My Hijackthis Log For Review[RESOLVED]

magicsdevil · April 22, 2008

I have tons of popups and almost all of the web pages I try to go on won't load. The only way I can really get anywhere is by manually typing in a URL. The computer is really slow, too.

I use Windows XP on my desktop.

Here is my first hijackthis log.... thanks!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:11, on 2008-04-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Documents and Settings\dcomito\lsass.exe

C:\windows\system32\jrwnw64m.exe

C:\WINDOWS\System32\Rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

C:\Program Files\nvcoi\nvcoi.exe

C:\Program Files\JavaCore\JavaCore.exe

C:\Documents and Settings\dcomito\Application Data\SpeedRunner\SpeedRunner.exe

C:\Documents and Settings\dcomito\Application Data\Microsoft\Windows\gvrbrm.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Documents and Settings\dcomito\Desktop\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\scntskdn.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\dcomito\lsass.exe

O4 - HKLM\..\Run: [{20-09-98-8B-DW}] C:\windows\system32\jrwnw64m.exe DWram

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{a584bf79-1b32-0c42-3a0a-9ebe95ff9876}.dll" DllInit

O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\scntskdn.exe DWram

O4 - HKLM\..\Run: [94120924] rundll32.exe "C:\WINDOWS\system32\dcectnpd.dll",b

O4 - HKLM\..\Run: [bM97213ab8] Rundll32.exe "C:\WINDOWS\system32\ddlygjcy.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [TamaDcu] C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

O4 - HKCU\..\Run: [Vxsu] "C:\Documents and Settings\dcomito\My Documents\s?stem\m?iexec.exe"

O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe

O4 - HKCU\..\Run: [ffki] C:\PROGRA~1\COMMON~1\ffki\ffkim.exe

O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe

O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe

O4 - HKCU\..\Run: [speedRunner] C:\Documents and Settings\dcomito\Application Data\SpeedRunner\SpeedRunner.exe

O4 - HKCU\..\Run: [sfKg6wIP] C:\Documents and Settings\dcomito\Application Data\Microsoft\Windows\gvrbrm.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Documents and Settings\dcomito\Desktop\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Startup: AutoClick.lnk = C:\Program Files\AutoClick\AutoClick.exe

O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scntskdn.exe

O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jrwnw64m.exe

O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Search - ?p=ZNxmk762YYUS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Get all flash - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra 'Tools' menuitem: &Super Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\Program Files\Super Flash Player Manager\source.html

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.toontown.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab

O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096149243552

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/ballistik...gwebinstall.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.37/ttinst.cab

O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab

O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.dotphoto.com/XUpload.ocx

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326

O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.18...est/tt_test.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{507F3853-9B5C-4D4A-9892-641A37F32119}: NameServer = 192.168.1.1

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 12889 bytes

rmurphy · April 22, 2008

Hi there, and welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

-Ryan

magicsdevil · April 23, 2008

MALWAREBYTES' LOG

Malwarebytes' Anti-Malware 1.11

Database version: 672

Scan type: Full Scan (C:\|)

Objects scanned: 315577

Time elapsed: 1 hour(s), 56 minute(s), 40 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 2

Registry Keys Infected: 29

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 7

Files Infected: 137

Memory Processes Infected:

c:\documents and settings\dcomito\application data\speedrunner\speedrunner.exe (Adware.SurfAccuracy) -> Unloaded process successfully.

C:\WINDOWS\system32\rwwnw64d.exe (Adware.ZeroSearch) -> Unloaded process successfully.

C:\WINDOWS\system32\scntskdn.exe (Adware.ZeroSearch) -> Unloaded process successfully.

Memory Modules Infected:

c:\WINDOWS\system32\{a584bf79-1b32-0c42-3a0a-9ebe95ff9876}.dll (Adware.Rotator) -> Unloaded module successfully.

c:\WINDOWS\system32\myss_sb.dll (Adware.BHO) -> Unloaded module successfully.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{a369a318-2ea7-d1ec-8728-234dbe3679ad} (Adware.Rotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a369a318-2ea7-d1ec-8728-234dbe3679ad} (Adware.Rotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63ab48c9-01a8-495c-8194-a715db8a37a2} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\xInsIDE (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spa_start (Adware.Rotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{20-09-98-8B-DW} (Adware.ZeroSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Adware.ZeroSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Inet_Get_2 (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\axV (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ExTmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\IDE2 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pinz1 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bharebio18 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\Application Data\speedrunner (Adware.SurfAccuracy) -> Delete on reboot.

Files Infected:

c:\WINDOWS\system32\{a584bf79-1b32-0c42-3a0a-9ebe95ff9876}.dll (Adware.Rotator) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\myss_sb.dll (Adware.BHO) -> Delete on reboot.

c:\documents and settings\dcomito\application data\speedrunner\speedrunner.exe (Adware.SurfAccuracy) -> Delete on reboot.

C:\WINDOWS\system32\rwwnw64d.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\scntskdn.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\csrss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\ctfmon.exe (BackDoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\lsass.exe (BackDoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\ffki\ffkid\class-barrel (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\ffki\ffkid\vocabulary (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\onoes.exe.vir (Worm.Alcra) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\smss.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Documents and Settings\dcomito\Application Data\WinTouch\WTUninstaller.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\CPV\CPV8.dll.vir (Adware.Bestrevenue) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\Drmupgds\Drmupgds.exe.vir (Trojan.Stars) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir (Trojan.Insider) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\nvcoi\nvcoi.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir (Trojan.Winpop) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\b116.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\mrofinu72.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir (Malware.Trace) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\ahuuxrcm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\alaot.dll.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\kinufvaa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\yqwnglyp.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP595\A0240279.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP595\A0240283.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP597\A0242291.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP597\A0242294.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP597\A0242295.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0245294.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0245313.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0246315.exe (Trojan.Delf) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0246323.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0246325.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0246326.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0246328.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0247307.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP598\A0247311.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP616\A0279637.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP621\A0284906.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP622\A0286932.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP624\A0294937.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP630\A0298933.exe (Worm.Alcra) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP630\A0298937.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP630\A0298940.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP631\A0298950.exe (Trojan.Winpop) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP631\A0298959.exe (Worm.Alcra) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP631\A0298961.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP631\A0298962.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP631\A0298963.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP631\A0298966.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP660\A0311425.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311474.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311475.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311478.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311479.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311482.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311483.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311493.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0311494.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0312493.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0312494.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0313494.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0313495.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0314494.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0314495.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0314497.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0314501.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0315485.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0315486.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0315496.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0315497.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316494.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316495.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316496.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316498.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316499.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316502.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0316505.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP663\A0317486.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0322643.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0322645.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0324651.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0324652.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0324653.exe (Trojan.Insider) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0324654.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0324655.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP665\A0324656.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP666\A0329661.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP666\A0333672.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP666\A0333856.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP666\A0333858.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP668\A0335127.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP668\A0335128.dll (Adware.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP668\A0335132.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0337673.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0337677.dll (AdWare.CommAd) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0337678.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0337679.exe (AdWare.CommAd) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0337680.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0337681.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP669\A0338684.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353809.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353810.dll (Adware.Bestrevenue) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353811.exe (Trojan.Insider) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353815.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353818.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353819.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{1C04F5DC-62B5-43A2-894E-E910852E2F2C}\RP673\A0353824.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\b138.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\b155.exe_old (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\b157.exe_old (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jownw64k.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jrwnw64m.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LC1FA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcntpkdn.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\_{a584bf79-1b32-0c42-3a0a-9ebe95ff9876}.dll (Adware.Rotator) -> Delete on reboot.

C:\WINDOWS\system32\axV\retmwav3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bharebio18\bharebio182328.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\IDE2\mdllcom2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pinz1\cegmgr76.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gebbyvvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljjhgdcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\Start Menu\Programs\Startup\Deewoo.lnk (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\dcomito\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.

magicsdevil · April 23, 2008

NEW HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:17, on 2008-04-22

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tamagotchi\Dcu\TamaDcu.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: (no name) - {072D5F0C-CA1D-4B87-A4C2-348F0089458C} - (no file)

O2 - BHO: (no name) - {10BFF6B2-7553-43BD-9C93-6DC96E4C1DE5} - C:\WINDOWS\system32\hgGxyVPG.dll (file missing)

O2 - BHO: (no name) - {1B582B8C-433A-4420-ACA8-F768D313B0EB} - (no file)

O2 - BHO: (no name) - {3D37CBC8-5D26-07D0-0214-5200CECCDBBB} - C:\WINDOWS\system32\rsmaeztl.dll (file missing)

O2 - BHO: (no name) - {451CED79-11D8-4D6C-B3DA-96E43AF65533} - C:\WINDOWS\system32\opnmMecc.dll (file missing)

O2 - BHO: (no name) - {4ACC409F-CCDA-4BC4-BA39-AA98CCF0637A} - (no file)

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O2 - BHO: (no name) - {67678E09-5372-48A7-B044-37863861443A} - (no file)

O2 - BHO: (no name) - {6C858D3D-DC48-4D40-8A14-D8348DA008DD} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {85255ebb-c8e6-4ded-bfb5-28c008613ced} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: (no name) - {b91ed9fa-53a0-463e-81ba-f57f6285063b} - (no file)

O2 - BHO: (no name) - {F339E59C-DFF6-4AB7-A1F9-6399B96C91A2} - (no file)

O2 - BHO: (no name) - {FEAAB4DF-26A5-479A-B4A1-16D2A356D667} - (no file)