Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 08-13-2007, 09:40 PM   #1 (permalink)
Transfer Agent
 
troit's Avatar
 
Location: NYC
I found a virus that I cannot get rid of...

Edit: Once I found the virus I started using Firefox until I discovered it was trying to update a random website everytime I click on something.

I discovered spyware on my system a few days ago that I cannot get rid of. My system is running Windows XP. Whenever I open IE 6 I get the following error:

Internet Explorer

Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience.

---------------------------------------------------------------------------------
If you were in the middle of something, the information you were working on might be lost.


[Debug] [Close]


Now if I click on either debug or close it completely shuts down IE6. If I do nothing but just move the error dialog box to the bottom of the screen it allows me to still operate IE6.

Things I've learned over the past couple of days this has been going on:

A folder is created in my program files/windows/system 32 folder named: iiclmzt. I initially did a search for this folder name on google. Nothing. I closed IE6 and then deleted the folder. Emptied the trash bin. Reopened IE6. Same error. Folder reaapears. Now when I surf with IE I noticed that when I click on a webpage I get redirected to a random search engine webpage, that is not always the same. After a little bit of research I discovered the address of one of the redirect websites is: m1.2mdm.net

The anti-spyware/adaware programs that I have run and their logs:

Spybot-initally ran this twice

LOG 1:
13.08.2007 16:57:40 - ##### check started #####
13.08.2007 16:57:40 - ### Version: 1.4
13.08.2007 16:57:40 - ### Date: 8/13/2007 4:57:40 PM
13.08.2007 16:57:41 - ##### checking bots #####
13.08.2007 16:59:53 - found: ISearchTech.PowerScan Settings
13.08.2007 17:01:16 - found: DyFuCA Settings
13.08.2007 17:01:34 - found: ISearchTech.YSB Module usage
13.08.2007 17:01:34 - found: ISearchTech.YSB Shared DLL 1 apps
13.08.2007 17:02:21 - found: Vcodec Data
13.08.2007 17:03:59 - found: Smitfraud-C. Settings
13.08.2007 17:07:40 - found: Microsoft.WindowsSecurityCenter.FirewallBypass Settings
13.08.2007 17:07:40 - found: Microsoft.WindowsSecurityCenter_disabled Settings
13.08.2007 17:07:40 - found: Microsoft.Windows.IEFirewallBypass Settings
13.08.2007 17:11:16 - found: CouponBar Class ID
13.08.2007 17:11:16 - found: CouponBar Class ID
13.08.2007 17:11:16 - found: CouponBar Root class
13.08.2007 17:11:16 - found: CouponBar Class ID
13.08.2007 17:11:17 - found: CouponBar Interface
13.08.2007 17:11:17 - found: CouponBar Interface
13.08.2007 17:11:17 - found: CouponBar Type library
13.08.2007 17:11:35 - found: AstaKiller Root class
13.08.2007 17:15:07 - found: Virtumonde Executable
13.08.2007 17:15:08 - found: Virtumonde Settings
13.08.2007 17:16:40 - found: Zlob.VideoActiveXObject User settings
13.08.2007 17:16:42 - found: Zlob.VideoActiveXObject Program directory
13.08.2007 17:17:24 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:26 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:26 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:27 - found: TagASaurus Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:27 - found: FastClick Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:27 - found: Clickbank Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:34 - found: SpywareBOT Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:37 - found: Win32.Small.ddx Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:43 - found: Win32.Small.ddx Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:44 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:44 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:45 - found: SystemDoctor2006 Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:48 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:49 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:50 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:51 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:53 - found: DoubleClick Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:53 - found: Win32.Small.ddx Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:56 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:58 - found: ErrorSafe Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:02 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:04 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:07 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:08 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:11 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:16 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:18 - found: ErrorSafe Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:18 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:19 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:19 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:22 - found: Targetsaver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:28 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:29 - found: Winsoftware Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:45 - found: Winsoftware Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:45 - found: Winsoftware Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:58 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:19:16 - found: Winsoftware Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:19:24 - found: Virtumonde Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:19:44 - found: AdRevolver Tracking cookie (Firefox: default)
13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default)
13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default)
13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default)
13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default)
13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default)
13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:48 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:49 - found: DoubleClick Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: FastClick Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: FastClick Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: FastClick Tracking cookie (Firefox: default)
13.08.2007 17:19:52 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:52 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:56 - found: MediaPlex Tracking cookie (Firefox: default)
13.08.2007 17:19:56 - found: MediaPlex Tracking cookie (Firefox: default)
13.08.2007 17:20:01 - found: SexTracker Tracking cookie (Firefox: default)
13.08.2007 17:20:02 - found: Statcounter Tracking cookie (Firefox: default)
13.08.2007 17:20:02 - found: Statcounter Tracking cookie (Firefox: default)
13.08.2007 17:20:02 - found: Statcounter Tracking cookie (Firefox: default)
13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default)
13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default)
13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default)
13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default)
13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default)
13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default)
13.08.2007 17:20:31 - found: CoreMetrics Tracking cookie (Firefox: default)
13.08.2007 17:20:32 - found: AdRevolver Tracking cookie (Firefox: default)
13.08.2007 17:20:32 - found: AdRevolver Tracking cookie (Firefox: default)
13.08.2007 17:20:32 - found: AdRevolver Tracking cookie (Firefox: default)
13.08.2007 17:20:33 - found: WebTrends live Tracking cookie (Firefox: default)
13.08.2007 17:20:33 - found: CoreMetrics Tracking cookie (Firefox: default)
13.08.2007 17:20:47 - ##### check finished #####


Log 2:

--- Report generated: 2007-08-13 17:20 ---

ISearchTech.PowerScan: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\BandRest

DyFuCA: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2461700238-3647360330-3069536493-1007\Software\Microsoft\Internet Explorer\Main\BandRest

ISearchTech.YSB: Module usage (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll

ISearchTech.YSB: Shared DLL (1 apps) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\ysbactivex.dll

Vcodec: Data (File, nothing done)
C:\WINDOWS\system32\ts.ico

Smitfraud-C.: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ishost.exe

Microsoft.WindowsSecurityCenter.FirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

CouponBar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

CouponBar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}

CouponBar: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\cpbrkpie.Coupon6Ctrl.1

CouponBar: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

CouponBar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}

CouponBar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}

CouponBar: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}

AstaKiller: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\MezziaCodec.Chl

Virtumonde: Executable (File, nothing done)
C:\Documents and Settings\Joe Bly\Local Settings\Temp\removalfile.bat

Virtumonde: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

Zlob.VideoActiveXObject: User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2461700238-3647360330-3069536493-1007\Software\Internet Security\Path=...C:\Program Files\Video ActiveX Object...

Zlob.VideoActiveXObject: Program directory (Directory, nothing done)
C:\Program Files\Video ActiveX Object\

WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


TagASaurus: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


FastClick: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


Clickbank: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


SpywareBOT: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


Win32.Small.ddx: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


Win32.Small.ddx: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


SystemDoctor2006: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


Win32.Small.ddx: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


ErrorSafe: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


ErrorSafe: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


Targetsaver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


Winsoftware: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


Winsoftware: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


Winsoftware: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


Winsoftware: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


Virtumonde: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


SexTracker: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)


CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-08-13 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-08 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-08 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-08 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-08 Includes\MalwareC.sbi (*)
2007-08-08 Includes\PUPS.sbi (*)
2007-08-08 Includes\PUPSC.sbi (*)
2007-08-08 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-08 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-08 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-08 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

After spybot I rebooted and tried IE again. Same error.

I next ran:

AVG Anti-Spyware 7.5

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:21:37 PM 8/13/2007

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : No action taken.
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP870\A0234358.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : No action taken.
:mozilla.21:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.22:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.23:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.24:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.25:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.26:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.27:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.20:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.40:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.41:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.56:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.57:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.58:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.59:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.60:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.36:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.31:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.13:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.14:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.15:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.16:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.17:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

I also ranHijack this

Logfile of HijackThis v1.99.1
Scan saved at 5:37:18 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\DIGStream\digstream.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJack This\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 pagead2.googlesyndication.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing)
O2 - BHO: (no name) - {6D55F78D-57E0-7A56-9975-02E12506D1B4} - C:\Program Files\Zbtewchh\scmfsfpl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [pkpghutm] rundll32.exe "C:\Program Files\pkpghutm\fwlqlofm.dll",Init
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\Flashget\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\Flashget\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/036cf42b70a5...4a023f5_35.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133391033516
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://stareat.it.helsinki.fi/activex/AMC.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www3.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ropesgray.webex.com/client/v...rt/ieatgpc.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineaj32 - wineaj32.dll (file missing)
O20 - Winlogon Notify: winkye32 - C:\WINDOWS\SYSTEM32\winkye32.dll
O20 - Winlogon Notify: winqne32 - C:\WINDOWS\SYSTEM32\winqne32.dll
O20 - Winlogon Notify: winrid32 - C:\WINDOWS\SYSTEM32\winrid32.dll
O20 - Winlogon Notify: winwim32 - C:\WINDOWS\SYSTEM32\winwim32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
__________________
I've yet to dephile myself...
troit is offline  
Old 08-13-2007, 10:15 PM   #2 (permalink)
The Computer Kid :D
 
Location: 127.0.0.1
Making sure all of those scanners are updated, reboot and press F8 before the Windows logo appears and boot into Safe Mode.

Run the scanners in safe mode if you can.
MikeSty is offline  
Old 08-13-2007, 10:50 PM   #3 (permalink)
Transfer Agent
 
troit's Avatar
 
Location: NYC
I'll give that a try. thanks Mike.
__________________
I've yet to dephile myself...
troit is offline  
Old 08-14-2007, 06:10 AM   #4 (permalink)
Devils Cabana Boy
 
Dilbert1234567's Avatar
 
Location: Central Coast CA
your best bet is to pluck the drive and scan it under a second operating system that you know is clean. some of the nasties can hide even in safe mode.
__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen
Dilbert1234567 is offline  
Old 08-14-2007, 07:33 AM   #5 (permalink)
Transfer Agent
 
troit's Avatar
 
Location: NYC
Quote:
Originally Posted by Dilbert1234567
your best bet is to pluck the drive and scan it under a second operating system that you know is clean. some of the nasties can hide even in safe mode.
Yeah Safe mode didn't help. Do I just plug this laptop in with a USB like its an external hard drive?
__________________
I've yet to dephile myself...
troit is offline  
Old 08-14-2007, 07:46 AM   #6 (permalink)
Psycho
 
Can't you do a system restore?
HeyAgain is offline  
Old 08-14-2007, 07:50 AM   #7 (permalink)
Devils Cabana Boy
 
Dilbert1234567's Avatar
 
Location: Central Coast CA
i'm late for work so i'll have to rush this, if anyone knows what i am talking about, please tell troit the steps.

one more thing to try, after your scan in safe mode, for each of the files it can't be removed, changed the NTFS permissions and remove all accounts. then reboot, return access and rescan, the files should not be in use because they were unaccessible when the system booted and thus not launched.
__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen
Dilbert1234567 is offline  
Old 08-15-2007, 12:00 AM   #8 (permalink)
Junkie
 
MontanaXVI's Avatar
 
Location: Go A's!!!!
I had a problem similar in there was something that was taking window focus away from my main window and 100 different programs all found nothing.

Until I ran an older program I used to use quite often until Adaware and Spybot became the standard. It is called Swatit, it is a trojan/bot finder and believe it or not, it did find what was the problem, an exe file I knew nothing about in my root dir, once I got rid of it I have had no problems. You might want to give it a run in safe mode and see if it can help, it is freeware and can be downloaded at:

http://lockdowncorp.com/bots/downloadswatit.html

You have to enter your e-mail and they send you a download link, but what I did was hop on http://10minutemail.com/10MinuteMail/index.html get a free 10 minute email addy and enter that to get your swat it dl link, then just close the 10 minute mail addy and don't worry about spam. Also something else you can try is Webroot's Spy Sweeper, I personally have never used it, but have heard many good things about it's detection and deletion. Also I assume you have an AV program from seeing the Symantec/Norton entries in your log postings but check out AVG and or Avast and see if either of them pick anything up and check out Trend Micro's free online AV scan just as a double check to see if your system is clean.
__________________
Spank you very much
MontanaXVI is offline  
 

Tags
found, rid, virus


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 09:50 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360