# Solved: Popups and Trojan (Purityscan and Outerinfo), Please help!!!!



## NickSing3 (May 6, 2007)

Hi--

I have a problem similar to http://forums.techguy.org/security/4...fo-popups.html but not exactly the same. These popups from outerinfo come without warning on my computer, one every 8 minutes or so.
I downloaded and installed Webroot Spy Sweeper, and did a custom scan with everything enabled (including sweeping the system restore files). Here is a log since Friday:

10:39 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM.HSD1.MA.COMCAST.NET
10:39 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM
10:39 AM: The Internet Communication shield has blocked access to: AD.OUTERINFO.COM.HSD1.MA.COMCAST.NET
10:39 AM: The Internet Communication shield has blocked access to: AD.OUTERINFO.COM
10:39 AM: ApplicationMinimized - EXIT
10:39 AM: ApplicationMinimized - ENTER
10:38 AM: Your virus definitions have been updated.
10:38 AM: Informational: Loaded AntiVirus Engine: 2.45.3; SDK Version: 4.17; Virus Definitions: 5/7/2007 0:0:0 (GMT)
10:38 AM: Your definitions are up to date.
10:37 AM: ApplicationMinimized - EXIT
10:37 AM: ApplicationMinimized - ENTER
10:34 AM: ApplicationMinimized - EXIT
10:34 AM: ApplicationMinimized - ENTER
10:33 AM: Removal process completed. Elapsed time 00:00:02
10:33 AM: Quarantining All Traces: zedo cookie
10:33 AM: Quarantining All Traces: serving-sys cookie
10:33 AM: Quarantining All Traces: bs.serving-sys cookie
10:33 AM: Quarantining All Traces: atwola cookie
10:33 AM: Quarantining All Traces: atlas dmt cookie
10:33 AM: Quarantining All Traces: advertising cookie
10:33 AM: Quarantining All Traces: yieldmanager cookie
10:33 AM: Quarantining All Traces: 2o7.net cookie
10:33 AM: Quarantining All Traces: Troj/Dloadr-AXZ
10:33 AM: Quarantining All Traces: Troj/Inject-BQ
10:33 AM: Quarantining All Traces: purityscan
10:33 AM: Removal process initiated
2:39 AM: Traces Found: 26
2:39 AM: Custom Sweep has completed. Elapsed time 01:36:59
2:39 AM: File Sweep Complete, Elapsed Time: 01:34:14
2:37 AM: C:\Documents and Settings\Owner.NICKLAPTOP\Start Menu\Programs\Outerinfo\Terms.lnk (3 subtraces) (ID = 2147544766)
2:37 AM: C:\Documents and Settings\Owner.NICKLAPTOP\Start Menu\Programs\Outerinfo\Uninstall.lnk (3 subtraces) (ID = 2147544766)
2:30 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\vs\vsoins.ui]
2:30 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\vs\agentins.ui]
2:30 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\mpfins.ui]
2:30 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\agentins.ui]
2:30 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\msk\mskins.ui]
2:29 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\msk\agentins.ui]
2:13 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\owner.nicklaptop\my documents\filelib\winzip110.exe]
1:54 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]
1:54 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
1:54 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
1:30 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\pagefile.sys]
1:29 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\hiberfil.sys]
1:14 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se personal\skins\ad-aware se default.ask]
1:10 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\documents and settings\owner.nicklaptop\my documents\filelib\rfmportscanner.msi]
1:09 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
1:08 AM: C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\filelib\mIRC_v6.12_by_p-HeLL.exe (ID = 0)
1:08 AM: Found Troj/Dloadr-AXZ: Troj/Dloadr-AXZ
1:08 AM: C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\filelib\mIRC_v6.12_by_p-HeLL.exe (ID = 0)
1:08 AM: Found Troj/Inject-BQ: Troj/Inject-BQ
1:07 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Error Code A0040202] on [c:\program files\cyberlink\dvd solution\skin\mpanel.skn]
1:06 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\owner.nicklaptop\application data\adobe\acrobat\7.0\messages\enu\read0700win_enuadbe0700.pdf]
1:05 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\windows\temp\temporary internet files\content.ie5\56pq4a6p\valert[1].ui]
1:04 AM: C:\Program Files\Outerinfo (3 subtraces) (ID = 2147544766)
1:04 AM: C:\Documents and Settings\Owner.NICKLAPTOP\Start Menu\Programs\Outerinfo (2 subtraces) (ID = 2147551534)
1:04 AM: Starting File Sweep
1:04 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][1].txt (ID = 3762)
1:04 AM: Found Spy Cookie: zedo cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][1].txt (ID = 3343)
1:04 AM: Found Spy Cookie: serving-sys cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][1].txt (ID = 2330)
1:04 AM: Found Spy Cookie: bs.serving-sys cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][1].txt (ID = 2255)
1:04 AM: Found Spy Cookie: atwola cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][2].txt (ID = 2253)
1:04 AM: Found Spy Cookie: atlas dmt cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][2].txt (ID = 2175)
1:04 AM: Found Spy Cookie: advertising cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][1].txt (ID = 3751)
1:04 AM: Found Spy Cookie: yieldmanager cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][1].txt (ID = 1957)
1:04 AM: Found Spy Cookie: 2o7.net cookie
1:04 AM: Starting Cookie Sweep
1:04 AM: Registry Sweep Complete, Elapsed Time:00:00:12
1:04 AM: HKLM\software\microsoft\windows\currentversion\uninstall\outerinfo\ (ID = 2063030)
1:04 AM: Found Adware: purityscan
1:04 AM: Starting Registry Sweep
1:04 AM: Memory Sweep Complete, Elapsed Time: 00:02:29
1:04 AM: Warning: AntiVirus engine for IdentifyMemObject returned [Access Denied] on [C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\??crosoft.NET\t?skmgr.exe]
1:02 AM: Starting Memory Sweep
1:02 AM: Start Custom Sweep
1:02 AM: Sweep initiated using definitions version 907
12:57 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM.HSD1.MA.COMCAST.NET
12:57 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM
12:54 AM: The Internet Communication shield has blocked access to: AD.OUTERINFO.COM
12:54 AM: The Internet Communication shield has blocked access to: AD.OUTERINFO.COM.HSD1.MA.COMCAST.NET
12:39 AM: ApplicationMinimized - EXIT
12:39 AM: ApplicationMinimized - EXIT
12:39 AM: ApplicationMinimized - ENTER
12:39 AM: ApplicationMinimized - ENTER
12:39 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM
12:39 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM.HSD1.MA.COMCAST.NET
12:37 AM: ApplicationMinimized - EXIT
12:37 AM: ApplicationMinimized - ENTER
12:37 AM: ApplicationMinimized - EXIT
12:37 AM: ApplicationMinimized - EXIT
12:37 AM: ApplicationMinimized - ENTER
12:37 AM: ApplicationMinimized - ENTER
12:37 AM: BHO Shield: found: -- BHO installation allowed at user request
12:37 AM: BHO Shield: found: -- BHO installation denied at user request
12:32 AM: Your virus definitions have been updated.
12:32 AM: Informational: Loaded AntiVirus Engine: 2.45.3; SDK Version: 4.17; Virus Definitions: 5/7/2007 0:0:0 (GMT)
12:32 AM: Your definitions are up to date.
12:32 AM: ApplicationMinimized - EXIT
12:32 AM: ApplicationMinimized - ENTER
12:32 AM: Deletion from quarantine completed. Elapsed time 00:00:00
12:32 AM: Processing: trb.com cookie
12:32 AM: Processing: nextag cookie
12:32 AM: Processing: atwola cookie
12:32 AM: Processing: burstnet cookie
12:32 AM: Processing: burstnet cookie
12:32 AM: Processing: trojan-downloader-waverevenue
12:32 AM: Processing: trojan-downloader-waverevenue
12:32 AM: Processing: maxifiles
12:32 AM: Processing: purityscan
12:32 AM: Processing: purityscan
12:32 AM: Processing: Troj/ByteVeri-N
12:32 AM: Deletion from quarantine initiated
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:31 AM: Shield States
12:31 AM: Spyware Definitions: 907
12:31 AM: Informational: Loaded AntiVirus Engine: 2.45.3; SDK Version: 4.17; Virus Definitions: 5/7/2007 0:0:0 (GMT)
12:31 AM: Spy Sweeper 5.3.2.2361 started
12:31 AM: Spy Sweeper 5.3.2.2361 started
12:31 AM: | Start of Session, Sunday, May 06, 2007 |
***************
9:54 PM: Removal process completed. Elapsed time 00:00:08
9:54 PM: Preparing to restart your computer. Please wait...
9:54 PM: Quarantining All Traces: trb.com cookie
9:54 PM: Quarantining All Traces: nextag cookie
9:54 PM: Quarantining All Traces: burstnet cookie
9:54 PM: Quarantining All Traces: atwola cookie
9:54 PM: Quarantining All Traces: trojan-downloader-waverevenue
9:54 PM: Quarantining All Traces: maxifiles
9:54 PM: Quarantining All Traces: Troj/ByteVeri-N
9:54 PM: c:\windows\m?crosoft\s?oolsv.exe is in use. It will be removed on reboot.
9:54 PM: purityscan is in use. It will be removed on reboot.
9:54 PM: Quarantining All Traces: purityscan
9:54 PM: Removal process initiated
9:13 PM: Traces Found: 13
9:13 PM: Full Sweep has completed. Elapsed time 01:30:34
9:13 PM: File Sweep Complete, Elapsed Time: 01:27:13
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\vs\shared\mcafwel.cab]
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\vs\shared\agentcfg.cab]
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\msk\shared\mcafwel.cab]
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\msk\shared\agentcfg.cab]
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\shared\mcafwel.cab]
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\shared\agentcfg.cab]
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\mpfplus\en-us\us\mpfcfg.cab]
9:10 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Error Code A0040202] on [d:\i386\apps\app07410\pstarter\data2.cab]
9:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu\adobe reader 7.00.cab]
9:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu\data1.cab]
9:02 PM: C:\Documents and Settings\Owner.NICKLAPTOP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-5c12ca78.zip (ID = 0)
9:02 PM: C:\Documents and Settings\Owner.NICKLAPTOP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-5c12ca78.zip (ID = 0)
9:02 PM: Informational: Detected virus Troj/ByteVeri-N in file c:\documents and settings\owner.nicklaptop\application data\sun\java\deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-5c12ca78.zip object Beyond.class
9:02 PM: C:\Documents and Settings\Owner.NICKLAPTOP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-5c12ca78.zip (ID = 0)
9:02 PM: Found Troj/ByteVeri-N: Troj/ByteVeri-N
9:02 PM: Informational: Detected virus Troj/ByteVeri-N in file c:\documents and settings\owner.nicklaptop\application data\sun\java\deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-5c12ca78.zip object VerifierBug.class
9:02 PM: Informational: Detected virus Troj/ByteVeri-N in file c:\documents and settings\owner.nicklaptop\application data\sun\java\deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-5c12ca78.zip object BlackBox.class
9:02 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
9:01 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\vs\vsoins.ui]
9:01 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\vs\agentins.ui]
9:01 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\msk\mskins.ui]
9:00 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\msk\agentins.ui]
9:00 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\agentins.ui]
9:00 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\mpfins.ui]
8:46 PM: HKU\S-1-5-21-1406616700-933632625-943660135-1006\Software\Microsoft\Windows\CurrentVersion\Run || Mhr (ID = 0)
8:46 PM: c:\windows\m?crosoft\s?oolsv.exe (ID = 450)
8:46 PM: Found Adware: purityscan
8:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\owner.nicklaptop\my documents\filelib\winzip110.exe]
8:27 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]
8:27 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
8:27 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
8:13 PM: ApplicationMinimized - EXIT
8:13 PM: ApplicationMinimized - EXIT
8:13 PM: ApplicationMinimized - ENTER
8:13 PM: ApplicationMinimized - ENTER
8:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\pagefile.sys]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\hiberfil.sys]
7:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se personal\skins\ad-aware se default.ask]
7:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\documents and settings\owner.nicklaptop\my documents\filelib\rfmportscanner.msi]
7:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
7:48 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Error Code A0040202] on [c:\program files\cyberlink\dvd solution\skin\mpanel.skn]
7:47 PM: C:\WINDOWS\Temp\win3C.tmp.exe (ID = 537820)
7:47 PM: C:\Documents and Settings\Owner.NICKLAPTOP\Local Settings\Temporary Internet Files\Content.IE5\KPUROPAZ\xzc37[1].exe (ID = 537820)
7:47 PM: Found Trojan Horse: trojan-downloader-waverevenue
7:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\owner.nicklaptop\application data\adobe\acrobat\7.0\messages\enu\read0700win_enuadbe0700.pdf]
7:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\windows\temp\temporary internet files\content.ie5\56pq4a6p\valert[1].ui]
7:46 PM: Starting File Sweep
7:46 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:46 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2337)
7:46 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3587)
7:46 PM: Found Spy Cookie: trb.com cookie
7:46 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 5014)
7:46 PM: Found Spy Cookie: nextag cookie
7:46 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2336)
7:46 PM: Found Spy Cookie: burstnet cookie
7:46 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2255)
7:46 PM: Found Spy Cookie: atwola cookie
7:46 PM: Starting Cookie Sweep
7:46 PM: Registry Sweep Complete, Elapsed Time:00:00:14
7:46 PM: HKU\S-1-5-21-1406616700-933632625-943660135-1006\software\ipwins\ (ID = 1516546)
7:46 PM: Found Adware: maxifiles
7:46 PM: Starting Registry Sweep
7:46 PM: Memory Sweep Complete, Elapsed Time: 00:03:00
7:45 PM: Warning: AntiVirus engine for IdentifyMemObject returned [Access Denied] on [C:\WINDOWS\M?crosoft\s?oolsv.exe]
7:43 PM: Starting Memory Sweep
7:42 PM: Start Full Sweep
7:42 PM: Sweep initiated using definitions version 907
7:42 PM: Your virus definitions have been updated.
7:42 PM: Informational: Loaded AntiVirus Engine: 2.45.3; SDK Version: 4.17; Virus Definitions: 5/7/2007 0:0:0 (GMT)
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
7:42 PM: Shield States
7:42 PM: Spyware Definitions: 907
7:42 PM: Informational: Loaded AntiVirus Engine: 2.45.3; SDK Version: 4.17; Virus Definitions: 5/7/2007 0:0:0 (GMT)
7:42 PM: Spy Sweeper 5.3.2.2361 started
7:42 PM: Spy Sweeper 5.3.2.2361 started
7:42 PM: | Start of Session, Friday, May 04, 2007 |

Here is my recent HijackThis log:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo Desktop\TiVoNotify.exe
C:\Program Files\Vidalia\vidalia.exe
C:\WINDOWS\DOBE~1\services.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tor\tor.exe
C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\??crosoft.NET\t?skmgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\filelib\VundoFix.exe
C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\filelib\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6959
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6959
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6959
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6959
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C96F830-42DF-7219-A740-69E337E5ADE2} - C:\WINDOWS\system32\mwvsqg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\DOBE~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Qrsowejl] "C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\??crosoft.NET\t?skmgr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Any help would be GREATLY appreciated!
Thanks!

P.S. Running Windows XP Home ED


----------



## cybertech (Apr 16, 2002)

Run HijackThis and click Open the *Misc Tools* section

Click Open Uninstall Manager
Save list
click on the Desktop icon or select to save the list on the desktop
then click save.

Open the file and copy/paste the contents back here in your next reply.


----------



## NickSing3 (May 6, 2007)

Ok, thanks a lot. Here it is.

µTorrent
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.5
Adobe Shockwave Player
America's Army
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Armagetron Advanced 0.2.8.2.1.gcc
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 2 Revolution
Browser Address Error Redirector
Diner Dash
DirectShow Dump
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Solution
Elecard MPEG-2 Decoder&Streaming Plug-in for WMP
EPSON Printer Software
FATE
Free Download Manager 2.1
Gateway Game Console
Google Earth
Google Gmail Notifier
Google Toolbar for Internet Explorer
Google Video Uploader
GraphCalc v4.0.1
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.0
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914906)
iKnowPS
IM Sniffer 0.9 Optimized
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 2
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Halo Trial
Microsoft Office 2000 Professional
mIRC
mIWA
mLogView
mMHouse
Motorola SM56 Data Fax Modem
Mozilla Firefox (2.0.0.3)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Musicnotes Player V1.22.3
mWlsSafe
mXML
mZConfig
Napster Burn Engine
Native Instruments Sibelius Player
Nero 7 Ultra Edition
Neuratron PhotoScore Lite
PDFCreator
PeerGuardian 2.0
Penguins!
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer
SCRABBLE
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Sibelius 4
Sibelius Scorch Plugin
SigmaTel Audio
Skype 3.0
Skype Plugin Manager
Soldat 1.3.1
Sonic Encoders
Spy Sweeper
Steam
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
TeamSpeak Overlay BETA 2 (#63)
Texas Instruments PCIxx21/x515/xx12 drivers.
TiVo Desktop
Tradewinds
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WavePad Uninstall
WildTangent Web Driver
Windows Media Format Runtime
Windows XP Hotfix - KB886185
Windows XP Media Center Edition 2005 KB914548
WinPcap 3.1
WinZip 11.1
Xfire (remove only)
XY Chart Labeler 7.0


----------



## cybertech (Apr 16, 2002)

Download ComboFix from *Here* or *Here* to your Desktop. 

Double click *combofix.exe * and follow the prompts.
When finished, it shall produce a log for you. Post that log and a *HiJackthis* log in your next reply
*Note: Do not mouseclick combofix's window while its running. That may cause it to stall*


----------



## NickSing3 (May 6, 2007)

Here is the ComboFix Log:

"Owner" - 2007-05-08 16:18:14 Service Pack 2 
ComboFix 07-05.07.3.V - Running from: "C:\Documents and Settings\Owner.NICKLAPTOP\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ljjkiig.dll
C:\WINDOWS\system32\rqronkl.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\retadpu2000352.exe
C:\WINDOWS\system32\wnstssv.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NIC
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NIC\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NIC\MYDOCU~1\CROSOF~1.NET
C:\qoobox\purity\C\DOCUME~1\OWNER~1.NIC\MYDOCU~1\CROSOF~1.NET\t?skmgr.exe
C:\qoobox\purity\C\WINDOWS\DOBE~1
C:\qoobox\purity\C\WINDOWS\MCROSO~1
C:\qoobox\purity\C\WINDOWS\DOBE~1\services.exe
C:\qoobox\purity\C\WINDOWS\DOBE~1\?dobe

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_NM
-------\nm

((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))

2007-05-04 19:34	22,080	--a------	C:\WINDOWS\system32\drivers\sshrmd.sys
2007-05-04 19:34	21,056	--a------	C:\WINDOWS\system32\drivers\sskbfd.sys
2007-05-04 19:34	20,544	--a------	C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-05-04 19:34	144,960	--a------	C:\WINDOWS\system32\drivers\ssidrv.sys
2007-05-04 19:34 d--------	C:\Program Files\Webroot
2007-05-04 19:34 d--------	C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-05-04 19:34 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-05-04 19:30	164	--a------	C:\install.dat
2007-05-04 19:30 d--------	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1\Webroot
2007-05-04 18:53 d--------	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1\Lavasoft
2007-05-04 18:47 d--------	C:\Program Files\Lavasoft
2007-05-04 18:40 d--------	C:\VundoFix Backups
2007-05-04 18:30 d--------	C:\Program Files\iKnowPS
2007-05-04 16:59	626,688	--a------	C:\WINDOWS\system32\msvcr80.dll
2007-05-04 16:40 d--------	C:\Program Files\Vidalia
2007-05-04 16:40 d--------	C:\Program Files\Torbutton
2007-05-04 16:40 d--------	C:\Program Files\Tor
2007-05-04 16:40 d--------	C:\Program Files\Privoxy
2007-05-04 16:23	11,264	--a------	C:\WINDOWS\smanager.7.exe
2007-05-04 15:38 d--------	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1\Aim
2007-05-03 17:33 d--------	C:\Program Files\Trillian
2007-04-28 17:35 d--------	C:\Program Files\Armagetron Advanced
2007-04-28 17:35 d--------	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1\Armagetron
2007-04-28 17:35 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Armagetron
2007-04-17 16:01 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-04-17 10:56 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-04-17 10:55 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-04-13 16:04 d--------	C:\Program Files\Brutus
2007-04-08 18:56 d--------	C:\RainbowCrack
2007-04-08 17:21 d--------	C:\Program Files\Nmap
2007-04-08 13:36 d--------	C:\Program Files\AppsPro

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-08 20:20:29	--------	d-----w	C:\Program Files\IM Sniffer
2007-05-08 19:51:22	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\Tor
2007-05-08 19:49:43	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\Vidalia
2007-05-06 22:23:38	--------	d-----w	C:\Program Files\Steam
2007-05-06 21:49:16	--------	d-----w	C:\Program Files\mIRC
2007-05-05 23:52:47	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\Skype
2007-05-05 23:35:46	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\Xfire
2007-05-05 20:50:35	--------	d-s---w	C:\Program Files\Xfire
2007-05-05 20:47:45	--------	d-----w	C:\Program Files\America Online 9.0
2007-05-04 23:30:23	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\Webroot
2007-05-04 22:53:29	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\Lavasoft
2007-05-04 22:46:27	--------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2007-05-04 22:40:29	--------	d-----w	C:\Program Files\PeerGuardian2
2007-05-04 19:38:09	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\Aim
2007-05-04 19:38:06	--------	d-----w	C:\Program Files\AIM
2007-05-04 19:37:59	--------	d-----w	C:\Program Files\AOD
2007-04-29 02:29:51	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\uTorrent
2007-04-28 21:35:56	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\Armagetron
2007-04-20 12:51:18	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\Free Download Manager
2007-04-17 14:56:24	--------	d-----w	C:\Program Files\Common Files\AOL
2007-04-10 23:33:37	--------	d-----w	C:\Program Files\Shred Agent
2007-04-08 03:04:03	99,904	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
2007-04-07 23:00:27	0	----a-r	C:\logwmemory.bin
2007-04-07 23:00:18	--------	d-----w	C:\Program Files\Soldat
2007-04-06 15:22:38	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\teamspeak2
2007-04-06 14:02:11	--------	d-----w	C:\Program Files\Band-in-a-Box Demo
2007-03-31 22:58:21	--------	d-----w	C:\Program Files\KeyOps
2007-03-31 01:04:10	--------	d-----w	C:\Program Files\America's Army
2007-03-31 00:58:20	--------	d-----w	C:\Program Files\Teamspeak2_RC2
2007-03-31 00:57:32	--------	d-----w	C:\Program Files\Halo Trial
2007-03-31 00:34:19	--------	d-----w	C:\Program Files\Opera
2007-03-31 00:33:05	--------	d-----w	C:\Program Files\TSO
2007-03-31 00:09:55	--------	d-----w	C:\Program Files\America's Army Server Manager
2007-03-28 19:46:09	--------	d-----w	C:\Program Files\7-Zip
2007-03-22 03:05:19	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\DivX
2007-03-22 03:04:46	--------	d-----w	C:\Program Files\DivX
2007-03-17 13:43:01	292,864	----a-w	C:\WINDOWS\system32\winsrv.dll
2007-03-17 02:38:10	--------	d-----w	C:\Program Files\AnvSoft
2007-03-12 21:43:53	664	----a-w	C:\WINDOWS\system32\d3d9caps.dat
2007-03-11 05:40:07	--------	d-----w	C:\Program Files\RecentCleaner
2007-03-08 21:38:21	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\Apple Computer
2007-03-08 20:26:26	--------	d-----w	C:\Program Files\uTorrent
2007-03-08 20:25:08	--------	d-----w	C:\Program Files\Azureus
2007-03-08 20:24:52	--------	d-----w	C:\DOCUME~1\OWNER~1.NIC\APPLIC~1.\Azureus
2007-03-08 15:36:28	577,536	----a-w	C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28	40,960	----a-w	C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28	281,600	----a-w	C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48	1,843,584	----a-w	C:\WINDOWS\system32\win32k.sys
2007-02-23 04:29:58	524,288	----a-w	C:\WINDOWS\system32\DivXsm.exe
2007-02-23 04:29:56	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 04:29:52	129,784	------w	C:\WINDOWS\system32\pxafs.dll
2007-02-23 04:29:52	118,520	------w	C:\WINDOWS\system32\pxinsi64.exe
2007-02-23 04:29:52	116,472	------w	C:\WINDOWS\system32\pxcpyi64.exe
2007-02-23 04:29:49	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll
2007-02-23 04:29:49	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll
2007-02-23 04:25:24	73,728	----a-w	C:\WINDOWS\system32\dpl100.dll
2007-02-23 04:25:24	196,608	----a-w	C:\WINDOWS\system32\dtu100.dll
2007-02-23 04:25:23	53,248	----a-w	C:\WINDOWS\system32\dpuGUI10.dll
2007-02-23 04:25:22	593,920	----a-w	C:\WINDOWS\system32\dpuGUI11.dll
2007-02-23 04:25:22	57,344	----a-w	C:\WINDOWS\system32\dpv11.dll
2007-02-23 04:25:22	344,064	----a-w	C:\WINDOWS\system32\dpus11.dll
2007-02-23 04:25:22	294,912	----a-w	C:\WINDOWS\system32\dpu11.dll
2007-02-23 04:25:22	294,912	----a-w	C:\WINDOWS\system32\dpu10.dll
2007-02-23 04:25:19	823,296	----a-w	C:\WINDOWS\system32\divx_xx0c.dll
2007-02-23 04:25:19	823,296	----a-w	C:\WINDOWS\system32\divx_xx07.dll
2007-02-23 04:25:19	802,816	----a-w	C:\WINDOWS\system32\divx_xx11.dll
2007-02-23 04:25:19	639,066	----a-w	C:\WINDOWS\system32\DivX.dll
2007-02-16 01:40:35	124,472	----a-w	C:\WINDOWS\system32\DivXCodecUpdateChecker.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar3.dll"
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"="C:\Program Files\Free Download Manager\iefdmcks.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="\"C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"MSKDetectorExe"="\"C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe\" /uninstall"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="\"C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe\" /SYNC"
"PHIME2002ASync"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /SYNC"
"PHIME2002A"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /IMEName"
"IM Sniffer"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_5 -reboot 1"
"TivoTransfer"="\"C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TiVoTransfer.exe\" /service /registry /auto:TivoTransfer"
"TivoNotify"="\"C:\\Program Files\\TiVo Desktop\\TiVoNotify.exe\" /service /registry /auto:TivoNotify"
"TivoServer"="\"C:\\Program Files\\TiVo Desktop\\TiVoServer.exe\" /service /registry"
"Steam"=""
"Vidalia"="\"C:\\Program Files\\Vidalia\\vidalia.exe\""
"Ealb"="\"C:\\WINDOWS\\DOBE~1\\services.exe\" -vt yazb"
"Qrsowejl"="\"C:\\Documents and Settings\\Owner.NICKLAPTOP\\My Documents\\??crosoft.NET\\t?skmgr.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages	msv1_0\0\0
Security Packages	kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages	scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aol spyware protection
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hostmanager
C:\Program Files\Common Files\AOL\1163543037\EE\AOLHostManager.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcafwelcome
c:\PROGRA~1\mcafee.com\agent\mcwelcom.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagentexe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcupdateexe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mpfexe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mskagentexe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mskdetectorexe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck
C:\WINDOWS\system32\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oasclnt
C:\Program Files\McAfee.com\VSO\oasclnt.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smserial
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\virusscan online
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vsochecktask
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter	HTTPFilter\0\0
LocalService	Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService	DnsCache\0\0
DcomLaunch	DcomLaunch\0TermService\0\0
rpcss	RpcSs\0\0
imgsvc	StiSvc\0\0
termsvcs	TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 16:29:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-08 16:31:09 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-08 16:31

And here is the HijackThis Log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:33:42 PM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo Desktop\TiVoNotify.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Tor\tor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\TiVo Desktop\TiVoServer.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\filelib\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\DOBE~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Qrsowejl] "C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\??crosoft.NET\t?skmgr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9072 bytes


----------



## cybertech (Apr 16, 2002)

Looks better but still not clean.

Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Please download *ATF Cleaner* by Atribune. 
*This program is for XP and Windows 2000 only*
 
Double-click *ATF-Cleaner.exe* to run the program. 
Under *Main* choose: *Select All* 
Click the *Empty Selected* button. 

*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.

Click *Exit* on the Main menu to close the program. 
For *Technical Support*, double-click the e-mail address located at the bottom of each menu.

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply with a new hijackthis log.*

Click *Close* to exit the program.


----------



## NickSing3 (May 6, 2007)

Here is my log from the SuperAntiSpyware Program:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/08/2007 at 09:17 PM

Application Version : 3.7.1018

Core Rules Database Version : 3233
Trace Rules Database Version: 1244

Scan type : Complete Scan
Total Scan Time : 01:00:46

Memory items scanned : 480
Memory threats detected : 0
Registry items scanned : 5872
Registry threats detected : 2
File items scanned : 65513
File threats detected : 13

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR
C:\QooBox\purity\C\DOCUME~1\OWNER~1.NIC\MYDOCU~1\CROSOF~1.NET\TSKMGR~1.EXE

Trojan.Downloader-Gen/HardFall
C:\DOCUMENTS AND SETTINGS\OWNER.NICKLAPTOP\MY DOCUMENTS\FILELIB\BACKUPS\BACKUP-20070504-184640-405.DLL
C:\DOCUMENTS AND SETTINGS\OWNER.NICKLAPTOP\MY DOCUMENTS\FILELIB\BACKUPS\BACKUP-20070504-184814-890.DLL
C:\DOCUMENTS AND SETTINGS\OWNER.NICKLAPTOP\MY DOCUMENTS\FILELIB\BACKUPS\BACKUP-20070504-191704-660.DLL
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RQRONKL.DLL.VIR
C:\VUNDOFIX BACKUPS\RQRONKL.DLL.BAD

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\OWNER.NICKLAPTOP\MY DOCUMENTS\FILELIB\BACKUPS\BACKUP-20070504-184640-895.DLL
C:\DOCUMENTS AND SETTINGS\OWNER.NICKLAPTOP\MY DOCUMENTS\FILELIB\BACKUPS\BACKUP-20070506-115459-920.DLL
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LJJKIIG.DLL.VIR

Adware.ClickSpring/Outer Info Network
C:\DOCUMENTS AND SETTINGS\OWNER.NICKLAPTOP\MY DOCUMENTS\FILELIB\OIUNINSTALLER.EXE

Adware.ClickSpring-Variant
C:\QOOBOX\PURITY\C\WINDOWS\DOBE~1\SERVICES.EXE

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSTSSV.EXE.VIR

Trojan.Downloader-SManager
C:\WINDOWS\SMANAGER.7.EXE

And here is a current HijackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:28:30 PM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo Desktop\TiVoNotify.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\Tor\tor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\filelib\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9075 bytes


----------



## NickSing3 (May 6, 2007)

Here is my log from the SuperAntiSpyware Program:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/08/2007 at 09:17 PM

Application Version : 3.7.1018

Core Rules Database Version : 3233
Trace Rules Database Version: 1244

Scan type : Complete Scan
Total Scan Time : 01:00:46

Memory items scanned : 480
Memory threats detected : 0
Registry items scanned : 5872
Registry threats detected : 2
File items scanned : 65513
File threats detected : 13

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR
C:\QooBox\purity\C\DOCUME~1\OWNER~1.NIC\MYDOCU~1\CROSOF~1.NET\TSKMGR~1.EXE

Trojan.Downloader-Gen/HardFall
C:\DOCUMENTS AND SETTINGS\OWNER.NICKLAPTOP\MY DOCUMENTS\FILELIB\BACKUPS\BACKUP-20070504-184640-405.DLL
C:\DOCUMENTS AND SETTINGS\OWNER.NICKLAPTOP\MY DOCUMENTS\FILELIB\BACKUPS\BACKUP-20070504-184814-890.DLL
C:\DOCUMENTS AND SETTINGS\OWNER.NICKLAPTOP\MY DOCUMENTS\FILELIB\BACKUPS\BACKUP-20070504-191704-660.DLL
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RQRONKL.DLL.VIR
C:\VUNDOFIX BACKUPS\RQRONKL.DLL.BAD

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\OWNER.NICKLAPTOP\MY DOCUMENTS\FILELIB\BACKUPS\BACKUP-20070504-184640-895.DLL
C:\DOCUMENTS AND SETTINGS\OWNER.NICKLAPTOP\MY DOCUMENTS\FILELIB\BACKUPS\BACKUP-20070506-115459-920.DLL
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LJJKIIG.DLL.VIR

Adware.ClickSpring/Outer Info Network
C:\DOCUMENTS AND SETTINGS\OWNER.NICKLAPTOP\MY DOCUMENTS\FILELIB\OIUNINSTALLER.EXE

Adware.ClickSpring-Variant
C:\QOOBOX\PURITY\C\WINDOWS\DOBE~1\SERVICES.EXE

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSTSSV.EXE.VIR

Trojan.Downloader-SManager
C:\WINDOWS\SMANAGER.7.EXE

And here is a current HijackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:28:30 PM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo Desktop\TiVoNotify.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\Tor\tor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\filelib\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9075 bytes


----------



## cybertech (Apr 16, 2002)

Looks fine. How is it running now? Any problems?


----------



## NickSing3 (May 6, 2007)

Nope, actually, I haven't had any problems! Thanks a lot!

One more thing, can I remove some of the software you had me download? When I do, what will it do with the quarantined files?

Thanks.


----------



## cybertech (Apr 16, 2002)

Great!

You can remove all of the tools I requested you to download and/or folders associated with them now.

SUPERAntiSpyware is a trial version so you can keep that until the trial is over and then uninstall.

It's a good idea to Flush your System Restore after removing malware:


 On the Desktop, right-click My Computer. 
 Click Properties. 
 Click the System Restore tab. 
 Check Turn off System Restore. 
 Click Apply, and then click OK. 
 Restart the computer. 

To create a new restore point: 

Start go to All Programs 
Accessories, System Tools and select System Restore. 
In the System Restore wizard, select "Create a restore point" and click the Next button. 
Type a description for your new restore point. 
Click Create and you're done.

Here are some additional links for you to check out to help you with your computer security.

Secunia software inspector & update checker

Good free tools and advice on how to tighten your security settings.

Security Help Tools

You're welcome!


----------

