# Could someone PLEASE help me with my computer?



## lacourdy (Nov 10, 2006)

Hi, thanks for taking a look to help me with this. My computer is running real slow, can't delete my printer. It won't work so i wanted to uninstall it and reinstall. Don't know if i still have any viruses or spyware left on my computer.

I purchased Spyware Doctor after seeing i had 35,000 infections. I think they are all gone, but this computer is running real slow. I even bought more memory for it, but that didn't do much for it. I have downloaded highjack this and scanned my report. Please advise on what to do next so i can fix this problem.

Logfile of HijackThis v1.99.1
Scan saved at 2:03:05 PM, on 11/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ptd.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163545134906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pasksa - C:\WINDOWS\SYSTEM32\pasksa.dll
O20 - Winlogon Notify: xartcd5 - xartcd5.dll (file missing)
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe


----------



## Cheeseball81 (Mar 3, 2004)

Download haxfix.exe.

Save it to your desktop.

Double click on haxfix.exe to install *haxfix*. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon"
Click "Next"
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
Click "Finish"

A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix

Select option *1. Make logfile* by typing *1* and then pressing Enter
Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt > (*c:\haxfix.txt*)
Copy the contents of that logfile and paste it into this thread.


----------



## lacourdy (Nov 10, 2006)

Thank you very much for taking the time to help me with this problem. I did what you asked me to do and here it is.

HAXFIX logfile - by Marckie

version 4.29 
Sat 11/18/2006 20:30:06.93 

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found 

checking for matching services
no matching services found 

checking for matching safeboot services
no matching safeboot services found 

checking for other Haxdoor-files
no other Haxdoor-files found


--- Checking for Goldun ---


checking for SSODL keys
no ssodl keys found

checking for notify keys
pasksa 
xartcd5 

checking for services
p79bsksb 
xartcd7 

checking for other Goldun-files
no other Goldun-files found


Finished!


----------



## Cheeseball81 (Mar 3, 2004)

Start Haxfix
A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix
Select option *2. Run auto fix* by typing *2* and then pressing Enter.
If an infection is found, you'll get a message to close all other open windows.
Close all open windows *except* the red dos window from haxfix and then press Enter.
The computer will reboot.
After reboot a logfile will open > (c:\haxfix.txt)

Download *AVG Anti-Spyware* from *HERE* and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "*Update*" then select the "*Update now*" link.
Next select the "*Start Update*" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "*Scanner*" icon at the top of the screen, then select the "*Settings*" tab.
Once in the Settings screen click on "*Recommended actions*" and then select "*Quarantine*".
Under "*Reports*"
Select "*Automatically generate report after every scan*"
Un-Select "*Only if threats were found*"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into *Safe Mode*. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight *Safe Mode* then hit enter.

*IMPORTANT:* Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

Launch AVG Anti-Spyware by double clicking the icon on your desktop.
Select the "*Scanner*" icon at the top and then the "*Scan*" tab then click on "*Complete System Scan*".
AVG will now begin the scanning process. Please be patient as this may take a little time.
*Once the scan is complete, do the following:*
If you have any infections you will be prompted. Then select "*Apply all actions.*"
Next select the "*Reports*" icon at the top.
Select the "*Save report as*" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go *HERE* to run Panda's ActiveScan
Once you are on the Panda site click the *Scan your PC* button
A new window will open...click the *Check Now* button
Enter your *Country*
Enter your *State/Province*
Enter your *e-mail address* and click *send*
Select either *Home User* or *Company*
Click the big *Scan Now* button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on *My Computer* to start the scan
When the scan completes, if anything malicious is detected, click the *See Report* button, *then Save Report* and save it to a convenient location. Post the contents of the ActiveScan report

*Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.*


----------



## lacourdy (Nov 10, 2006)

Here is the 2nd scan of haxfix. Now i am gonna download and do the avg thing next. Just trying to let you know where i am in this process.

HAXFIX logfile - by Marckie

version 4.29 
Sat 11/18/2006 20:49:46.87

--- Auto Haxdoorfix ---

searching for files:

no infections found

--- Goldunfix ---

searching for files:

searching for SSODLkeys: 
no SSODLkeys found

searching for notifykeys: 
pasksa 
xartcd5

searching for services: 
p79bsksb 
xartcd7

deleting service p79bsksb 
[SWSC] DeleteService SUCCESS

deleting service xartcd7 
[SWSC] DeleteService SUCCESS

.....rebooting the computer.....

searching for ssodlkeys

not needed

searching for notifykeys

notifykey pasksa not found 
notifykey xartcd5 not found

searching for services

service p79bsksb not found 
service xartcd7 not found

searching for safeboot services

not needed

searching for files

pasksa.dll exists 
deleting pasksa.dll 
pasksa.dll has been deleted

xartcd5.dll exists 
deleting xartcd5.dll 
xartcd5.dll has been deleted

p79bsksb.sys exists 
deleting p79bsksb.sys 
p79bsksb.sys has been deleted

xartcd7.sys exists 
deleting xartcd7.sys 
xartcd7.sys has been deleted

checking for other files

ksl48.bin exists 
deleting ksl48.bin 
ksl48.bin has been deleted

checking for a3d files

no a3d files found

Finished


----------



## Cheeseball81 (Mar 3, 2004)

:up:


----------



## lacourdy (Nov 10, 2006)

Here is all the info you requested. And according to spyware doctor, i had no more viruses. But according to panda, i have over 400. I knew something wasn't right.

Logfile of HijackThis v1.99.1
Scan saved at 9:50:22 AM, on 11/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ptd.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163545134906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

---------------------------------------------------------


----------



## lacourdy (Nov 10, 2006)

Here is the AVG scan results

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:	10:49:40 PM 11/18/2006

+ Scan result:

C:\Program Files\filesubmit\moonlightbayss.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned.
C:\Program Files\filesubmit\moonlightbayss.zip\SetupInst.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP13\A0025551.sys -> Backdoor.Haxdoor.kx : Cleaned.
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1162918432.ssb/C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OSA.exe -> Downloader.Delf.ks : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\13.tmp -> Downloader.Tiny.cb : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\temp.frCEDC -> Downloader.Zlob.auw : Cleaned.
C:\Program Files\Bodog Casino\Install.exe -> Heuristic.Win32.Dialer : Cleaned.
C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP10\A0017470.exe -> Heuristic.Win32.Dialer : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\F.tmp -> Logger.Goldun.gu : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\C.tmp -> Logger.Goldun.hp : Cleaned.
C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP10\A0017469.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned.
C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP1\A0003021.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-14836499-1846ab85.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Porntrack : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-2aa88143-62bb9ff1.class -> Trojan.ClassLoader.Dummy.d : Cleaned.

::Report end


----------



## lacourdy (Nov 10, 2006)

I can't copy and paste the Panda report because it says it is to long. Something about 183,000 characters. Try to make it about 30,000 long. Don't know how you want me to do this.


----------



## Cheeseball81 (Mar 3, 2004)

Can you attach it


----------



## lacourdy (Nov 10, 2006)

How should i attach it. Just let me know and i will try. Thanks for coming back and helping me with this.


----------



## lacourdy (Nov 10, 2006)

Incident  Status Location

Virus:W32/Duel.A Disinfected Operating system 
Virus:trj/haxdoor.hy Disinfected Operating system 
Adware:adware/razespyware Not disinfected c:\windows\rzs.exe 
Virus:w32/locksky.au.worm Disinfected Operating system 
Virus:W32/Duel.A Disinfected C:\aolextras\AOLCallAlertDemo.exe 
Virus:W32/Duel.A Disinfected C:\aolextras\sm\sm3.exe 
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt 
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt 
Spyware:Cookie/SecurityError Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt 
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][3].txt  
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt 
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 
Spyware:Cookie/Freehqvideos Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 
Spyware:Cookie/Freehqvideos Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected]_mov[1].txt 
Virus:W32/Duel.A Disinfected C:\Documents and Settings\Owner\Desktop\PartyPokerSetup.exe 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt 
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt 
Virus:W32/Duel.A Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\rtdrvmon.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\automod32.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\autorun.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\COMMANDS.EXE  
Virus:W32/Duel.A Disinfected C:\hp\bin\DM.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\FindWindow.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\CDSTART.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SETUP\FIREWALL\APP\HNETWIZ.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SETUP\ISCOMMON\APP\ALERTAST.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SETUP\ISCOMMON\APP\ALESCAN.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SETUP\ISCOMMON\APP\IAMSTATS.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SETUP\ISCOMMON\APP\LOGEXPRT.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SETUP\ISCOMMON\COMMON\SYMSHARE\ADBLCK\NSMDTR.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SETUP\PRIVACY\APP\NISEMSVR.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SETUP\SYMLT\COMMON\SYMSHARE\CFGWIZ.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCAPP.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCEVTMGR.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCLGVIEW.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCPWDSVC.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCSETMGR.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\NMAIN.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\DCOM98\DCOM98.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\FRE\FREMSI.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\FRE\FREUPDT.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\LIVEREG\LRSETUP.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\LUPDATE\LUSETUP.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\NISTOOLS\ISRLRSTR.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\PROXY\CCPXYMSI\COMMON\SYMSHARE\CCPROXY.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\SEVINST\SEVINST.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\SYMNET\SYMNET\COMMON\SYMSHARE\IDSDEFS\IDSCOLU.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\SYMNET\SYMNET\COMMON\SYMSHARE\IDSDEFS\IDSLU.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\SYMNET\SYMNET\COMMON\SYMSHARE\SNDINST.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SUPPORT\SYMNET\SYMNET\COMMON\SYMSHARE\SNDSRVC.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\firewallnorton\SYMSETUP.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\HPBI.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\HPLocale.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\HPPICT.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\HPRecordNow\src\ENU\Setup.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\HPRecordNow\src\ENU\UM\Setup.exe


----------



## lacourdy (Nov 10, 2006)

Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\KillWind.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\Locale.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\MsgAction.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\RPCOPY.EXE 
Virus:W32/Duel.A Disinfected C:\hp\bin\SendKey.exe 
Virus:W32/Duel.A Disinfected C:\hp\bin\Spawn.exe 
Virus:W32/Duel.A Disinfected C:\hp\drivers\modem_Agere_Sequoia\AGRSMMsg.exe 
Virus:W32/Duel.A Disinfected C:\hp\drivers\video_Intel\hkcmd.exe 
Virus:W32/Duel.A Disinfected C:\hp\drivers\video_Intel\igfxcfg.exe  
Virus:W32/Duel.A Disinfected C:\hp\drivers\video_Intel\igfxdiag.exe 
Virus:W32/Duel.A Disinfected C:\hp\drivers\video_Intel\igfxext.exe 
Virus:W32/Duel.A Disinfected C:\hp\drivers\video_Intel\igfxtray.exe 
Virus:W32/Duel.A Disinfected C:\hp\drivers\video_Intel\igfxzoom.exe 
Virus:W32/Duel.A Disinfected C:\hp\DTIcons\shortcut.exe 
Virus:W32/Duel.A Disinfected C:\hp\DTIcons\warranty\EN\splash.exe 
Virus:W32/Duel.A Disinfected C:\hp\DTIcons\warranty\EN_CA\splash.exe 
Virus:W32/Duel.A Disinfected C:\hp\DTIcons\warranty\EN_US\splash.exe 
Virus:W32/Duel.A Disinfected C:\hp\DTIcons\warranty\runner.exe 
Virus:W32/Duel.A Disinfected C:\hp\KBD\CreateVF.exe 
Virus:W32/Duel.A Disinfected C:\hp\KBD\KBUPDATE.EXE  
Virus:W32/Duel.A Disinfected C:\hp\KBD\RunReg.exe 
Virus:W32/Duel.A Disinfected C:\hp\KBD\STATIC\Common\hpkey.exe 
Virus:W32/Duel.A Disinfected C:\hp\OrgTut\OrgTut.exe 
Virus:W32/Duel.A Disinfected C:\hp\patches\43WW3DVD\src\WinDVD\HP.2CHto8CH.License.DDEX_DPLII.from.4.0x_5.0x.Patch.exe 
Virus:W32/Duel.A Disinfected C:\hp\patches\43WW3DVD\src\WinDVD\Patch\4.0B011.413-19655.DVD4.HP.from.4.x.iUpgrade.exe 
Virus:W32/Duel.A Disinfected C:\hp\patches\43WW3OWN\files\RP\OwnerPatch.exe 
Virus:W32/Duel.A Disinfected C:\hp\PC Tune Up and Repair\maintenance.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\AppRecoveryLink.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\CDLogic.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe  
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\CreatorLink.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\RestoreLink.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\RTCDLink.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\RunLink.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\RunLink_ret.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\SysRecoveryLink.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe 
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\WizardLink.exe  
Virus:W32/Duel.A Disinfected C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe 
Virus:W32/Duel.A Disinfected C:\hp\register\REGINIT.EXE 
Virus:W32/Duel.A Disinfected C:\hp\VINETLINK\autorun.exe 
Virus:W32/Duel.A Disinfected C:\hp\VINETLINK\VINETLINK.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\ABBYY FineReader 5.0 Sprint\Sprint.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\ABBYY FineReader 5.0 Sprint\Support\AInfo.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Adobe\Acrobat 6.0\Reader\Updater\acroaum.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PsaProxy.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0\accdef.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0\aol.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0\aolphx.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0\aoltray.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0\aolwbspd.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0\diskinst.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0\Jiti\real_upd.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0\RBM.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0\shellmon.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0\shellrestart.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0\waol.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0a\accdef.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0a\aol.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0a\aolphx.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0a\aolwbspd.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0a\Jiti\real_upd.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0a\RBM.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0a\shellmon.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0a\shellrestart.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\America Online 9.0a\waol.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Bodog Casino\casino.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Bodog Casino\lbyinst.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Bodog Casino\miniprocess.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\AOL\ACS\acsd.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe


----------



## lacourdy (Nov 10, 2006)

Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\AOL\ACS\fix_vcrt.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\AOL\ACS\ospath.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\aolback\aolback.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\aolback\Comps\rp\rp9codec.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\aolback\Comps\vwpt\VPPrePop.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\aolshare\sysinfo\sinf.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe  
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver2.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\Intuit\Internet Client\Assist.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\Intuit\Internet Client\Msdun13.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2_03-b02\patch-j2re1.4.2_03-b02\patchjre.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOICONS.EXE 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkscal.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\Nullsoft\ActiveX\AOLMediaPlaybackControl.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\Real\Update_OB\realevent.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe  
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Compaq Connections\1940576\Program\NewProbe.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Compaq Instant Support\Presario\XPHNARS4EN\plugin\bin\ContentUpdater.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Compaq Instant Support\Presario\XPHNARS4EN\plugin\bin\PCHButton.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\EA GAMES\The Sims 2\eauninstall.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\EA GAMES\The Sims 2\Sims2_uninst.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\EA GAMES\The Sims 2\Support\EasyInfo.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\EA GAMES\The Sims 2\Support\en-us\go_ez.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\EA GAMES\The Sims 2\Support\EReg.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\EA GAMES\The Sims 2\Support\es\go_ez.exe  
Virus:W32/Duel.A Disinfected C:\Program Files\EA GAMES\The Sims 2\Support\go_ez.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\EA GAMES\The Sims 2\Support\The Sims 2_code.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\EA GAMES\The Sims 2\Support\The Sims 2_uninst.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\EA GAMES\The Sims 2\TSBin\Sims2.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Easy Internet signup\HPSdpApp.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Easy Internet signup\HPUpdater.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Easy Internet signup\ISPSignup.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\FaxTools\Phonebk.exe 
Possible Virus. Not disinfected C:\Program Files\HaxFix\swsc.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\InterMute\PopSubtract\PopSub.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\InterMute\SpamSubtract\SpamSub.exe  
Virus:W32/Duel.A Disinfected C:\Program Files\InterMute\SpySubtract\SpUninst.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\jpicpl32.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\keytool.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\kinit.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\klist.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\ktab.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\orbd.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\policytool.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\rmid.exe  
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\rmiregistry.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\servertool.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\bin\tnameserv.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Java\j2re1.4.2_03\javaws\javaws.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Learn2.com\StRunner\STRunner.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Learn2.com\StRunner\stuninst.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Lexmark 3100 Series\lxbraiox.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Lexmark 3100 Series\lxbrfap.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Lexmark 3100 Series\lxbrvb.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Lexmark 3100 Series\PowerMgr.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Messenger\msmsgs.exe  
Virus:W32/Duel.A Disinfected C:\Program Files\Messenger\msmsgsin.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Plus! Digital Media Edition\Analog Recorder\AnalogRecorder.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\msworks.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\wkfud.exe


----------



## lacourdy (Nov 10, 2006)

Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\wkgdcach.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\wklnckml.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\wkpdfsnf.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\wkplmstp.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\wksab.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\wksdb.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\WksProj.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\wkssb.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\wksss.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\WksWP.exe  
Virus:W32/Duel.A Disinfected C:\Program Files\Microsoft Works\wkwcestp.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\MSN\MSNCoreFiles\copymar.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\MSN\MSNCoreFiles\dw.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\MSN\MSNCoreFiles\msn6.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\MSN\MSNCoreFiles\Setup\msnunin.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\MSN\MSNCoreFiles\update.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\AOL80CA\K660a000a.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\AOL90US\AOLSETUP.EXE 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\AOL90US\comps\rp\rp9codec.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\AOL90US\comps\vwpt\VPPrePop.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\AOLNA\InstallAol.exe  
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\digiterra\ISPSignup.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\MSN90\LaunchMsn.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\PeoplePC\Dll\closeie.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\PeoplePC\System\closeie.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\PeoplePC\System\SetPop3.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\PeoplePC\System\unPPC.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\PeoplePC\Utilities\AtlBrowser.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\PeoplePC\Utilities\DLocations.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\PeoplePC\Utilities\NAVWarn.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\PeoplePC\Utilities\PPCODIAG.exe  
Virus:W32/Duel.A Disinfected C:\Program Files\Online Services\PeoplePC\Utilities\PPCODUN.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PartyGaming\PartyGaming.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PartyGaming\PartyPoker\RunApp.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\DeviceReferenceServer.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDr1394.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDr2D3DVideo.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrAvi.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrCardReader.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PcDrCdDrive.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrCdRw.exe  
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrCMOS.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrCPU.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrDvdDrive.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrDvdMinusRw.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrDvdRamDrive.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrDvdRw.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrFloppy.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PcDrHardDrive.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrKeyboard.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PcDrLSDrive.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrMemory.exe  
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrMicrophone.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrModem.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrMonitor.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrNetwork.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrParallelPort.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrPCCard.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrPCI.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrPrinter.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrSCSI.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrSerialPort.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrSmart.exe  
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrSound.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PcdrSystemBoard.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrUSB.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrWav.exe


----------



## lacourdy (Nov 10, 2006)

Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrWiKeyboard.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PCDrWiMouse.exe 
Virus:W32/Duel.A  Disinfected C:\Program Files\PC-Doctor for Windows\Diagnostics\PcDrZipDrive.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Java\jre\bin\javaw.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Java\jre\bin\jpicpl32.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Pcdrw32.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Services\EventsPublisherServer.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Services\PCDrCMD.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Services\PCDrCmdLn.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Services\PCDrEngine.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Services\PCDrFactory.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\PC-Doctor for Windows\Services\RegRGS.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\QuickTime\PictureViewer.exe 
Virus:W32/Duel.A  Disinfected C:\Program Files\QuickTime\QTInfo.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\QuickTime\QuickTimePlayer.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\QuickTime\QuickTimeUpdater.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Real\RealOne Player\fixrjb.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Real\RealOne Player\realjbox.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Real\RealOne Player\realplay.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Real\RealOne Player\rphelperapp.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Real\RealOne Player\Setup\setup.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\WildTangent\Apps\GameChannel\Notifications\hpwelcome\gamelinks.exe 
Virus:W32/Duel.A Disinfected C:\Program Files\Windows Media Player\wmlaunch.exe 
Virus:W32/Duel.A  Disinfected C:\Program Files\Windows Media Player\wmsetsdk.exe 
Virus:W32/Duel.A Disinfected C:\Python22\Lib\site-packages\Pythonwin\Pythonwin.exe 
Virus:W32/Duel.A Disinfected C:\Python22\Lib\site-packages\win32\PythonService.exe 
Virus:W32/Duel.A Disinfected C:\Python22\Lib\site-packages\win32\win32popenWin9x.exe 
Virus:W32/Duel.A Disinfected C:\Python22\python.exe 
Virus:W32/Duel.A Disinfected C:\Python22\pythonw.exe 
Virus:W32/Duel.A Disinfected C:\Python22\w9xpopen.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\$NtUninstallKB810217$\admin.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\$NtUninstallKB810217$\author.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\$NtUninstallKB810217$\cfgwiz.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\$NtUninstallKB810217$\fpadmcgi.exe 
Virus:W32/Duel.A  Disinfected C:\WINDOWS\$NtUninstallKB810217$\fpcount.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\$NtUninstallKB810217$\fpremadm.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\$NtUninstallKB810217$\shtml.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\$NtUninstallKB810217$\tcptest.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\$NtUninstallKB896358$\hh.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\$NtUninstallKB898458$\orun32.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\CREATOR\CD Creator.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\CREATOR\Remind_XP.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\CREATOR\ToolsCDLauncher.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Help\SBSI\Training\orun32.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Help\SBSI\Training\ounins32_s.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Help\SBSI\Training\usersid.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\I386\DRW\DWWIN.EXE 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\dw15.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARS4EN\plugin\bin\ContentUpdater.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHNARS4EN\plugin\bin\PCHButton.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdiag.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmlaunch.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SMINST\START.EXE 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\admin.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\author.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\cfgwiz.exe


----------



## lacourdy (Nov 10, 2006)

Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\cisvc.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\cliconfg.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\conf.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\cscript.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\csrss.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\dlimport.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\dwwin.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\fpadmcgi.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\fpcount.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\fpremadm.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\fpsrvadm.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\hh.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\icwconn2.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\icwrmind.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\inetwiz.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lang\imjpdct.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lang\imjpdsvr.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lang\imjpinst.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lang\imjpmig.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lang\imjprw.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lang\imjputy.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\migrate.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mnmsrvc.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\odbcad32.exe 
Virus:W32/Duel.A  Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\odbcconf.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\progman.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\setup_wm.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\shtml.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\slrundll.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\slserv.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ss3dfo.scr 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ssflwbox.scr 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sspipes.scr 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sstext3d.scr 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\stub_fpsrvadm.exe 
Virus:W32/Duel.A  Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\stub_fpsrvwin.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcptest.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\unregmp2.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winver.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wmplayer.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscript.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\cliconfg.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\actmovie.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\admin.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\author.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\bootok.exe 
Virus:W32/Duel.A  Disinfected C:\WINDOWS\system32\dllcache\cb32.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\cfgwiz.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\conf.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\cscript.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\csrss.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\dlimport.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\dwwin.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\dxdiag.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\finger.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\fixmapi.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\forcedos.exe 
Virus:W32/Duel.A  Disinfected C:\WINDOWS\system32\dllcache\fpadmcgi.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\fpcount.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\fpremadm.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\hh.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\icwconn2.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\icwrmind.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\inetwiz.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\isignup.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\lodctr.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\lsass.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\mnmsrvc.exe 
Virus:W32/Duel.A  Disinfected C:\WINDOWS\system32\dllcache\msdtc.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\nddeapir.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\odbcad32.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\odbcconf.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\sapisvr.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\setup_wm.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\shtml.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\ss3dfo.scr 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\ssflwbox.scr 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\sspipes.scr 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\sstext3d.scr 
Virus:W32/Duel.A  Disinfected C:\WINDOWS\system32\dllcache\tcptest.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\tourP.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\unlodctr.exe


----------



## lacourdy (Nov 10, 2006)

Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\unregmp2.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\wb32.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\winver.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\wmplayer.exe  
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\dllcache\wscript.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\igfxcfg.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\igfxdiag.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\igfxext.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\igfxtray.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\igfxzoom.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\javaw.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\LEXBCES(2)(2).EXE 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\odbcad32.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\odbcconf.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\pcintro\pcIntro.exe  
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\QuickTime\QTPluginInstaller.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\QuickTime\QuickTimeUpdateHelper.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\hkcmd.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\igfxcfg.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\igfxdiag.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\igfxext.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\igfxtray.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\igfxzoom.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXBCES.EXE 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\spool\drivers\w32x86\3\lexgo.EXE 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LEXBCES.EXE  
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\lexgo.EXE 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRJSWX.EXE 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_3100_seriesf4c2\LXBRPSWX.EXE 
Possible Virus. Not disinfected C:\WINDOWS\system32\swsc.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\URTTemp\regtlib.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\system32\VTuninst.exe 
Virus:W32/Duel.A Disinfected C:\WINDOWS\unvise32qt.exe 
Virus:W32/Duel.A Disinfected D:\Info.exe 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\Bootini.exe 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\csrss.exe 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\DblRes.exe  
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\DskPart.exe 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\Eject.exe 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\FATFMT32.EXE 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\LogViewer.exe 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\lsass.exe 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\odbcad32.exe 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\odbcconf.exe 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\PAGEFILE.EXE 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\RESTORE.EXE 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\RPONOFF.EXE 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\ShutDown.exe  
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\start.exe 
Virus:W32/Duel.A Disinfected D:\MiniNT\system32\OwnerPatch.exe 
Virus:W32/Duel.A Disinfected D:\I386\DRW\DWWIN.EXE 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\Bootini.exe 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\DblRes.exe 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\DskPart.exe 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\Eject.exe 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\FATFMT32.EXE 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\LogViewer.exe 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\PAGEFILE.EXE 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\RESTORE.EXE  
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\RPONOFF.EXE 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\ShutDown.exe 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\csrss.exe 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\lsass.exe 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\odbcad32.exe 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\odbcconf.exe 
Virus:W32/Duel.A Disinfected D:\I386\SYSTEM32\start.exe 
Virus:W32/Duel.A Disinfected D:\hp\patches\43WW3DVD\src\WinDVD\HP.2CHto8CH.License.DDEX_DPLII.from.4.0x_5.0x.Patch.exe 
Virus:W32/Duel.A Disinfected D:\hp\patches\43WW3DVD\src\WinDVD\Patch\4.0B011.413-19655.DVD4.HP.from.4.x.iUpgrade.exe 
Virus:W32/Duel.A Disinfected D:\hp\patches\43WW3OWN\files\RP\OwnerPatch.exe


----------



## lacourdy (Nov 10, 2006)

I just copy and pasted them and they are in order. Didn't miss any. After you look these over just let me know what to do next. Thanks again.


----------



## lacourdy (Nov 10, 2006)

Just looking for cheeseball81.


----------



## lacourdy (Nov 10, 2006)

Nice to see you again cheeseball81.


----------



## Cheeseball81 (Mar 3, 2004)

Well pretty much all of them were disinfected so that is good.

Please *download* the *Killbox by Option^Explicit*.

*Note*:* In the event you already have Killbox, this is a new version that I need you to download*.

 *Save* it to your *desktop*.
 Please double-click *Killbox.exe* to run it.
 Select:
*Delete on Reboot*
 then *Click* on the *All Files* button.

Please *copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*c:\windows\rzs.exe 
C:\WINDOWS\system32\swsc.exe
*

 Return to Killbox, go to the *File* menu, and choose *Paste from Clipboard*.

Click the red-and-white *Delete File* button. Click *Yes* at the Delete on Reboot prompt. Click *OK* at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

_*If your computer does not restart automatically, please restart it manually*_.

_If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again._


----------



## lacourdy (Nov 10, 2006)

I did what you said, and restarted it without a problem. No messages came up.


----------



## Cheeseball81 (Mar 3, 2004)

Post one more Hijack This log


----------



## blkwlnt64 (Mar 28, 2005)

Users level of Java very old.


----------



## lacourdy (Nov 10, 2006)

Here is my latest hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 7:09:09 PM, on 11/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ptd.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163545134906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe


----------



## Cheeseball81 (Mar 3, 2004)

How are things now


----------



## lacourdy (Nov 10, 2006)

Do you see anything wrong with this latest hjt log file, cheeseball81?


----------



## lacourdy (Nov 10, 2006)

It's a little better. Did we get rid of everything that you can tell of?


----------



## Cheeseball81 (Mar 3, 2004)

Everything seems to look fine now.


----------



## blkwlnt64 (Mar 28, 2005)

Except level of Java.


----------



## Cheeseball81 (Mar 3, 2004)

Yeah, that should be updated


----------

