Help - Search - Members - Calendar
Full Version: Help needed. HijackThis Log.
Lavasoft Support Forums > HELP! My computer is infected! What should I do? > Help with Stubborn Infections - HijackThis Logs go here
hurray
Oct 13 2009, 01:45 PM
Hi, I have ran a Lavasoft scan with the latest Lavasoft Anniversary Plus edition with newest definition files. It detected some trojans and deleted them but the trojans keep showing up.
So I have now run a hijack this and below is the log. Can an expert please tell me what is wrong and which program got installed in my computer that is generating these trojans constantly?
Thanks.
Prad

-----------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:28 PM, on 10/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AOLbox\Gateway\wlancfg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_E...l_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccevtmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccpwdsvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (defwatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (savroam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (sndsrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (spbbcsvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus (symantec antivirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\AOLbox\Gateway\wlancfg.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 13172 bytes
LS CalamityJane
Oct 13 2009, 05:44 PM
The HijackThis log is helpful and shows a few stragglers in the registry but I really need more diagnotics to be sure what steps to take next.

Upload the log file of the last Ad-aware scan please for review. It's important for me to see the details of what it is finding and where.

Ad-Aware Log files are located in the following location on your PC:
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Scan_<date information>.log

To upload the file as an attachment to your reply here, click on the Browse button within your post, navigate to the log file's location, select the file then click the green UPLOAD button.
OR
Simply open the log file (which is a text file) and copy and paste the text from the log into your next reply.
....
Next, let's generate a report the following free tool called ComboFix by sUBs

Download ComboFix from here:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Click to view attachment

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click to view attachment

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it at least 20-30 minutes to finish if needed.
hurray
Oct 13 2009, 08:46 PM
Hi Jane,
Thanks for your suggestions. I have fully followed them and here are the two logs from Lavasoft and Combofix.

Lavasoft scan log:


MSG [38760] 2009/10/13 19:25:32: Configure new scan with profile: full
MSG [38760] 2009/10/13 19:25:32: -> scanning critical objects
MSG [38760] 2009/10/13 19:25:32: -> scanning running processes
MSG [38760] 2009/10/13 19:25:32: -> scanning registry
MSG [38760] 2009/10/13 19:25:32: -> scanning lsp
MSG [38760] 2009/10/13 19:25:32: -> scanning ads
MSG [38760] 2009/10/13 19:25:32: -> scanning hosts file
MSG [38760] 2009/10/13 19:25:32: -> scanning mru objects
MSG [38760] 2009/10/13 19:25:32: -> scanning browser hijacks
MSG [38760] 2009/10/13 19:25:32: -> scanning cookies
MSG [38760] 2009/10/13 19:25:32: -> neutralizing rootkits
MSG [38760] 2009/10/13 19:25:32: -> use spyware heuristics
MSG [38760] 2009/10/13 19:25:32: -> use extended engine (avira + heuristics)
MSG [38760] 2009/10/13 19:25:32: -> use mild heuristics for extended engine
MSG [38760] 2009/10/13 19:25:32: -> scan archives
MSG [38760] 2009/10/13 19:25:32: -> file size limit = 20480 kB (0 = unlimited)
MSG [38760] 2009/10/13 19:25:32: -> scan file/path = C:\
MSG [38760] 2009/10/13 19:25:32: -> scan file/path = D:\
MSG [31688] 2009/10/13 20:44:40: Scan was completed in 4747 seconds
MSG [31688] 2009/10/13 20:44:40: Objects processed: 117388, infections detected: 104
MSG [119636] 2009/10/13 20:58:32: Remediating 104 infections
MSG [119636] 2009/10/13 21:00:03: Infections quarantined: 0, removed: 104, repaired: 0
MSG [119636] 2009/10/13 21:00:03: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped).
MSG [38760] 2009/10/13 21:00:05: Dumping scan report:
>>> Logfile created: 10/13/2009 19:25:32
>>> Lavasoft Ad-Aware version: 8.0.8
>>> Extended engine version: 8.1
>>> User performing scan: Virginie Novo
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 149.70
>>> Extended engine definition file: 8.1
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Full Scan (ID: full)
>>> Objects scanned: 117388
>>> Objects detected: 104
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 88
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 16
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Removed items:
>>> Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
>>> Description: *pointroll* Family Name: Cookies Clean status: Success Item ID: 408826 Family ID: 0
>>> Description: *ads.pointroll* Family Name: Cookies Clean status: Success Item ID: 408927 Family ID: 0
>>> Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
>>> Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
>>> Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
>>> Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
>>> Description: *weborama* Family Name: Cookies Clean status: Success Item ID: 408955 Family ID: 0
>>> Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
>>> Description: *questionmarket* Family Name: Cookies Clean status: Success Item ID: 408819 Family ID: 0
>>> Description: *server.iad.liveperson* Family Name: Cookies Clean status: Success Item ID: 409131 Family ID: 0
>>> Description: *statse.webtrends* Family Name: Cookies Clean status: Success Item ID: 408803 Family ID: 0
>>> Description: *webtrendslive* Family Name: Cookies Clean status: Success Item ID: 408954 Family ID: 0
>>> Description: *.webtrendslive* Family Name: Cookies Clean status: Success Item ID: 409033 Family ID: 0
>>> Description: *statse.webtrendslive* Family Name: Cookies Clean status: Success Item ID: 409269 Family ID: 0
>>> Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Tempaa9zc.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\2muynrh.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\7t0irqu.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\8s4ojr5.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\9xqwezv.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\a5atmx2.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\ab3bq7u.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\c6j07x7.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\cuxfb3k.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\dva7ht3.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\gdr91vp.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\gjs7r7m.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\ir45gfq.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\j512qi0.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\jxtw680.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\krsls2u.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\o6udrar.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\ufx5zcq.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\wkcrnef.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\wo8uhk2.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\xftvfhj.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\z5b630d.tmp Family Name: HTML/Dldr.Agent.axc Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Tempsc70tj.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\14ncgyu.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\1k886uc.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\1q82uq5.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\4cf79qt.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\4v6iuix.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\5cq3nde.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\5reoerv.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\62h1r57.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\6toq0av.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\7y4xtpd.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\8oktxu2.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\8xg7s62.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\94qfuja.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\958wym8.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\9j4ntj9.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\a2nqj4i.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\aa970ma.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\b0bi1xj.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\b1ntq9h.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\b5btm0c.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\cv84qrz.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\d2gkz1w.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\dkiskh6.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\dsvb89u.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\ebxy4ss.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\ejjiwan.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\fax94bv.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\fwzet6k.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\g0qc27n.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\glzvjdt.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\hievavh.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\ib2bi6o.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\ict8zm0.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\in7o7p0.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\jurf2wm.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\k8lu6m5.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\khu21m0.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\l7ld8kl.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\lm006nt.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\lwcam6z.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\mq80nro.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\n61hd1v.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\neflv56.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\nfnqr23.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\o5vma9q.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\olvqx1d.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\pheimxb.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\pp43k11.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\qaov6ft.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\r0x0exw.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\r2bjgzz.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\rss9d8z.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\ujgmobr.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\wigijlj.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\x0buxnv.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\xfrkm8z.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\xvflqkt.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\y01fp9h.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\ykow57y.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\ypd7f21.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\yylvp7q.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\zr78m02.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\zrvixe9.tmp Family Name: HTML/Infected.WebPage.Gen Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\oux282z.tmp Family Name: JS/Dldr.Agent.dwg Clean status: Success Item ID: 0 Family ID: 0
>>> Description: C:\Documents and Settings\Virginie Novo\Local Settings\Temp\zd3lghu.tmp Family Name: JS/Dldr.Agent.dwg Clean status: Success Item ID: 0 Family ID: 0
>>>
>>> Scan and cleaning complete: Finished correctly after 4747 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: full, enabled:1, value: Full Scan
>>> ID: scancriticalareas, enabled:1, value: true
>>> ID: scanrunningapps, enabled:1, value: true
>>> ID: scanregistry, enabled:1, value: true
>>> ID: scanlsp, enabled:1, value: true
>>> ID: scanads, enabled:1, value: true
>>> ID: scanhostsfile, enabled:1, value: true
>>> ID: scanmru, enabled:1, value: true
>>> ID: scanbrowserhijacks, enabled:1, value: true
>>> ID: scantrackingcookies, enabled:1, value: true
>>> ID: closebrowsers, enabled:1, value: false
>>> ID: folderstoscan, enabled:1, value: C:\,D:\
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: extendedengine, enabled:1, value: true
>>> ID: useheuristics, enabled:1, value: true
>>> ID: heuristicslevel, enabled:1, value: mild, domain: medium,mild,strict
>>> ID: filescanningoptions, enabled:1
>>> ID: scanrootkits, enabled:1, value: true
>>> ID: archives, enabled:1, value: true
>>> ID: onlyexecutables, enabled:1, value: false
>>> ID: skiplargerthan, enabled:1, value: 20480
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>> ID: addtocontextmenu, enabled:1, value: true
>>> ID: playsoundoninfection, enabled:1, value: false
>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> ID: dailyscan, enabled:1, value: DailyScan
>>> ID: time, enabled:1, value: Sun Oct 11 12:00:00 2009
>>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value: full
>>> ID: auto_deal_with_infections, enabled:1, value: true
>>>
>>> Update settings:
>>> ID: updates, enabled:1
>>> ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
>>> ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: schedules, enabled:1, value: true
>>> ID: updatedaily, enabled:1, value: Daily
>>> ID: time, enabled:1, value: Sun Oct 11 00:19:00 2009
>>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>> ID: updateweekly, enabled:1, value: Weekly
>>> ID: time, enabled:1, value: Sun Oct 11 00:19:00 2009
>>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: true
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: true
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>>
>>> Appearance settings:
>>> ID: appearance, enabled:1
>>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
>>> ID: showtrayicon, enabled:1, value: true
>>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
>>>
>>> Realtime protection settings:
>>> ID: realtime, enabled:1
>>> ID: processprotection, enabled:1, value: true
>>> ID: registryprotection, enabled:1, value: true
>>> ID: networkprotection, enabled:0, value: false
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: extendedengine, enabled:1, value: true
>>> ID: useheuristics, enabled:1, value: true
>>> ID: heuristicslevel, enabled:1, value: strict, domain: medium,mild,strict
>>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
>>>
>>>
>>> ****************************** System information ******************************
>>> Computer name: VIRGINIE
>>> Processor name: Genuine Intel® CPU T2050 @ 1.60GHz
>>> Processor identifier: x86 Family 6 Model 14 Stepping 8
>>> Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3592, number of processors 2
>>> Physical memory available: 403251200 bytes
>>> Physical memory total: 1063641088 bytes
>>> Virtual memory available: 1854058496 bytes
>>> Virtual memory total: 2147352576 bytes
>>> Memory load: 62%
>>> Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
>>> Windows startup mode:
>>>
>>> Running processes:
>>> PID: 768 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1448 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1472 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1520 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1532 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1688 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1756 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1796 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1880 name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1944 name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1988 name: C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 168 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 336 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 464 name: C:\WINDOWS\Explorer.EXE owner: Virginie Novo domain: VIRGINIE
>>> PID: 584 name: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 632 name: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 992 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1092 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 1132 name: C:\Program Files\Symantec AntiVirus\DefWatch.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1244 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1316 name: C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1392 name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1536 name: C:\Program Files\Spyware Doctor\pctsAuxs.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1820 name: C:\Program Files\Spyware Doctor\pctsSvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 184 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 236 name: C:\Program Files\Spyware Doctor\pctsTray.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 180 name: C:\Program Files\Symantec AntiVirus\Rtvscan.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 320 name: C:\Program Files\Viewpoint\Common\ViewpointService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 492 name: C:\Program Files\AOLbox\Gateway\wlancfg.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2972 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3240 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 3404 name: C:\WINDOWS\stsystra.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 3708 name: C:\Program Files\Dell\QuickSet\quickset.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 3788 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 3860 name: C:\Program Files\Dell\Media Experience\PCMService.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 4000 name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 1032 name: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 2204 name: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 3232 name: C:\WINDOWS\system32\LVCOMSX.EXE owner: Virginie Novo domain: VIRGINIE
>>> PID: 3288 name: C:\Program Files\Logitech\Video\LogiTray.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 3744 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 3980 name: C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 1384 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 1308 name: C:\Program Files\Common Files\Symantec Shared\ccApp.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 2868 name: C:\PROGRA~1\SYMANT~1\VPTray.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 3064 name: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 1436 name: C:\WINDOWS\system32\ctfmon.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 2108 name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 2452 name: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2468 name: C:\Program Files\Logitech\Video\FxSvr2.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 2484 name: C:\Program Files\3M\PSNLite\PsnLite.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 3612 name: C:\PROGRA~1\3M\PSNLite\PSNGive.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 700 name: C:\Program Files\Windows Live\Contacts\wlcomm.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 148600 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 74900 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 144276 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Virginie Novo domain: VIRGINIE
>>> PID: 2884 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 41444 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 49988 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Virginie Novo domain: VIRGINIE
>>>
>>> Startup items:
>>> Name: PostBootReminder
>>> imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
>>> Name: CDBurn
>>> imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
>>> Name: WebCheck
>>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
>>> Name: SysTray
>>> imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
>>> Name: WPDShServiceObj
>>> imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
>>> Name: CTFMON.EXE
>>> imagepath: C:\WINDOWS\system32\CTFMON.EXE
>>> Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
>>> imagepath: Browseui preloader
>>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
>>> imagepath: Component Categories cache daemon
>>> Name: SigmatelSysTrayApp
>>> imagepath: stsystra.exe
>>> Name: Dell QuickSet
>>> imagepath: C:\Program Files\Dell\QuickSet\quickset.exe
>>> Name: SynTPEnh
>>> imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
>>> Name: PCMService
>>> imagepath: "C:\Program Files\Dell\Media Experience\PCMService.exe"
>>> Name: ISUSPM Startup
>>> imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
>>> Name: ISUSScheduler
>>> imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
>>> Name: MSKDetectorExe
>>> imagepath: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
>>> Name: IntelZeroConfig
>>> imagepath: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
>>> Name: IntelWireless
>>> imagepath: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
>>> Name: LVCOMSX
>>> imagepath: C:\WINDOWS\system32\LVCOMSX.EXE
>>> Name: LogitechVideoRepair
>>> imagepath: C:\Program Files\Logitech\Video\ISStart.exe
>>> Name: LogitechVideoTray
>>> imagepath: C:\Program Files\Logitech\Video\LogiTray.exe
>>> Name: SunJavaUpdateSched
>>> imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
>>> Name: ISTray
>>> imagepath: "C:\Program Files\Spyware Doctor\pctsTray.exe"
>>> Name: dellsupportcenter
>>> imagepath: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
>>> Name: igfxtray
>>> imagepath: C:\WINDOWS\system32\igfxtray.exe
>>> Name: igfxhkcmd
>>> imagepath: C:\WINDOWS\system32\hkcmd.exe
>>> Name: igfxpers
>>> imagepath: C:\WINDOWS\system32\igfxpers.exe
>>> Name: QuickTime Task
>>> imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
>>> Name: TkBellExe
>>> imagepath: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
>>> Name: ccApp
>>> imagepath: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
>>> Name: vptray
>>> imagepath: C:\PROGRA~1\SYMANT~1\VPTray.exe
>>> Name: Ad-Watch
>>> imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
>>> Name:
>>> imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
>>> Name:
>>> location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
>>> imagepath: C:\Program Files\3M\PSNLite\PsnLite.exe
>>>
>>> Bootexecute items:
>>> Name:
>>> imagepath: autocheck autochk *
>>> Name:
>>> imagepath: lsdelete
>>>
>>> Running services:
>>> Name: ALG
>>> displayname: Application Layer Gateway Service
>>> Name: AudioSrv
>>> displayname: Windows Audio
>>> Name: ccevtmgr
>>> displayname: Symantec Event Manager
>>> Name: ccsetmgr
>>> displayname: Symantec Settings Manager
>>> Name: CryptSvc
>>> displayname: Cryptographic Services
>>> Name: DcomLaunch
>>> displayname: DCOM Server Process Launcher
>>> Name: defwatch
>>> displayname: Symantec AntiVirus Definition Watcher
>>> Name: Dhcp
>>> displayname: DHCP Client
>>> Name: Dnscache
>>> displayname: DNS Client
>>> Name: ERSvc
>>> displayname: Error Reporting Service
>>> Name: Eventlog
>>> displayname: Event Log
>>> Name: EventSystem
>>> displayname: COM+ Event System
>>> Name: EvtEng
>>> displayname: Intel® PROSet/Wireless Event Log
>>> Name: FastUserSwitchingCompatibility
>>> displayname: Fast User Switching Compatibility
>>> Name: helpsvc
>>> displayname: Help and Support
>>> Name: HidServ
>>> displayname: HID Input Service
>>> Name: JavaQuickStarterService
>>> displayname: Java Quick Starter
>>> Name: lanmanserver
>>> displayname: Server
>>> Name: lanmanworkstation
>>> displayname: Workstation
>>> Name: lavasoft ad-aware service
>>> displayname: lavasoft ad-aware service
>>> Name: LmHosts
>>> displayname: TCP/IP NetBIOS Helper
>>> Name: Netman
>>> displayname: Network Connections
>>> Name: NICCONFIGSVC
>>> displayname: NICCONFIGSVC
>>> Name: Nla
>>> displayname: Network Location Awareness (NLA)
>>> Name: PlugPlay
>>> displayname: Plug and Play
>>> Name: PolicyAgent
>>> displayname: IPSEC Services
>>> Name: ProtectedStorage
>>> displayname: Protected Storage
>>> Name: RasMan
>>> displayname: Remote Access Connection Manager
>>> Name: RegSrvc
>>> displayname: Intel® PROSet/Wireless Registry Service
>>> Name: RpcSs
>>> displayname: Remote Procedure Call (RPC)
>>> Name: S24EventMonitor
>>> displayname: Intel® PROSet/Wireless Service
>>> Name: SamSs
>>> displayname: Security Accounts Manager
>>> Name: Schedule
>>> displayname: Task Scheduler
>>> Name: sdAuxService
>>> displayname: PC Tools Auxiliary Service
>>> Name: sdCoreService
>>> displayname: PC Tools Security Service
>>> Name: seclogon
>>> displayname: Secondary Logon
>>> Name: SENS
>>> displayname: System Event Notification
>>> Name: SharedAccess
>>> displayname: Windows Firewall/Internet Connection Sharing (ICS)
>>> Name: ShellHWDetection
>>> displayname: Shell Hardware Detection
>>> Name: Spooler
>>> displayname: Print Spooler
>>> Name: SSDPSRV
>>> displayname: SSDP Discovery Service
>>> Name: stisvc
>>> displayname: Windows Image Acquisition (WIA)
>>> Name: symantec antivirus
>>> displayname: symantec antivirus
>>> Name: TapiSrv
>>> displayname: Telephony
>>> Name: TermService
>>> displayname: Terminal Services
>>> Name: Themes
>>> displayname: Themes
>>> Name: TrkWks
>>> displayname: Distributed Link Tracking Client
>>> Name: Viewpoint Manager Service
>>> displayname: Viewpoint Manager Service
>>> Name: w32time
>>> displayname: Windows Time
>>> Name: WebClient
>>> displayname: WebClient
>>> Name: winmgmt
>>> displayname: Windows Management Instrumentation
>>> Name: Wlancfg
>>> displayname: Service de lancement de WlanCfg
>>> Name: WLANKEEPER
>>> displayname: Intel® PROSet/Wireless SSO Service
>>> Name: wscsvc
>>> displayname: Security Center
>>>
>>>



ComboFix Log:


ComboFix 09-10-13.01 - Virginie Novo 10/13/2009 21:15.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.544 [GMT 2:00]
Running from: c:\documents and settings\Virginie Novo\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\rasadhlp.dll
c:\windows\Temp\79459007.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-11 01:54 . 2009-10-10 22:18 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-10 22:19 . 2009-10-10 22:18 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-10 22:04 . 2009-10-10 22:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-10-10 02:21 . 2009-10-13 19:23 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-09 19:27 . 2005-05-13 17:50 91856 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-09 19:27 . 2005-05-13 17:50 123488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-09 11:10 . 2009-10-09 11:11 -------- d-----w- C:\VirusScan
2009-10-09 10:02 . 2009-10-09 10:02 -------- d-----w- c:\program files\NortonInstaller
2009-10-09 10:02 . 2009-10-09 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-08 16:50 . 2009-10-08 16:50 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-08 07:56 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-08 07:56 . 2009-06-29 16:12 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-09-28 05:27 . 2009-09-28 05:27 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-28 05:27 . 2009-09-28 05:27 -------- d-----w- c:\program files\real
2009-09-21 19:08 . 2009-10-04 07:10 -------- d-----w- C:\ANGLAIS
2009-09-14 06:40 . 2009-09-14 06:40 -------- d-sh--w- c:\documents and settings\Virginie Novo\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 19:27 . 2007-11-09 14:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-13 07:57 . 2007-09-01 12:31 -------- d-----w- c:\program files\Spyware Doctor
2009-10-12 20:31 . 2007-09-01 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-11 17:34 . 2009-08-05 08:53 -------- d-----w- c:\documents and settings\Virginie Novo\Application Data\uTorrent
2009-10-11 07:02 . 2008-12-31 10:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-11 03:56 . 2008-12-31 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-11 01:54 . 2008-10-10 22:12 -------- d-----w- c:\program files\Norton Security Scan
2009-10-10 22:04 . 2008-12-31 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-10 22:04 . 2006-08-05 17:24 -------- d-----w- c:\program files\Lavasoft
2009-10-10 02:22 . 2006-07-21 00:42 -------- d-----w- c:\program files\Symantec
2009-10-10 02:22 . 2006-07-21 00:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-10 02:21 . 2006-07-21 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-08 07:38 . 2009-09-10 09:47 16883056 ----a-w- C:\IE8-WindowsXP-x86-ENU.exe
2009-09-28 05:28 . 2006-07-21 00:37 -------- d-----w- c:\program files\Common Files\Real
2009-09-10 06:45 . 2007-09-28 18:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 18:00 . 2009-09-04 18:00 -------- d-----w- c:\documents and settings\Virginie Novo\Application Data\Media Player Classic
2009-09-01 18:55 . 2009-09-01 18:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-30 21:30 . 2006-07-21 00:30 -------- d-----w- c:\program files\Dell
2009-08-15 12:20 . 2008-02-04 10:44 -------- d-----w- c:\program files\Dell Support Center
2009-08-15 12:19 . 2008-01-24 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-08-12 20:27 . 2006-08-02 23:34 57072 ----a-w- c:\documents and settings\Virginie Novo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2007-04-12 20:26 . 2007-04-12 20:26 832786 ----a-w- c:\program files\SopCastOcx.zip
2006-12-13 16:03 . 2007-12-22 18:32 6653000 ----a-w- c:\program files\winamp532_full_emusic-7plus.exe
2006-10-27 11:31 . 2006-10-27 11:27 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe
2006-08-02 23:35 . 2006-08-02 23:20 88 --sh--r- c:\windows\system32\6214BC5F6D.sys
2006-08-02 23:35 . 2006-08-02 23:20 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-01 68856]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-28 198160]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-10 520024]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Virginie Novo\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Virginie Novo\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/11/2009 12:19 AM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/18/2009 10:35 PM 130936]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 9:06 PM 1028432]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/16/2008 10:38 PM 348752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/25/2007 5:09 PM 24652]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [10/10/2009 4:27 AM 102448]
S1 82633615;82633615;c:\windows\system32\drivers\82633615.sys --> c:\windows\system32\drivers\82633615.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11/19/2008 10:27 AM 16512]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/1/2007 2:26 PM 29744]
S3 savroam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 7:27 PM 124608]
S4 .nehwarrviau;.nehwarrviau; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilRebootDrv
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-10-13 c:\windows\Tasks\Ad-Aware Scan (DailyScan).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:18]

2009-10-10 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:18]

2009-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 12:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.fr/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-igfxtray - c:\windows\system32\igfxtray.exe
HKLM-Run-igfxhkcmd - c:\windows\system32\hkcmd.exe
HKLM-Run-igfxpers - c:\windows\system32\igfxpers.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 21:26
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2208)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\AOLbox\Gateway\WLANCFG.EXE
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-13 21:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 19:37

Pre-Run: 13,975,908,352 bytes free
Post-Run: 14,377,353,216 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

215 --- E O F --- 2009-09-11 20:11



I will be waiting for your further suggestion.
Thank you in advance.
Prad

LS CalamityJane
Oct 13 2009, 10:02 PM
Thanks for the logs. I'm not seeing any active infection remaining but let's do a free online AV scan just to double check.

Go here: http://www.eset.com/onlinescan to run an online scannner from ESET.
[list]
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, along with a new HijackThis log & a description of any remaining problems
hurray
Oct 14 2009, 08:55 AM
Hi here is the log from ESET scanner:
-----------------------------------------------------------------------------------------

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=7.00.6000.16876 (vista_gdr.090625-2339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=57012479794e2545bfa9ea992a3a92b7
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-10-14 07:45:37
# local_time=2009-10-14 09:45:37 (+0100, Romance Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3585 63 50 0 0
# scanned=65704
# found=1
# cleaned=1
# scan_time=5896
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\rasadhlp.dll.vir a variant of Win32/Delf.NNT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C





And the new log from Hijackthis.
-----------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:57 AM, on 10/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AOLbox\Gateway\wlancfg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_E...l_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccevtmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccpwdsvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (defwatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (savroam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (sndsrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (spbbcsvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus (symantec antivirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\AOLbox\Gateway\wlancfg.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12678 bytes



Thank you.
Prad
LS CalamityJane
Oct 14 2009, 01:47 PM
Very good smile.gif It only found the one file already in quarantine so nothing new there.

How is your machine acting at this point?
hurray
Oct 16 2009, 07:27 PM
Hi,

My Symantec Anti Virus as well as Ad-aware are finding tons of viruses.
I have them scheduled to run a scan everyday at a certain time, and when they are done, there are many files they find that they list as threats. Surely, I get them either quarantined or deleted, but then again next day, they find some more of them.

Do you have any idea what is going on, and what is generating these threats?

Thanks.
Prad
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.