478.0000
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\I9GZE565\ctxad-492.0005
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\O74NMPKN\ctxad-478.0004
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\KDEZ4X6Z\ctxad-492.0003
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\JWTH7O8K\ctxad-492.0001
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\S9QNK1U7\ctxad-492.0002
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\WJ0BUFO3\ctxad-478.0001
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\IPE589CN\ctxad-492.sig
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\WJ6NW7OP\ctxad-492.0006
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\STYFOXMJ\ctxad-478.0005
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\CDEBG1QN\ctxad-492.0004
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\I9GZE565\ctxad-478.sig
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\Y3OVD6J2\prompt_ie_xpsp2.js
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\1OP17DPR\massiveBlocksFast.swf
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\2HNO54FA\init.js
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\T5HRAM3M\ctxad-555.0005
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BNBR38X9\nf404.htm
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L11JM6FQ\ctxad-555.0002
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B88811VQ\ctxad-555.0004
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ANKNVWD0\ctxad-555.0003
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8FV72KP9\ctxad-555.0006
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\7S4WDLBM\ctxad-555.0001
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\TIG6BTLW\client_settings_3.bin
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J313NTCC\1x1.gif
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E1VOXKVU\ctxad-551.0002
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C96R052B\ctxad-551.zip
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D48FD9OL\oinsrch-106.zip
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C92B4TE3\oinsrch-106.0000
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C92B4TE3\ctxad-551.0000
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J313NTCC\setar-101.zip
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W3NBIOXT\ctxad-551.0004
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\TIG6BTLW\dohinst-103.0000
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J313NTCC\oinsrch-106.0002
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D48FD9OL\ctxad-551.0001
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\39N7A45S\dohinst-103.zip
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SX2FS5MF\ctxad-551.0005
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\TIG6BTLW\ctxad-552.0002
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\J313NTCC\ctxad-551.0003
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WXIRK163\ctxad-551.0006
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\39N7A45S\ctxad-552.0003
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\TIG6BTLW\ctxad-552.zip
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E1VOXKVU\oinsrch-106.0001
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\39N7A45S\ctxad-552.0006
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K3TJUM3L\ctxad-552.0004
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\39N7A45S\ctxad-552.0000
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K3TJUM3L\ctxad-552.0001
E:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K3TJUM3L\campaigns7.encrypted

Adware.DollarRevenue
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\WJ6NW7OP\ibarinstall.gif
C:\Documents and Settings\Medium !!!!in\Local Settings\Temporary Internet Files\Content.IE5\IPE589CN\ibar.js