Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

trojan downloader. 665 removal

850 Views 10 Replies 2 Participants Last post by  Cheeseball81
P
I am trying to clean up my son's pc (xp) system that is running very slowly. I have run numerous scans ( using bit defender pro) plus ad aware and spybot. Bit defender found this file trojandownloader.665 at c:\windows\downloadedprogram files\miniclipgameloaded.dll
I tried removing it manually but couldn't find it, did a search and couldn't find it. Bit defender didn't remove or quaranteen it but just blocked it.
I did a hijack log but I am beyond my expertise in locating problem files. heres the log. any help would be greatly appreciated.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\HP Mouse\panel.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.531\Hijac kThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0. dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\Program Files\Pop Blocker\Updated.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0. dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: NewShortcut1.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thi...wnloadCtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Sddrivopshcc - Unknown owner - (no file)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Edit/Delete Message
See less See more
Save
Like
Status
Not open for further replies.
1 - 6 of 11 Posts
P
here is the AVG scan in safe mode...thanks again for your help

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:52:35 PM 12/28/2006

+ Scan result:

C:\System Volume Information\_restore{E6D38588-A8C0-4B57-B619-A8BABDE09E1A}\RP691\A0254887.EXE -> Adware.SaveNow : Ignored.
C:\System Volume Information\_restore{E6D38588-A8C0-4B57-B619-A8BABDE09E1A}\RP660\A0251319.EXE -> Downloader.Delf.br : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E6D38588-A8C0-4B57-B619-A8BABDE09E1A}\RP691\A0254888.DLL -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored.
:mozilla.19:C:\RECYCLER\NPROTECT\00283332.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00283452.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00283540.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.19:C:\RECYCLER\NPROTECT\00283542.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00283331.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00283332.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00283452.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00283538.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00283540.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00283542.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00283331.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00283538.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00283547.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\00283331.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\00283547.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00283548.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00283548.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\RECYCLER\NPROTECT\00283549.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\RECYCLER\NPROTECT\00283551.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\RECYCLER\NPROTECT\00283708.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\RECYCLER\NPROTECT\00283724.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\RECYCLER\NPROTECT\00283726.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\RECYCLER\NPROTECT\00283549.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\RECYCLER\NPROTECT\00283551.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\RECYCLER\NPROTECT\00283708.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\RECYCLER\NPROTECT\00283724.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\RECYCLER\NPROTECT\00283726.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT\00283729.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT\00283729.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ysekezs8.Aaron\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00283730.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00284332.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00284337.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ysekezs8.Aaron\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.35:C:\RECYCLER\NPROTECT\00283730.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.35:C:\RECYCLER\NPROTECT\00284332.MOZ -> TrackingCookie.Adbrite : Cleaned.
:mozilla.35:C:\RECYCLER\NPROTECT\00284337.MOZ -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00283332.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00283452.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00283540.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00283542.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\00283332.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\00283452.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\00283538.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\00283540.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\00283542.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00283331.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00283332.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00283452.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00283538.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00283540.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00283542.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00283547.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00283331.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00283332.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00283452.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00283538.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00283540.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00283542.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00283547.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00283331.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00283538.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00283547.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\RECYCLER\NPROTECT\00283331.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\RECYCLER\NPROTECT\00283547.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\RECYCLER\NPROTECT\00283548.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.27:C:\RECYCLER\NPROTECT\00283548.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.28:C:\RECYCLER\NPROTECT\00283548.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT\00283548.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT\00283549.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT\00283551.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT\00283708.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT\00283724.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT\00283726.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.30:C:\RECYCLER\NPROTECT\00283549.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.30:C:\RECYCLER\NPROTECT\00283551.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.30:C:\RECYCLER\NPROTECT\00283708.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.30:C:\RECYCLER\NPROTECT\00283724.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.30:C:\RECYCLER\NPROTECT\00283726.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT\00283549.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT\00283551.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT\00283708.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT\00283724.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT\00283726.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT\00283549.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT\00283551.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT\00283708.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT\00283724.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.32:C:\RECYCLER\NPROTECT\00283726.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.33:C:\RECYCLER\NPROTECT\00283729.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00283729.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.35:C:\RECYCLER\NPROTECT\00283729.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ysekezs8.Aaron\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00283729.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00283730.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00284332.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00284337.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ysekezs8.Aaron\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00283730.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00284332.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00284337.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ysekezs8.Aaron\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00283730.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00284332.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00284337.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ysekezs8.Aaron\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00283730.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00284332.MOZ -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.39:C:\RECYCLER\NPROTECT\00284337.MOZ -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:C:\RECYCLER\NPROTECT\00283332.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.26:C:\RECYCLER\NPROTECT\00283452.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.26:C:\RECYCLER\NPROTECT\00283540.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.26:C:\RECYCLER\NPROTECT\00283542.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.27:C:\RECYCLER\NPROTECT\00283538.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.28:C:\RECYCLER\NPROTECT\00283331.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.28:C:\RECYCLER\NPROTECT\00283547.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.31:C:\RECYCLER\NPROTECT\00283548.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00283549.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00283551.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00283708.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00283724.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00283726.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00283729.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ysekezs8.Aaron\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00283730.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00284332.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00284337.MOZ -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00284332.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00283730.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00284332.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ysekezs8.Aaron\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00284337.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ysekezs8.Aaron\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00284337.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00283730.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT\00283729.MOZ -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.10:C:\RECYCLER\NPROTECT\00283538.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.10:C:\RECYCLER\NPROTECT\00283547.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00283547.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.12:C:\RECYCLER\NPROTECT\00283547.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00283548.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00283548.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00283548.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00283549.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00283551.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00283708.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00283724.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00283726.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00283549.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00283551.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00283708.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00283724.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00283726.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00283549.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00283551.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00283708.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00283724.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.18:C:\RECYCLER\NPROTECT\00283726.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.20:C:\RECYCLER\NPROTECT\00283729.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\RECYCLER\NPROTECT\00283729.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.22:C:\RECYCLER\NPROTECT\00283729.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ysekezs8.Aaron\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00283730.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00284332.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00284337.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ysekezs8.Aaron\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00283730.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00284332.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00284337.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ysekezs8.Aaron\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00283730.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00284332.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00284337.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00283331.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00283331.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00283332.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00283452.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00283540.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00283542.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00283331.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00283332.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00283452.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00283538.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00283540.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00283542.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT\00283332.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT\00283452.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT\00283538.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT\00283540.MOZ -> TrackingCookie.Hitbox : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT\00283542.MOZ -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end
See less See more
Save
Like
P
I'm working on the panda scan but it looks like it will take awhile. I' will post as soon as I can
Save
Like
P
here is what Panda scan found

Incident Status Location

Virus:trj/downloader.aee Disinfected Operating system
Adware:adware/sqwire Not disinfected Windows Registry
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Save
Like
P
Thanks for your help with this ....

Logfile of HijackThis v1.99.1
Scan saved at 7:43:54 AM, on 12/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\HP Mouse\panel.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.766\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\Program Files\Pop Blocker\Updated.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: NewShortcut1.lnk = ?
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Sddrivopshcc - Unknown owner - (no file)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
See less See more
Save
Like
P
got rid of it...seems to be doing ok . Still slow...though.

Thanks for the help
Save
Like
1 - 6 of 11 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top