Antivirus XP 2008 problem- BrettSD

BrettSD · September 2008

Hello all. This virus seems to be hitting a lot of people lately and against my better judgment I ended up with it as well. I received it in a torrent. I should have been tipped off by not seeing any sort of mountable file in the first place, but alas...

Luckily, I had already installed the recommended Malwarebyte's Anti-Malware program and day or two before and was able to get it going just as or after the initial infection. After the initial shock I was able to eliminate a number of the files, key registries, etc. via said program. However, a handful of files continue to re-establish themselves after using a number of different anti-virus/adware/spybot/malware programs including all of them included in your "Steps to Take Before Posting a Hijack This Log" thread.

In my Task Manager and looking at the suspect files themselves I can pinpoint to processes and problems, but I cannot rid myself of them. They mainly seem to deal with changing and locking my desktop background and screen saver as well as one last adware bug. I'm sure there's more to it though.

I'm currently re-scanning my computer using the Panda Security site. I was about 51% finished with a first scan when I accidentally refreshed the site. I have two hard drives so it takes quite a while (the first scan was running over 3 hours and was working on my second drive). I'll post the results in an edit and not a reply as requested to this post as soon as I have them. In addition to the Malware on my C: drive Panda was finding a number of infected files on my E: drive. Hopefully we can identify and kill those too.

Here is my Hijack This! log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:05 PM, on 9/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\ufancbsj\opmfezuh.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\lphcjrgj0er8e.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINNT\system32\bkridaxw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ActiveSpeed] C:\Program Files\Ascentive\ActiveSpeed\AS.exe -b
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [lphcjrgj0er8e] C:\WINNT\system32\lphcjrgj0er8e.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [chkuiinfo] C:\WINNT\system32\bkridaxw.exe
O4 - HKCU\..\Run: [dscappsh] C:\WINNT\system32\xsbqvoxm.exe
O4 - HKCU\..\Run: [dscsh] C:\WINNT\system32\ylubszqv.exe
O4 - HKCU\..\Run: [winsyscom] C:\WINNT\system32\yngvursf.exe
O4 - HKCU\..\Run: [SmartInfo] C:\WINNT\system32\rczovqtq.exe
O4 - HKCU\..\Run: [hlpsrv] C:\WINNT\system32\stgfgxut.exe
O4 - HKCU\..\Run: [cfgdbproc] C:\WINNT\system32\uvadypmp.exe
O4 - HKLM\..\Policies\Explorer\Run: [elWoV0foj3] C:\Documents and Settings\All Users\Application Data\ufancbsj\opmfezuh.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [MPlayer2_FixUp] C:\WINNT\inf\unregmp2.exe /Fixups (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Registration IL-2 Sturmovik 1946.LNK = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BB735A0-B010-4901-8184-3B51A3AD5B16}: NameServer = 68.105.28.11,68.105.29.11
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10094 bytes

Thank you for any and all help! This site and community is a wealth of knowledge and assistance. This isn't the first time I've come to Icrontic.com for computer help.

- Brett

chiaz · September 2008

Hello.

Let's have you download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

BrettSD · September 2008

Here is the ComboFix report. I had to run the scab=n more than once because I accidentally exited the Recovery Console install. The first scan deleted three randomly lettered files that have continuously popped up in association with the Malware with other scans.

ComboFix 08-09-03.06 - Administrator 2008-09-04 12:12:20.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2812 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.

2008-09-04 12:12 . 2008-09-04 12:12 <DIR> d
C:\Temp\WPDNSE
2008-09-04 12:09 . 2008-09-04 12:12 53,248 --a
C:\Temp\catchme.dll
2008-09-04 12:00 . 2008-09-04 12:00 <DIR> d
C:\Temp\svifb.tmp
2008-09-04 12:00 . 2008-09-04 12:00 94,208 --a
C:\WINNT\system32\tivefihs.exe
2008-09-04 11:52 . 2008-09-04 11:52 <DIR> d
C:\Temp\plugtmp-21
2008-09-04 08:05 . 2008-09-04 08:05 1,220,215 --a
C:\winlo.exe
2008-09-04 08:03 . 2008-08-28 15:57 3,262 --a
C:\WINNT\system32\2.ico
2008-09-04 07:59 . 2008-09-04 07:59 94,208 --a
C:\WINNT\system32\ehuvyfml.exe
2008-09-03 20:28 . 2008-06-19 17:24 28,544 --a
C:\WINNT\system32\drivers\pavboot.sys
2008-09-03 20:27 . 2008-09-03 20:27 <DIR> d
C:\Program Files\Panda Security
2008-09-03 20:12 . 2008-09-03 20:12 <DIR> d
C:\Program Files\Trend Micro
2008-09-03 20:06 . 2008-09-03 20:06 <DIR> d
C:\Program Files\SpywareBlaster
2008-09-03 20:06 . 2008-09-03 20:06 <DIR> d
C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 20:02 . 2008-09-04 00:26 <DIR> d
C:\Temp\plugtmp-20
2008-09-03 18:19 . 2008-09-03 18:19 203,776 --a
C:\WINNT\system32\axshuxqx.exe
2008-09-03 18:19 . 2008-09-03 18:19 86,016 --a
C:\WINNT\system32\uvadypmp.exe
2008-09-03 18:01 . 2008-09-03 18:03 <DIR> d
C:\Program Files\Spybot - Search & Destroy
2008-09-03 18:01 . 2008-09-03 18:03 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-03 17:29 . 2008-09-03 17:29 <DIR> d
C:\Program Files\Lavasoft
2008-09-03 17:29 . 2008-09-03 17:29 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-03 16:50 . 2008-09-03 16:52 <DIR> d
C:\Temp\plugtmp-19
2008-09-03 16:28 . 2008-09-03 16:28 90,112 --a
C:\WINNT\system32\stgfgxut.exe
2008-09-03 07:10 . 2008-09-03 07:10 94,208 --a
C:\WINNT\system32\rczovqtq.exe
2008-09-03 01:19 . 2008-09-03 01:19 86,016 --a
C:\WINNT\system32\yngvursf.exe
2008-09-03 01:10 . 2008-09-03 01:10 86,016 --a
C:\WINNT\system32\ylubszqv.exe
2008-09-03 01:00 . 2008-09-03 01:00 86,016 --a
C:\WINNT\system32\xsbqvoxm.exe
2008-09-03 00:20 . 2008-09-03 00:20 197 --a
C:\WINNT\system32\MRT.INI
2008-09-02 23:42 . 2008-09-02 23:42 <DIR> d
C:\WINNT\system32\config\systemprofile\Application Data\Yahoo!
2008-09-02 23:42 . 2008-09-02 23:42 <DIR> d
C:\WINNT\system32\config\systemprofile\Application Data\HPAppData
2008-09-02 23:41 . 2008-09-04 07:59 <DIR> d
C:\Program Files\MSA
2008-09-02 23:41 . 2008-08-28 15:57 3,262 --a
C:\WINNT\system32\1.ico
2008-09-02 23:36 . 2008-09-03 18:02 <DIR> d
C:\Temp\IXP003.TMP
2008-09-02 23:36 . 2008-09-02 23:36 <DIR> d
C:\Documents and Settings\All Users\Application Data\ufancbsj
2008-09-02 23:36 . 2008-09-02 23:36 86,016 --a
C:\WINNT\system32\bkridaxw.exe
2008-09-02 23:35 . 2008-09-03 18:02 <DIR> d
C:\Temp\IXP002.TMP
2008-09-02 23:32 . 2008-09-03 18:02 <DIR> d
C:\Temp\IXP001.TMP
2008-09-02 23:31 . 2008-09-03 18:02 <DIR> d
C:\Temp\IXP000.TMP
2008-09-02 23:15 . 2008-09-02 23:15 <DIR> d
C:\Program Files\DAEMON Tools Lite
2008-09-02 23:12 . 2008-09-02 23:12 <DIR> d
C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-09-02 23:12 . 2008-09-02 23:12 717,296 --a
C:\WINNT\system32\drivers\sptd.sys
2008-09-01 00:34 . 2008-09-03 00:20 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 00:34 . 2008-09-01 00:34 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-01 00:34 . 2008-09-01 00:34 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-01 00:34 . 2008-09-02 00:24 38,528 --a
C:\WINNT\system32\drivers\mbamswissarmy.sys
2008-09-01 00:34 . 2008-09-02 00:24 17,200 --a
C:\WINNT\system32\drivers\mbam.sys
2008-08-27 14:03 . 2008-08-27 14:03 42,320 --a
C:\WINNT\system32\xfcodec.dll
2008-08-21 22:10 . 2008-08-21 22:10 <DIR> d
C:\bba919ad911feaabefb66da8
2008-08-20 19:17 . 2008-09-03 18:02 <DIR> d
C:\Temp\_is4EE
2008-08-17 00:07 . 2008-08-17 00:07 <DIR> d
C:\Temp\plugtmp-18
2008-08-14 18:03 . 2008-08-14 18:03 552 --a
C:\WINNT\system32\d3d8caps.dat
2008-08-14 17:24 . 2008-08-19 19:44 <DIR> d
C:\Program Files\IL2-MAT Manager
2008-08-14 13:43 . 2008-06-26 01:15 1,499,136
C:\WINNT\system32\dllcache\shdocvw.dll
2008-08-14 13:43 . 2008-06-26 01:15 619,520
C:\WINNT\system32\dllcache\urlmon.dll
2008-08-14 13:43 . 2008-07-07 13:26 253,952
C:\WINNT\system32\dllcache\es.dll
2008-08-14 13:43 . 2008-06-24 09:43 74,240
C:\WINNT\system32\dllcache\mscms.dll
2008-08-14 13:42 . 2008-04-11 12:04 691,712
C:\WINNT\system32\dllcache\inetcomm.dll
2008-08-14 13:42 . 2008-05-01 07:33 331,776
C:\WINNT\system32\dllcache\msadce.dll
2008-08-12 17:05 . 2008-08-12 17:05 <DIR> d
C:\Temp\plugtmp-17
2008-08-08 23:14 . 2008-08-08 23:14 <DIR> d
C:\Temp\rtp12D.tmp.dir
2008-08-08 23:13 . 2008-09-03 18:02 <DIR> d
C:\Temp\rtp11F.tmp.dir
2008-08-08 22:39 . 2008-08-08 22:39 <DIR> d
C:\Program Files\Hamachi
2008-08-08 22:39 . 2008-08-14 21:00 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Hamachi
2008-08-08 22:39 . 2008-08-08 22:39 25,280 --a
C:\WINNT\system32\drivers\hamachi.sys
2008-08-07 09:26 . 2008-08-07 09:26 <DIR> d
C:\Program Files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 19:00
d
w C:\Program Files\Steam
2008-09-04 19:00
d
w C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-09-04 03:21
d
w C:\Program Files\Xfire
2008-09-04 00:29
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 06:12
d
w C:\Documents and Settings\Administrator\Application Data\Xfire
2008-09-03 06:12
d
w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-08-26 04:27 136,888 ----a-w C:\WINNT\system32\drivers\PnkBstrK.sys
2008-08-26 04:27 111,928 ----a-w C:\WINNT\system32\PnkBstrB.exe
2008-08-20 23:08
d--h--w C:\Program Files\InstallShield Installation Information
2008-08-09 06:14
d
w C:\Program Files\ubi.com
2008-08-09 01:17
d
w C:\Program Files\Apple Software Update
2008-07-30 21:32
d
w C:\Program Files\Logitech
2008-07-30 21:32
d
w C:\Program Files\Common Files\Logitech
2008-07-29 05:19
d
w C:\Program Files\Ubisoft
2008-07-28 03:31
d
w C:\Program Files\Common Files\PocketSoft
2008-07-28 03:31
d
w C:\Documents and Settings\Administrator\Application Data\ubi.com
2008-07-20 08:06
d
w C:\Program Files\iTunes
2008-07-20 07:09
d
w C:\Program Files\Common Files\Logishrd
2008-07-19 05:10 94,920 ----a-w C:\WINNT\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINNT\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINNT\system32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINNT\system32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINNT\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINNT\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINNT\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINNT\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINNT\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINNT\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINNT\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINNT\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINNT\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINNT\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINNT\system32\dllcache\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINNT\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINNT\system32\muweb.dll
2008-07-16 09:15
d
w C:\Program Files\SD EnterNET
2008-07-15 02:07
d
w C:\Program Files\iPod
2008-07-15 02:06
d
w C:\Program Files\QuickTime
2008-07-07 20:26 253,952 ----a-w C:\WINNT\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINNT\system32\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINNT\system32\wininet.dll
2008-06-23 15:09 666,112
w C:\WINNT\system32\dllcache\wininet.dll
2008-06-23 15:09 3,067,392
w C:\WINNT\system32\dllcache\mshtml.dll
2008-06-20 17:46 245,248 ----a-w C:\WINNT\system32\mswsock.dll
2008-06-20 17:46 245,248
w C:\WINNT\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968
w C:\WINNT\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600
w C:\WINNT\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496
w C:\WINNT\system32\dllcache\afd.sys
2008-06-20 11:08 225,856
w C:\WINNT\system32\dllcache\tcpip6.sys
2008-06-17 22:17 348,160 ----a-w C:\WINNT\system32\msvcr71.dll
2008-06-13 11:05 272,128
w C:\WINNT\system32\dllcache\bthport.sys
2008-06-09 20:43 107,888 ----a-w C:\WINNT\system32\CmdLineExt.dll
2008-01-28 03:58 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2007-08-04 04:24 984,576 ----a-w C:\WINNT\inf\syssbck.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-06-07 61440]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-04-04 1368064]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-29 67128]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 1271032]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 1103480]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"chkuiinfo"="C:\WINNT\system32\bkridaxw.exe" [2008-09-02 86016]
"dscappsh"="C:\WINNT\system32\xsbqvoxm.exe" [2008-09-03 86016]
"dscsh"="C:\WINNT\system32\ylubszqv.exe" [2008-09-03 86016]
"winsyscom"="C:\WINNT\system32\yngvursf.exe" [2008-09-03 86016]
"SmartInfo"="C:\WINNT\system32\rczovqtq.exe" [2008-09-03 94208]
"hlpsrv"="C:\WINNT\system32\stgfgxut.exe" [2008-09-03 90112]
"cfgdbproc"="C:\WINNT\system32\uvadypmp.exe" [2008-09-03 86016]
"AplProc"="C:\WINNT\system32\ehuvyfml.exe" [2008-09-04 94208]
"actsrv"="C:\WINNT\system32\tivefihs.exe" [2008-09-04 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-22 1126400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINNT\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 C:\WINNT\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINNT\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MPlayer2_FixUp"="C:\WINNT\inf\unregmp2.exe" [2007-06-26 317440]
"nltide_3"="advpack.dll" [2008-04-13 C:\WINNT\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"elWoV0foj3"="C:\Documents and Settings\All Users\Application Data\ufancbsj\opmfezuh.exe" [2008-09-02 69632]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
PowerReg Scheduler.exe [2008-07-27 256000]
Registration IL-2 Sturmovik 1946.LNK - C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe [2005-05-24 868352]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-27 3450608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-27 113664]
BlackBerry Desktop Redirector.lnk - C:\Program Files\Research In Motion\BlackBerry\Redirector.exe [2006-07-26 1319018]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-29 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-20 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINNT\\system32\\PnkBstrA.exe"=
"C:\\WINNT\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

R0 pavboot;pavboot;C:\WINNT\system32\drivers\pavboot.sys [2008-06-19 28544]
S0 ctrub;ctrub;C:\WINNT\system32\drivers\lftkddee.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Sharedaccess
Tapisrv
Themes
TrkWks
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN
napagent
hkmsvc
wscsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

*Newly Created Service* - HELPSVC
.
Contents of the 'Scheduled Tasks' folder
.
.
Supplementary Scan
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ir8mdjq2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.msn.com
FF -: plugin - C:\Program Files\Download Manager\npfpdlm.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 12:12:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-04 12:13:14
ComboFix-quarantined-files.txt 2008-09-04 19:13:11
ComboFix2.txt 2008-09-04 19:10:09

Pre-Run: 117,106,929,664 bytes free
Post-Run: 117,077,213,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff

303 --- E O F --- 2008-09-03 07:20:57

chiaz · September 2008

Let's see a new HijackThis log.

BrettSD · September 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:42 AM, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\ufancbsj\opmfezuh.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\WgaTray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINNT\system32\uvadypmp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [chkuiinfo] C:\WINNT\system32\bkridaxw.exe
O4 - HKCU\..\Run: [dscappsh] C:\WINNT\system32\xsbqvoxm.exe
O4 - HKCU\..\Run: [dscsh] C:\WINNT\system32\ylubszqv.exe
O4 - HKCU\..\Run: [winsyscom] C:\WINNT\system32\yngvursf.exe
O4 - HKCU\..\Run: [SmartInfo] C:\WINNT\system32\rczovqtq.exe
O4 - HKCU\..\Run: [hlpsrv] C:\WINNT\system32\stgfgxut.exe
O4 - HKCU\..\Run: [cfgdbproc] C:\WINNT\system32\uvadypmp.exe
O4 - HKCU\..\Run: [AplProc] C:\WINNT\system32\ehuvyfml.exe
O4 - HKCU\..\Run: [actsrv] C:\WINNT\system32\tivefihs.exe
O4 - HKCU\..\Run: [SmartUiInfo] C:\WINNT\system32\xkjetwna.exe
O4 - HKLM\..\Policies\Explorer\Run: [elWoV0foj3] C:\Documents and Settings\All Users\Application Data\ufancbsj\opmfezuh.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [MPlayer2_FixUp] C:\WINNT\inf\unregmp2.exe /Fixups (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Registration IL-2 Sturmovik 1946.LNK = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\temp\ntdll64.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BB735A0-B010-4901-8184-3B51A3AD5B16}: NameServer = 68.105.28.11,68.105.29.11
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINNT\system32\cisvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINNT\System32\ups.exe (file missing)

--
End of file - 10177 bytes

There you go, sir.

chiaz · September 2008

Still quite a lot of nasty stuff there...let's run another scanner before we start on it manually.

Download " SUPERAntiSpyware Free Edition" from this link:
http://www.superantispyware.com/download.html

Install and update the scanner.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

Start the scanner, click "Scan your computer", mark the drives that you want to scan (in the left window). Select "Perform Complete Scan" (in the right window). Click "next"

The scanner will now start to scan. As soon as it has finished, you should mark everything that is found, and let the scanner fix it.

Reboot your computer. After reboot, open the scanner again. Click "preferences"-> "stastics/logs". Mark the log. Click "View log", and copy the content of this log into your next reply, along with a new HijackThis log.

BrettSD · September 2008

Here is the SuperAntiSpyware report.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/05/2008 at 01:20 PM

Application Version : 4.21.1004

Core Rules Database Version : 3557
Trace Rules Database Version: 1545

Scan type : Complete Scan
Total Scan Time : 02:07:00

Memory items scanned : 140
Memory threats detected : 0
Registry items scanned : 4987
Registry threats detected : 13
File items scanned : 56379
File threats detected : 527

Trojan.Dropper/Gen
[chkuiinfo] C:\WINNT\SYSTEM32\BKRIDAXW.EXE
C:\WINNT\SYSTEM32\BKRIDAXW.EXE
[dscappsh] C:\WINNT\SYSTEM32\XSBQVOXM.EXE
C:\WINNT\SYSTEM32\XSBQVOXM.EXE
[dscsh] C:\WINNT\SYSTEM32\YLUBSZQV.EXE
C:\WINNT\SYSTEM32\YLUBSZQV.EXE
[winsyscom] C:\WINNT\SYSTEM32\YNGVURSF.EXE
C:\WINNT\SYSTEM32\YNGVURSF.EXE
[SmartInfo] C:\WINNT\SYSTEM32\RCZOVQTQ.EXE
C:\WINNT\SYSTEM32\RCZOVQTQ.EXE
[hlpsrv] C:\WINNT\SYSTEM32\STGFGXUT.EXE
C:\WINNT\SYSTEM32\STGFGXUT.EXE
[cfgdbproc] C:\WINNT\SYSTEM32\UVADYPMP.EXE
C:\WINNT\SYSTEM32\UVADYPMP.EXE
[AplProc] C:\WINNT\SYSTEM32\EHUVYFML.EXE
C:\WINNT\SYSTEM32\EHUVYFML.EXE
[actsrv] C:\WINNT\SYSTEM32\TIVEFIHS.EXE
C:\WINNT\SYSTEM32\TIVEFIHS.EXE
[SmartUiInfo] C:\WINNT\SYSTEM32\XKJETWNA.EXE
C:\WINNT\SYSTEM32\XKJETWNA.EXE
[actapl] C:\WINNT\SYSTEM32\HANADIHW.EXE
C:\WINNT\SYSTEM32\HANADIHW.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@at.atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@try.starware[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.mininova[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@data3.perf.overture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@casalemedia[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfk4qkazolq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@track.adform[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjmyoidzaep.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wgkowgdpghp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@hurricanedigitalmedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@srv1.ad.adition[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@emarketmakers[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@insightexpressai[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@insightexpressai[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@pt.crossmediaservices[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.azoogleads[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@as.casalemedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@data4.perf.overture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.marketingfacts[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@serving-sys[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@fastclick[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adv.surinter[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.searchadnetwork[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.0stats[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adfarm1.adition[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@viamtvcom.112.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@cpvfeed[3].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.rowise[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@searchadnetwork[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@edge.ru4[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfmywjdzkcp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjk4ukazako.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@cpvfeed[4].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@overture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjlygiaziap.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wgl4opazeho.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@tribalfusion[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.contactmusic[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@easy-hit-counters[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@app.insightgrit[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ad.zanox[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@cpvfeed[5].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@pornotube[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.mediamax[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@yieldmanager[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@realmedia[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wflikjajwaq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjl4ckdjcep.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@offeroptimizer[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@cpvfeed[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@cpvfeed[6].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@clicksor[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@geo.precisionclick[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjny-1nc5if.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@partner2profit[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@anat.tacoda[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@server.cpmstar[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.macromedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.maxxx-videos[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adknowledge[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@kontera[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@anad.tacoda[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@usenext[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.battlestats[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjk4qocjmlq.stats.esomniture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjmykpdjgcp.stats.esomniture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ad1.clickhype[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@tracking.foxnews[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@secure.winantivirus[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@tracking[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@linksynergy[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@stats1.reliablestats[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ehg-ati.hitbox[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@4stats[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.sexbuddies[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.addynamix[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjnyulcjwlp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfliqidzseq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@images.crossmediaservices[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@stats.adbrite[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@mediaplex[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@clickhype[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@teenageghoul.deviantart[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@publishers.clickbooth[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@hitbox[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adopt.euroclick[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@qnsr[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.incentaclick[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjny-1ocjob.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ath.belnk[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@kanoodle[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.ampednews[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@entrepreneur[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@moffitt.mediaroom[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.as4x.tmcs[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@media.adrevolver[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.realtechnetwork[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.ecomtrack2[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@bs.serving-sys[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@fcstats.bcentral[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@coxhsi.112.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adecn[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkoghdzccp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjlywoajafo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjnycmd5cap.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@admarketplace[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@usatoday1.112.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@bluestreak[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjmiagajgbq.stats.esomniture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@roiservice[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.admedian[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@highbeam.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@campaign.indieclick[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@atdmt[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkyugdpobo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@yadro[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@accounts[3].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@accounts[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@exitexchange[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@doubleclick[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.myaccount.cingular[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@optimost[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjlyekdpsgp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@cartoonnetwork.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@clickability[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@qksrv[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@insightexpresserdd[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@interclick[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ad.afy11[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@cz7.clickzs[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@azjmp[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.onlineemedia[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@dist.belnk[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@fortunecity[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@waterfrontmedia.112.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@insightexpress[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkosgcpakp.stats.esomniture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@indextools[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.pointroll[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@a.as-us.falkag[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@keywordmax[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads1.rodale[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.thespyguard[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@paypal.112.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@realmedia.co[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@h.starware[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@as-us.falkag[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@scanner.sysprotect[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjk4wgc5gdo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@gradus.pornzonehost[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfl4sndpaaq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@creativeby.viewpoint[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@hbmediapro[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjnywlc5slq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfkouldzgkq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.glispa[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@banners.searchingbooth[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.findarticles[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkywhc5skq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@worldlingomedia[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@server.iad.liveperson[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.yfdmedia[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkycpd5scp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkyandjkko.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@skyauction.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkocgcjohp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@revenuegateway.directtrack[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@agoramedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@click.datablocks[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfloaldpmfq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.short-media[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjnyujdpcep.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkyknajsgp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkyqjajwho.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adultswim[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfkyooajgcq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adinterax[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@gettyimages.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjk4cjdjoaq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@indigio.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@superstats[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@myfreevids.liveadulthost[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@hits.clickandtrack[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@count.exitexchange[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@nbcuniversal.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjk4cjdpsbp.stats.esomniture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@count1.exitexchange[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@count4.exitexchange[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@regalinteractive[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.guardian.co[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@freeze.directtrack[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.winantiviruspro[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.adultswim[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wgkokodpsko.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@statcounter[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfkyojdpcgp.stats.esomniture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@count2.exitexchange[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@questionmarket[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@maxim.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkyoidjcfo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wgmycnczgcp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adlegend[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@banners.guns[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkosjcpcbo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@count3.exitexchange[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@image.masterstats[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@entrepreneur.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfkienazskq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@enhance[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@stat.dealtime[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adultfriendfinder[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@counter[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adserve.webtoolcafe[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@discountdance[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@drivecleaner[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@goclick[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjligkc5gbp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkogld5igq.stats.esomniture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjlocjdzkeo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@banners.motorbase[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.drivecleaner[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@xiti[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.discountdance[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@cbs.112.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkysicpiaq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ad.yieldmanager[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@icc.intellisrv[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.monster[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@nextag[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@zedo[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@sales.liveperson[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@revsci[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjk4eocjkcp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adbrite[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@c.enhance[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfligmazecp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@falkag[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@specificclick[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@gostats[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@web4.realtracker[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wgkiokc5kbp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@stats.drivecleaner[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@tacoda[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ford.112.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.riverbelle[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjk4uid5seq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@rotator.adjuggler[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@vip.clickzs[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@reztrack[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@media.esportnetwork[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfl4spdjmgp.stats.esomniture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adrevolver[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adrevolver[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.coreware.co[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@dealtime[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@cassava[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@c.goclick[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.my-teen-space[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@a.websponsors[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@sixapart.adbureau[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@revsci[3].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.jackpotmadness[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfliwkc5ilp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@oasc02.247realmedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adopt.hbmediapro[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkoemazsbo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@tracker.tbkresources[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@findwhat[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkokmdjmhp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjnyehajmlo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@media202[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.sexpacking[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjmielcjocp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@partners.adultadworld[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@burstnet[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.xctrk[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@banner[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@anm.112.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjk4olcjabo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ehg-randomhouse.hitbox[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.upspiral[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adopt.specificclick[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@coolsavings[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@nbads[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.toseeka[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@partygaming.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ar.atwola[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@empornium[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.getstats[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@rapidresponse.directtrack[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@linkstattrack[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@friendfinder[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfl4gmajkbo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@homedepotca.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@bfast[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@perf.overture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@go.winantispyware[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@partypoker[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@clickwwwsearch[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@heavycom.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@mmm.elitemediagroup[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.burstbeacon[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@trafficmp[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@advertising[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@upspiral[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@belnk[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.webnetad[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@secure.agoramedia[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@jobfind[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.yourdailymedia[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@2o7[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjlioocpsgp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@onlinerewardcenter[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkounc5sbp.stats.esomniture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjmyqkcjmeo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wgkiohdpweo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.us.e-planning[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjliggdpglp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adserver[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@certified-safe-downloads[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@toseeka[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjk4kmczcco.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkyqkdjkcp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@searchfindsearch[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@tripod.lycos[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@indexstats[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www2.claxonmedia[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkoagczckq.stats.esomniture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@network.realmedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wgkyuic5glp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@winantivirus[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@metacafe.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@login.tracking101[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wgmicoczsfp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@reduxads.valuead[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@atwola[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@m1.webstats4u[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjkookczebp.stats.esomniture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.realcastmedia[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjmigjazccp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@apmebf[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.winantivirus[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@bizrate[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@vitecmedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@server.lon.liveperson[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjl4wmajkgo.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@stats.gamestop[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@warlog[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.cnn[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ads.leoslyrics[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@adsrevenue[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@advert.travlang[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@cneteurope.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@cnn.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@counter.auctionworks[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@data1.perf.overture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@data2.perf.overture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wfkicgdjgfq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjlowodpilp.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@e-2dj6wjnyqndpegq.stats.esomniture[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@ehg-maniatv.hitbox[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@entrepreneur.us.intellitxt[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@epilot[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@microsofteup.112.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@msnportal.112.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@serving.rpowermedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@statse.webtrendslive[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@track.searchignite[2].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@winantispyware[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@www.winantispyware[1].txt[/email]
E:\Documents and Settings\Brett Segal\Cookies\brett [email]segal@yourmedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@try.starware[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@www2.inettraffic[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@casalemedia[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@insightexpressai[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@hurricanedigitalmedia[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@fastclick[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@edge.ru4[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@overture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@tribalfusion[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@realmedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@yieldmanager[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@cpvfeed[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@kontera[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@anad.tacoda[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@anat.tacoda[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@adknowledge[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@ad1.clickhype[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@stats1.reliablestats[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@directtrack[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@ath.belnk[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@server.cpmstar[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@adserver.easyad[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@images.crossmediaservices[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@ads.joetec[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@adopt.euroclick[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@mediaplex[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@publishers.clickbooth[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@hitbox[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@qnsr[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@kanoodle[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@adecn[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@ads.realtechnetwork[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@admarketplace[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@www.admedian[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@atdmt[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@accounts[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@exitexchange[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@doubleclick[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@interclick[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@ads.blizzard[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@www.onlineemedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@dist.belnk[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@a.as-us.falkag[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@h.starware[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@azjmp[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@as-us.falkag[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@scanner.sysprotect[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@ads.cc214142[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@server.iad.liveperson[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@hits.clickandtrack[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@statcounter[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@count.exitexchange[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@count1.exitexchange[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@regalinteractive[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@www.winantiviruspro[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@count2.exitexchange[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@questionmarket[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@count3.exitexchange[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@adlegend[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@count4.exitexchange[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@adultfriendfinder[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@adserve.webtoolcafe[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@drivecleaner[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@goclick[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@offers.intermediainteractive[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@discountdance[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@www.discountdance[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@ad.yieldmanager[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@enhance[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@icc.intellisrv[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@nextag[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@zedo[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@revsci[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@stats.drivecleaner[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@tacoda[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@adbrite[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@ford.112.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@adrevolver[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@adrevolver[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@adopt.hbmediapro[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@a.websponsors[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@findwhat[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@www.burstnet[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@burstnet[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@banner[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@adopt.specificclick[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@partygaming.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@rapidresponse.directtrack[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@perf.overture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@partypoker[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@heavycom.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@www.burstbeacon[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@trafficmp[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@advertising[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@belnk[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@reduxads.valuead[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@2o7[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@cpacampaigns.directtrack[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@indexstats[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@network.realmedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@client.roiadtracker[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@ads.realcastmedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@winantivirus[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@atwola[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@login.tracking101[2].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@ads.cnn[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@cnn.122.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@data2.perf.overture[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@ehg-maniatv.hitbox[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@msnportal.112.2o7[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@serving.rpowermedia[1].txt[/email]
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Cookies\brett [email]segal@statse.webtrendslive[2].txt[/email]

Trojan.DNSChanger-Codec
HKU\S-1-5-21-606747145-1647877149-682003330-500\Software\uninstall

Rogue.PC-Cleaner
HKU\S-1-5-21-606747145-1647877149-682003330-500\Software\mwc

Trojan.Unknown Origin
C:\WINNT\SYSTEM32\1.ICO
C:\WINNT\SYSTEM32\2.ICO

Malware.VirusBurst
E:\DOCUMENTS AND SETTINGS\BRETT SEGAL\LOCAL SETTINGS\TEMP\VB1C8.EXE

Trojan.Downloader-VSAddIn
E:\PROGRAM FILES\VSADD-IN\VSADD-IN.DLL
E:\WINDOWS\SYSTEM32\BRWAYCXB.EXE
E:\WINDOWS\SYSTEM32\CTLKXPJF.EXE
E:\WINDOWS\SYSTEM32\DIRKJXAI.EXE
E:\WINDOWS\SYSTEM32\FQGDKLNV.EXE
E:\WINDOWS\SYSTEM32\GGKGGCAJ.EXE
E:\WINDOWS\SYSTEM32\ILOOIJRU.EXE
E:\WINDOWS\SYSTEM32\KUSNOTND.EXE
E:\WINDOWS\SYSTEM32\LJFTRQJY.EXE
E:\WINDOWS\SYSTEM32\LMSWOHUE.EXE
E:\WINDOWS\SYSTEM32\LQUWWPKG.EXE
E:\WINDOWS\SYSTEM32\MIQDVDUN.EXE
E:\WINDOWS\SYSTEM32\NHTOLPSW.EXE
E:\WINDOWS\SYSTEM32\OBMJRNAT.EXE
E:\WINDOWS\SYSTEM32\OJMCJMDO.EXE
E:\WINDOWS\SYSTEM32\OUAUDNVS.EXE
E:\WINDOWS\SYSTEM32\QALRJQVQ.EXE
E:\WINDOWS\SYSTEM32\RXWTROLU.EXE
E:\WINDOWS\SYSTEM32\TFICKMGI.EXE
E:\WINDOWS\SYSTEM32\YXRPJRSB.EXE

Trojan.WinFixer
E:\WINDOWS\SYSTEM32\AWVTU.DLL

Trojan.Downloader-Quake11
E:\WINDOWS\SYSTEM32\DMKADQGU.DLL

Trojan.Downloader-VSToolbar
E:\WINDOWS\SYSTEM32\KHFOGKDM.EXE

Adware.Vundo Variant
E:\WINDOWS\SYSTEM32\SSQRR.DLL

Trojan.Downloader-Gen/Shocker
E:\WINDOWS\SYSTEM32\TTSXOBXP.EXE

Trace.Known Threat Sources
E:\Documents and Settings\Brett Segal\Local Settings\Temp\Temporary Internet Files\Content.IE5\BHRDLIJM\thumbshot[2].jpg

And here is the new Hijack This! log. I'm still getting "This site is infecting you!" pop ups.

BrettSD · September 2008

Hijack This! report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:52 PM, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\ufancbsj\opmfezuh.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\WgaTray.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\avuxapst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [mntutilapp] C:\WINNT\system32\avuxapst.exe
O4 - HKLM\..\Policies\Explorer\Run: [elWoV0foj3] C:\Documents and Settings\All Users\Application Data\ufancbsj\opmfezuh.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [MPlayer2_FixUp] C:\WINNT\inf\unregmp2.exe /Fixups (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Registration IL-2 Sturmovik 1946.LNK = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\temp\ntdll64.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BB735A0-B010-4901-8184-3B51A3AD5B16}: NameServer = 68.105.28.11,68.105.29.11
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINNT\system32\cisvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINNT\System32\ups.exe (file missing)

--
End of file - 9829 bytes

chiaz · September 2008

Please download LSPfix from here:
http://www.downloads.subratam.org/lspfix.zip
Unzip it to the desktop and run it. Check "I know what I'm doing", and then select each instance of "ntdll64.dll" in the left-hand panel and click >> to move it to the right-hand panel. Then click Finish to allow LSPfix to rebuild the LSP chain.

Next boot to Safe Mode. Then run HijackThis and place a tick by the following entries:
O4 - HKCU\..\Run: [mntutilapp] C:\WINNT\system32\avuxapst.exe
O4 - HKLM\..\Policies\Explorer\Run: [elWoV0foj3] C:\Documents and Settings\All Users\Application Data\ufancbsj\opmfezuh.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINNT\system32\cisvc.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINNT\System32\ups.exe (file missing)

Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.

1. Go on to download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your Desktop.

2. Copy all the text contained in the Quote box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINNT\system32\avuxapst.exe

Folders to delete:
C:\Documents and Settings\All Users\Application Data\ufancbsj\

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open The Avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V).
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply.

While you are waiting for me to reply, I want you to run ComboFix again, in normal mode; and MBAM and SAS again, in safe mode.

BrettSD · September 2008

Here is the Avenger report.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINNT\system32\avuxapst.exe" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\ufancbsj" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

And the Hijack This! report. I'll put the subsequent reports in separate posts because of their size.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:31 PM, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\WgaTray.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [MPlayer2_FixUp] C:\WINNT\inf\unregmp2.exe /Fixups (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Registration IL-2 Sturmovik 1946.LNK = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BB735A0-B010-4901-8184-3B51A3AD5B16}: NameServer = 68.105.28.11,68.105.29.11
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINNT\system32\cisvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINNT\System32\ups.exe (file missing)

--
End of file - 9457 bytes

I still see the ups.exe here in the Hijack This! report. I thought I clicked it, perhaps I missed it. In the meantime I'll go through the steps to delete it again and post the set of reports from ComboFix, MBAM, and SAS.

BrettSD · September 2008

Combofix log.

ComboFix 08-09-05.02 - Administrator 2008-09-06 18:14:26.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2883 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-06 18:14 . 2008-09-06 18:14 <DIR> d
C:\Temp\WPDNSE
2008-09-06 17:51 . 2008-09-06 17:51 <DIR> d
C:\Temp\svj22.tmp
2008-09-05 11:07 . 2008-09-05 11:07 <DIR> d
C:\Program Files\SUPERAntiSpyware
2008-09-05 11:07 . 2008-09-05 11:07 <DIR> d
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-05 11:07 . 2008-09-05 11:07 <DIR> d
C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-09-05 00:10 . 2008-09-05 00:10 <DIR> d
C:\Temp\plugtmp-22
2008-09-04 12:09 . 2008-09-06 18:16 53,248 --a
C:\Temp\catchme.dll
2008-09-04 11:52 . 2008-09-04 11:52 <DIR> d
C:\Temp\plugtmp-21
2008-09-03 20:28 . 2008-06-19 17:24 28,544 --a
C:\WINNT\system32\drivers\pavboot.sys
2008-09-03 20:27 . 2008-09-03 20:27 <DIR> d
C:\Program Files\Panda Security
2008-09-03 20:12 . 2008-09-03 20:12 <DIR> d
C:\Program Files\Trend Micro
2008-09-03 20:06 . 2008-09-03 20:06 <DIR> d
C:\Program Files\SpywareBlaster
2008-09-03 20:06 . 2008-09-05 00:33 <DIR> d-a
C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 20:02 . 2008-09-04 00:26 <DIR> d
C:\Temp\plugtmp-20
2008-09-03 18:01 . 2008-09-03 18:03 <DIR> d
C:\Program Files\Spybot - Search & Destroy
2008-09-03 18:01 . 2008-09-03 18:03 <DIR> d
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-03 17:29 . 2008-09-03 17:29 <DIR> d
C:\Program Files\Lavasoft
2008-09-03 17:29 . 2008-09-03 17:29 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-03 16:50 . 2008-09-03 16:52 <DIR> d
C:\Temp\plugtmp-19
2008-09-03 00:20 . 2008-09-03 00:20 197 --a
C:\WINNT\system32\MRT.INI
2008-09-02 23:42 . 2008-09-02 23:42 <DIR> d
C:\WINNT\system32\config\systemprofile\Application Data\Yahoo!
2008-09-02 23:42 . 2008-09-02 23:42 <DIR> d
C:\WINNT\system32\config\systemprofile\Application Data\HPAppData
2008-09-02 23:41 . 2008-09-05 00:32 <DIR> d
C:\Program Files\MSA
2008-09-02 23:36 . 2008-09-03 18:02 <DIR> d
C:\Temp\IXP003.TMP
2008-09-02 23:35 . 2008-09-03 18:02 <DIR> d
C:\Temp\IXP002.TMP
2008-09-02 23:32 . 2008-09-03 18:02 <DIR> d
C:\Temp\IXP001.TMP
2008-09-02 23:31 . 2008-09-03 18:02 <DIR> d
C:\Temp\IXP000.TMP
2008-09-02 23:15 . 2008-09-02 23:15 <DIR> d
C:\Program Files\DAEMON Tools Lite
2008-09-02 23:12 . 2008-09-02 23:12 <DIR> d
C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-09-02 23:12 . 2008-09-02 23:12 717,296 --a
C:\WINNT\system32\drivers\sptd.sys
2008-09-01 00:34 . 2008-09-03 00:20 <DIR> d
C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 00:34 . 2008-09-01 00:34 <DIR> d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-01 00:34 . 2008-09-01 00:34 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-01 00:34 . 2008-09-02 00:24 38,528 --a
C:\WINNT\system32\drivers\mbamswissarmy.sys
2008-09-01 00:34 . 2008-09-02 00:24 17,200 --a
C:\WINNT\system32\drivers\mbam.sys
2008-08-27 14:03 . 2008-08-27 14:03 42,320 --a
C:\WINNT\system32\xfcodec.dll
2008-08-21 22:10 . 2008-08-21 22:10 <DIR> d
C:\bba919ad911feaabefb66da8
2008-08-20 19:17 . 2008-09-03 18:02 <DIR> d
C:\Temp\_is4EE
2008-08-17 00:07 . 2008-08-17 00:07 <DIR> d
C:\Temp\plugtmp-18
2008-08-14 18:03 . 2008-08-14 18:03 552 --a
C:\WINNT\system32\d3d8caps.dat
2008-08-14 17:24 . 2008-08-19 19:44 <DIR> d
C:\Program Files\IL2-MAT Manager
2008-08-14 13:43 . 2008-06-26 01:15 1,499,136
C:\WINNT\system32\dllcache\shdocvw.dll
2008-08-14 13:43 . 2008-06-26 01:15 619,520
C:\WINNT\system32\dllcache\urlmon.dll
2008-08-14 13:43 . 2008-07-07 13:26 253,952
C:\WINNT\system32\dllcache\es.dll
2008-08-14 13:43 . 2008-06-24 09:43 74,240
C:\WINNT\system32\dllcache\mscms.dll
2008-08-14 13:42 . 2008-04-11 12:04 691,712
C:\WINNT\system32\dllcache\inetcomm.dll
2008-08-14 13:42 . 2008-05-01 07:33 331,776
C:\WINNT\system32\dllcache\msadce.dll
2008-08-12 17:05 . 2008-08-12 17:05 <DIR> d
C:\Temp\plugtmp-17
2008-08-08 23:14 . 2008-08-08 23:14 <DIR> d
C:\Temp\rtp12D.tmp.dir
2008-08-08 23:13 . 2008-09-03 18:02 <DIR> d
C:\Temp\rtp11F.tmp.dir
2008-08-08 22:39 . 2008-08-08 22:39 <DIR> d
C:\Program Files\Hamachi
2008-08-08 22:39 . 2008-08-14 21:00 <DIR> d
C:\Documents and Settings\Administrator\Application Data\Hamachi
2008-08-08 22:39 . 2008-08-08 22:39 25,280 --a
C:\WINNT\system32\drivers\hamachi.sys
2008-08-07 09:26 . 2008-08-07 09:26 <DIR> d
C:\Program Files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 00:51
d
w C:\Program Files\Steam
2008-09-07 00:51
d
w C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-09-05 18:07
d
w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 07:20
d
w C:\Program Files\Xfire
2008-09-03 06:12
d
w C:\Documents and Settings\Administrator\Application Data\Xfire
2008-09-03 06:12
d
w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-08-26 04:27 136,888 ----a-w C:\WINNT\system32\drivers\PnkBstrK.sys
2008-08-26 04:27 111,928 ----a-w C:\WINNT\system32\PnkBstrB.exe
2008-08-20 23:08
d--h--w C:\Program Files\InstallShield Installation Information
2008-08-09 06:14
d
w C:\Program Files\ubi.com
2008-08-09 01:17
d
w C:\Program Files\Apple Software Update
2008-07-30 21:32
d
w C:\Program Files\Logitech
2008-07-30 21:32
d
w C:\Program Files\Common Files\Logitech
2008-07-29 05:19
d
w C:\Program Files\Ubisoft
2008-07-28 03:31
d
w C:\Program Files\Common Files\PocketSoft
2008-07-28 03:31
d
w C:\Documents and Settings\Administrator\Application Data\ubi.com
2008-07-20 08:06
d
w C:\Program Files\iTunes
2008-07-20 07:09
d
w C:\Program Files\Common Files\Logishrd
2008-07-19 05:10 94,920 ----a-w C:\WINNT\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINNT\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINNT\system32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINNT\system32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINNT\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINNT\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINNT\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINNT\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINNT\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINNT\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINNT\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINNT\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINNT\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINNT\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINNT\system32\dllcache\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINNT\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINNT\system32\muweb.dll
2008-07-16 09:15
d
w C:\Program Files\SD EnterNET
2008-07-15 02:07
d
w C:\Program Files\iPod
2008-07-15 02:06
d
w C:\Program Files\QuickTime
2008-07-07 20:26 253,952 ----a-w C:\WINNT\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINNT\system32\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINNT\system32\wininet.dll
2008-06-23 15:09 666,112
w C:\WINNT\system32\dllcache\wininet.dll
2008-06-23 15:09 3,067,392
w C:\WINNT\system32\dllcache\mshtml.dll
2008-06-20 17:46 245,248 ----a-w C:\WINNT\system32\mswsock.dll
2008-06-20 17:46 245,248
w C:\WINNT\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968
w C:\WINNT\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600
w C:\WINNT\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496
w C:\WINNT\system32\dllcache\afd.sys
2008-06-20 11:08 225,856
w C:\WINNT\system32\dllcache\tcpip6.sys
2008-06-17 22:17 348,160 ----a-w C:\WINNT\system32\msvcr71.dll
2008-06-13 11:05 272,128
w C:\WINNT\system32\dllcache\bthport.sys
2008-06-09 20:43 107,888 ----a-w C:\WINNT\system32\CmdLineExt.dll
2008-01-28 03:58 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2007-08-04 04:24 984,576 ----a-w C:\WINNT\inf\syssbck.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-04_12.09.47.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-05 18:07:32 18,944 ----a-r C:\WINNT\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-05 18:07:32 65,024 ----a-r C:\WINNT\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-06-07 61440]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-04-04 1368064]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-29 67128]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 1271032]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 1103480]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-22 1126400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINNT\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 C:\WINNT\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINNT\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MPlayer2_FixUp"="C:\WINNT\inf\unregmp2.exe" [2007-06-26 317440]
"nltide_3"="advpack.dll" [2008-04-13 C:\WINNT\system32\advpack.dll]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
PowerReg Scheduler.exe [2008-07-27 256000]
Registration IL-2 Sturmovik 1946.LNK - C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe [2005-05-24 868352]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-27 3450608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-27 113664]
BlackBerry Desktop Redirector.lnk - C:\Program Files\Research In Motion\BlackBerry\Redirector.exe [2006-07-26 1319018]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-29 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-20 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINNT\\system32\\PnkBstrA.exe"=
"C:\\WINNT\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

R0 pavboot;pavboot;C:\WINNT\system32\drivers\pavboot.sys [2008-06-19 28544]
S0 ctrub;ctrub;C:\WINNT\system32\drivers\lftkddee.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Sharedaccess
Tapisrv
Themes
TrkWks
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN
napagent
hkmsvc
wscsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Contents of the 'Scheduled Tasks' folder
.
.
Supplementary Scan
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ir8mdjq2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.msn.com
FF -: plugin - C:\Program Files\Download Manager\npfpdlm.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 18:16:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-06 18:20:24
ComboFix-quarantined-files.txt 2008-09-07 01:20:22
ComboFix2.txt 2008-09-04 19:13:15
ComboFix3.txt 2008-09-04 19:10:09

Pre-Run: 117,085,278,208 bytes free
Post-Run: 117,075,312,640 bytes free

284 --- E O F --- 2008-09-03 07:20:57

chiaz · September 2008

Still waiting for your SAS and MBAM logs.

Also let me know how your PC is running now.

BrettSD · September 2008

Ha, I ended up falling asleep while running the MBAM scan and watching John Wayne and Clint Eastwood westerns. Anyways...

MBAM log

Malwarebytes' Anti-Malware 1.26
Database version: 1106
Windows 5.1.2600 Service Pack 3

9/6/2008 10:55:33 PM
mbam-log-2008-09-06 (22-55-33).txt

Scan type: Full Scan (C:\|)
Objects scanned: 210628
Time elapsed: 2 hour(s), 43 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINNT\system32\blphcjrgj0er8e.scr.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINNT\system32\lphcjrgj0er8e.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

SAS log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/06/2008 at 11:42 PM

Application Version : 4.21.1004

Core Rules Database Version : 3557
Trace Rules Database Version: 1545

Scan type : Complete Scan
Total Scan Time : 00:40:26

Memory items scanned : 139
Memory threats detected : 0
Registry items scanned : 4973
Registry threats detected : 0
File items scanned : 21269
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@at.atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cdn.at.atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt

My computer seems to be running much better. So far I haven't seen any pop ups. I rebooted in between both scans.

chiaz · September 2008

If all is well now, this will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below into the box and click OK.

ComboFix /u

BrettSD · September 2008

Thank you very much, Chiaz. Once again the fine people at icrontic.com save the day.

chiaz · September 2008

You're welcome.

Glad we could be of assistance! The help you received here was free.

This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead

_______________________________

Have we helped you with any issues you have had with your PCs or other items? If so, you can now help us by Joining Team 93 and fold for a cure.

Antivirus XP 2008 problem- BrettSD

Comments