I found a virus that I cannot get rid of... - Tilted Forum Project Discussion Community

troit · 08-13-2007, 09:40 PM

Edit: Once I found the virus I started using Firefox until I discovered it was trying to update a random website everytime I click on something.

I discovered spyware on my system a few days ago that I cannot get rid of. My system is running Windows XP. Whenever I open IE 6 I get the following error:

Internet Explorer

Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience.

---------------------------------------------------------------------------------
If you were in the middle of something, the information you were working on might be lost.

[Debug] [Close]

Now if I click on either debug or close it completely shuts down IE6. If I do nothing but just move the error dialog box to the bottom of the screen it allows me to still operate IE6.

Things I've learned over the past couple of days this has been going on:

A folder is created in my program files/windows/system 32 folder named: iiclmzt. I initially did a search for this folder name on google. Nothing. I closed IE6 and then deleted the folder. Emptied the trash bin. Reopened IE6. Same error. Folder reaapears. Now when I surf with IE I noticed that when I click on a webpage I get redirected to a random search engine webpage, that is not always the same. After a little bit of research I discovered the address of one of the redirect websites is: m1.2mdm.net

The anti-spyware/adaware programs that I have run and their logs:

Spybot-initally ran this twice

LOG 1:
13.08.2007 16:57:40 - ##### check started #####
13.08.2007 16:57:40 - ### Version: 1.4
13.08.2007 16:57:40 - ### Date: 8/13/2007 4:57:40 PM
13.08.2007 16:57:41 - ##### checking bots #####
13.08.2007 16:59:53 - found: ISearchTech.PowerScan Settings
13.08.2007 17:01:16 - found: DyFuCA Settings
13.08.2007 17:01:34 - found: ISearchTech.YSB Module usage
13.08.2007 17:01:34 - found: ISearchTech.YSB Shared DLL 1 apps
13.08.2007 17:02:21 - found: Vcodec Data
13.08.2007 17:03:59 - found: Smitfraud-C. Settings
13.08.2007 17:07:40 - found: Microsoft.WindowsSecurityCenter.FirewallBypass Settings
13.08.2007 17:07:40 - found: Microsoft.WindowsSecurityCenter_disabled Settings
13.08.2007 17:07:40 - found: Microsoft.Windows.IEFirewallBypass Settings
13.08.2007 17:11:16 - found: CouponBar Class ID
13.08.2007 17:11:16 - found: CouponBar Class ID
13.08.2007 17:11:16 - found: CouponBar Root class
13.08.2007 17:11:16 - found: CouponBar Class ID
13.08.2007 17:11:17 - found: CouponBar Interface
13.08.2007 17:11:17 - found: CouponBar Interface
13.08.2007 17:11:17 - found: CouponBar Type library
13.08.2007 17:11:35 - found: AstaKiller Root class
13.08.2007 17:15:07 - found: Virtumonde Executable
13.08.2007 17:15:08 - found: Virtumonde Settings
13.08.2007 17:16:40 - found: Zlob.VideoActiveXObject User settings
13.08.2007 17:16:42 - found: Zlob.VideoActiveXObject Program directory
13.08.2007 17:17:24 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:26 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:26 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:27 - found: TagASaurus Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:27 - found: FastClick Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:27 - found: Clickbank Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:34 - found: SpywareBOT Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:37 - found: Win32.Small.ddx Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:43 - found: Win32.Small.ddx Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:44 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:44 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:45 - found: SystemDoctor2006 Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:48 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:49 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:50 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:51 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:53 - found: DoubleClick Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:53 - found: Win32.Small.ddx Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:56 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:17:58 - found: ErrorSafe Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:02 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:04 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:07 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:08 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:11 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:16 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:18 - found: ErrorSafe Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:18 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:19 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:19 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:22 - found: Targetsaver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:28 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:29 - found: Winsoftware Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:45 - found: Winsoftware Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:45 - found: Winsoftware Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:18:58 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:19:16 - found: Winsoftware Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:19:24 - found: Virtumonde Tracking cookie (Internet Explorer: Joe Bly)
13.08.2007 17:19:44 - found: AdRevolver Tracking cookie (Firefox: default)
13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default)
13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default)
13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default)
13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default)
13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default)
13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:48 - found: CasaleMedia Tracking cookie (Firefox: default)
13.08.2007 17:19:49 - found: DoubleClick Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: FastClick Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: FastClick Tracking cookie (Firefox: default)
13.08.2007 17:19:50 - found: FastClick Tracking cookie (Firefox: default)
13.08.2007 17:19:52 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:52 - found: HitBox Tracking cookie (Firefox: default)
13.08.2007 17:19:56 - found: MediaPlex Tracking cookie (Firefox: default)
13.08.2007 17:19:56 - found: MediaPlex Tracking cookie (Firefox: default)
13.08.2007 17:20:01 - found: SexTracker Tracking cookie (Firefox: default)
13.08.2007 17:20:02 - found: Statcounter Tracking cookie (Firefox: default)
13.08.2007 17:20:02 - found: Statcounter Tracking cookie (Firefox: default)
13.08.2007 17:20:02 - found: Statcounter Tracking cookie (Firefox: default)
13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default)
13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default)
13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default)
13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default)
13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default)
13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default)
13.08.2007 17:20:31 - found: CoreMetrics Tracking cookie (Firefox: default)
13.08.2007 17:20:32 - found: AdRevolver Tracking cookie (Firefox: default)
13.08.2007 17:20:32 - found: AdRevolver Tracking cookie (Firefox: default)
13.08.2007 17:20:32 - found: AdRevolver Tracking cookie (Firefox: default)
13.08.2007 17:20:33 - found: WebTrends live Tracking cookie (Firefox: default)
13.08.2007 17:20:33 - found: CoreMetrics Tracking cookie (Firefox: default)
13.08.2007 17:20:47 - ##### check finished #####

Log 2:

--- Report generated: 2007-08-13 17:20 ---

ISearchTech.PowerScan: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\BandRest

DyFuCA: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2461700238-3647360330-3069536493-1007\Software\Microsoft\Internet Explorer\Main\BandRest

ISearchTech.YSB: Module usage (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll

ISearchTech.YSB: Shared DLL (1 apps) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\ysbactivex.dll

Vcodec: Data (File, nothing done)
C:\WINDOWS\system32\ts.ico

Smitfraud-C.: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ishost.exe

Microsoft.WindowsSecurityCenter.FirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe

Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

CouponBar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

CouponBar: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}

CouponBar: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\cpbrkpie.Coupon6Ctrl.1

CouponBar: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

CouponBar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}

CouponBar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}

CouponBar: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}

AstaKiller: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\MezziaCodec.Chl

Virtumonde: Executable (File, nothing done)
C:\Documents and Settings\Joe Bly\Local Settings\Temp\removalfile.bat

Virtumonde: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

Zlob.VideoActiveXObject: User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2461700238-3647360330-3069536493-1007\Software\Internet Security\Path=...C:\Program Files\Video ActiveX Object...

Zlob.VideoActiveXObject: Program directory (Directory, nothing done)
C:\Program Files\Video ActiveX Object\

WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

TagASaurus: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

FastClick: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

Clickbank: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

SpywareBOT: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

Win32.Small.ddx: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

Win32.Small.ddx: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

SystemDoctor2006: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

DoubleClick: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

Win32.Small.ddx: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

ErrorSafe: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

ErrorSafe: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

Targetsaver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

Winsoftware: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

Winsoftware: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

Winsoftware: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

Winsoftware: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

Virtumonde: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)

MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)

MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)

SexTracker: Tracking cookie (Firefox: default) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)

CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-08-13 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-08 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-08 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-08 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-08 Includes\MalwareC.sbi (*)
2007-08-08 Includes\PUPS.sbi (*)
2007-08-08 Includes\PUPSC.sbi (*)
2007-08-08 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-08 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-08 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-08 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

After spybot I rebooted and tried IE again. Same error.

I next ran:

AVG Anti-Spyware 7.5

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:21:37 PM 8/13/2007

+ Scan result:

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : No action taken.
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : No action taken.
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP870\A0234358.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : No action taken.
:mozilla.21:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.22:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.23:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.24:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.25:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.26:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.27:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.20:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.40:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.41:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.56:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.57:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.58:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.59:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.60:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.36:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.31:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.13:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.14:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.15:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.16:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.17:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

::Report end

I also ranHijack this

Logfile of HijackThis v1.99.1
Scan saved at 5:37:18 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\DIGStream\digstream.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJack This\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O1 - Hosts: 66.98.136.25 auto.search.msn.com
O1 - Hosts: 66.98.136.25 auto.search.msn.es
O1 - Hosts: 66.98.136.25 pagead2.googlesyndication.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing)
O2 - BHO: (no name) - {6D55F78D-57E0-7A56-9975-02E12506D1B4} - C:\Program Files\Zbtewchh\scmfsfpl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [pkpghutm] rundll32.exe "C:\Program Files\pkpghutm\fwlqlofm.dll",Init
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\Flashget\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\Flashget\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/036cf42b70a5...4a023f5_35.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133391033516
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://stareat.it.helsinki.fi/activex/AMC.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www3.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ropesgray.webex.com/client/v...rt/ieatgpc.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineaj32 - wineaj32.dll (file missing)
O20 - Winlogon Notify: winkye32 - C:\WINDOWS\SYSTEM32\winkye32.dll
O20 - Winlogon Notify: winqne32 - C:\WINDOWS\SYSTEM32\winqne32.dll
O20 - Winlogon Notify: winrid32 - C:\WINDOWS\SYSTEM32\winrid32.dll
O20 - Winlogon Notify: winwim32 - C:\WINDOWS\SYSTEM32\winwim32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

MikeSty · 08-13-2007, 10:15 PM

Making sure all of those scanners are updated, reboot and press F8 before the Windows logo appears and boot into Safe Mode.

Run the scanners in safe mode if you can.

troit · 08-13-2007, 10:50 PM

I'll give that a try. thanks Mike.

Dilbert1234567 · 08-14-2007, 06:10 AM

your best bet is to pluck the drive and scan it under a second operating system that you know is clean. some of the nasties can hide even in safe mode.

troit · 08-14-2007, 07:33 AM

Quote:

Originally Posted by Dilbert1234567

your best bet is to pluck the drive and scan it under a second operating system that you know is clean. some of the nasties can hide even in safe mode.

Yeah Safe mode didn't help. Do I just plug this laptop in with a USB like its an external hard drive?

HeyAgain · 08-14-2007, 07:46 AM

Can't you do a system restore?

Dilbert1234567 · 08-14-2007, 07:50 AM

i'm late for work so i'll have to rush this, if anyone knows what i am talking about, please tell troit the steps.

one more thing to try, after your scan in safe mode, for each of the files it can't be removed, changed the NTFS permissions and remove all accounts. then reboot, return access and rescan, the files should not be in use because they were unaccessible when the system booted and thus not launched.

MontanaXVI · 08-15-2007, 12:00 AM

I had a problem similar in there was something that was taking window focus away from my main window and 100 different programs all found nothing.

Until I ran an older program I used to use quite often until Adaware and Spybot became the standard. It is called Swatit, it is a trojan/bot finder and believe it or not, it did find what was the problem, an exe file I knew nothing about in my root dir, once I got rid of it I have had no problems. You might want to give it a run in safe mode and see if it can help, it is freeware and can be downloaded at:

http://lockdowncorp.com/bots/downloadswatit.html

You have to enter your e-mail and they send you a download link, but what I did was hop on http://10minutemail.com/10MinuteMail/index.html get a free 10 minute email addy and enter that to get your swat it dl link, then just close the 10 minute mail addy and don't worry about spam. Also something else you can try is Webroot's Spy Sweeper, I personally have never used it, but have heard many good things about it's detection and deletion. Also I assume you have an AV program from seeing the Symantec/Norton entries in your log postings but check out AVG and or Avast and see if either of them pick anything up and check out Trend Micro's free online AV scan just as a double check to see if your system is clean.

08-13-2007, 09:40 PM	#1 (permalink)
troit Transfer Agent Location: NYC	I found a virus that I cannot get rid of... Edit: Once I found the virus I started using Firefox until I discovered it was trying to update a random website everytime I click on something. I discovered spyware on my system a few days ago that I cannot get rid of. My system is running Windows XP. Whenever I open IE 6 I get the following error: Internet Explorer Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience. --------------------------------------------------------------------------------- If you were in the middle of something, the information you were working on might be lost. [Debug] [Close] Now if I click on either debug or close it completely shuts down IE6. If I do nothing but just move the error dialog box to the bottom of the screen it allows me to still operate IE6. Things I've learned over the past couple of days this has been going on: A folder is created in my program files/windows/system 32 folder named: iiclmzt. I initially did a search for this folder name on google. Nothing. I closed IE6 and then deleted the folder. Emptied the trash bin. Reopened IE6. Same error. Folder reaapears. Now when I surf with IE I noticed that when I click on a webpage I get redirected to a random search engine webpage, that is not always the same. After a little bit of research I discovered the address of one of the redirect websites is: m1.2mdm.net The anti-spyware/adaware programs that I have run and their logs: Spybot-initally ran this twice LOG 1: 13.08.2007 16:57:40 - ##### check started ##### 13.08.2007 16:57:40 - ### Version: 1.4 13.08.2007 16:57:40 - ### Date: 8/13/2007 4:57:40 PM 13.08.2007 16:57:41 - ##### checking bots ##### 13.08.2007 16:59:53 - found: ISearchTech.PowerScan Settings 13.08.2007 17:01:16 - found: DyFuCA Settings 13.08.2007 17:01:34 - found: ISearchTech.YSB Module usage 13.08.2007 17:01:34 - found: ISearchTech.YSB Shared DLL 1 apps 13.08.2007 17:02:21 - found: Vcodec Data 13.08.2007 17:03:59 - found: Smitfraud-C. Settings 13.08.2007 17:07:40 - found: Microsoft.WindowsSecurityCenter.FirewallBypass Settings 13.08.2007 17:07:40 - found: Microsoft.WindowsSecurityCenter_disabled Settings 13.08.2007 17:07:40 - found: Microsoft.Windows.IEFirewallBypass Settings 13.08.2007 17:11:16 - found: CouponBar Class ID 13.08.2007 17:11:16 - found: CouponBar Class ID 13.08.2007 17:11:16 - found: CouponBar Root class 13.08.2007 17:11:16 - found: CouponBar Class ID 13.08.2007 17:11:17 - found: CouponBar Interface 13.08.2007 17:11:17 - found: CouponBar Interface 13.08.2007 17:11:17 - found: CouponBar Type library 13.08.2007 17:11:35 - found: AstaKiller Root class 13.08.2007 17:15:07 - found: Virtumonde Executable 13.08.2007 17:15:08 - found: Virtumonde Settings 13.08.2007 17:16:40 - found: Zlob.VideoActiveXObject User settings 13.08.2007 17:16:42 - found: Zlob.VideoActiveXObject Program directory 13.08.2007 17:17:24 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:26 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:26 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:27 - found: TagASaurus Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:27 - found: FastClick Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:27 - found: Clickbank Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:34 - found: SpywareBOT Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:37 - found: Win32.Small.ddx Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:43 - found: Win32.Small.ddx Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:44 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:44 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:45 - found: SystemDoctor2006 Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:48 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:49 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:50 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:51 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:53 - found: DoubleClick Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:53 - found: Win32.Small.ddx Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:56 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:17:58 - found: ErrorSafe Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:02 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:04 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:07 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:08 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:11 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:16 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:18 - found: ErrorSafe Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:18 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:19 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:19 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:22 - found: Targetsaver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:28 - found: AdRevolver Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:29 - found: Winsoftware Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:45 - found: Winsoftware Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:45 - found: Winsoftware Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:18:58 - found: WebTrends live Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:19:16 - found: Winsoftware Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:19:24 - found: Virtumonde Tracking cookie (Internet Explorer: Joe Bly) 13.08.2007 17:19:44 - found: AdRevolver Tracking cookie (Firefox: default) 13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default) 13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default) 13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default) 13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default) 13.08.2007 17:19:46 - found: Advertising.com Tracking cookie (Firefox: default) 13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default) 13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default) 13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default) 13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default) 13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default) 13.08.2007 17:19:47 - found: CasaleMedia Tracking cookie (Firefox: default) 13.08.2007 17:19:48 - found: CasaleMedia Tracking cookie (Firefox: default) 13.08.2007 17:19:49 - found: DoubleClick Tracking cookie (Firefox: default) 13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default) 13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default) 13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default) 13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default) 13.08.2007 17:19:50 - found: HitBox Tracking cookie (Firefox: default) 13.08.2007 17:19:50 - found: FastClick Tracking cookie (Firefox: default) 13.08.2007 17:19:50 - found: FastClick Tracking cookie (Firefox: default) 13.08.2007 17:19:50 - found: FastClick Tracking cookie (Firefox: default) 13.08.2007 17:19:52 - found: HitBox Tracking cookie (Firefox: default) 13.08.2007 17:19:52 - found: HitBox Tracking cookie (Firefox: default) 13.08.2007 17:19:56 - found: MediaPlex Tracking cookie (Firefox: default) 13.08.2007 17:19:56 - found: MediaPlex Tracking cookie (Firefox: default) 13.08.2007 17:20:01 - found: SexTracker Tracking cookie (Firefox: default) 13.08.2007 17:20:02 - found: Statcounter Tracking cookie (Firefox: default) 13.08.2007 17:20:02 - found: Statcounter Tracking cookie (Firefox: default) 13.08.2007 17:20:02 - found: Statcounter Tracking cookie (Firefox: default) 13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default) 13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default) 13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default) 13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default) 13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default) 13.08.2007 17:20:29 - found: Zedo Tracking cookie (Firefox: default) 13.08.2007 17:20:31 - found: CoreMetrics Tracking cookie (Firefox: default) 13.08.2007 17:20:32 - found: AdRevolver Tracking cookie (Firefox: default) 13.08.2007 17:20:32 - found: AdRevolver Tracking cookie (Firefox: default) 13.08.2007 17:20:32 - found: AdRevolver Tracking cookie (Firefox: default) 13.08.2007 17:20:33 - found: WebTrends live Tracking cookie (Firefox: default) 13.08.2007 17:20:33 - found: CoreMetrics Tracking cookie (Firefox: default) 13.08.2007 17:20:47 - ##### check finished ##### Log 2: --- Report generated: 2007-08-13 17:20 --- ISearchTech.PowerScan: Settings (Registry value, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\BandRest DyFuCA: Settings (Registry value, nothing done) HKEY_USERS\S-1-5-21-2461700238-3647360330-3069536493-1007\Software\Microsoft\Internet Explorer\Main\BandRest ISearchTech.YSB: Module usage (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ysbactivex.dll ISearchTech.YSB: Shared DLL (1 apps) (Registry value, nothing done) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\ysbactivex.dll Vcodec: Data (File, nothing done) C:\WINDOWS\system32\ts.ico Smitfraud-C.: Settings (Registry value, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ishost.exe Microsoft.WindowsSecurityCenter.FirewallBypass: Settings (Registry value, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2 Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE CouponBar: Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} CouponBar: Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} CouponBar: Root class (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\Classes\cpbrkpie.Coupon6Ctrl.1 CouponBar: Class ID (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} CouponBar: Interface (Registry key, nothing done) HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4} CouponBar: Interface (Registry key, nothing done) HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4} CouponBar: Type library (Registry key, nothing done) HKEY_CLASSES_ROOT\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3} AstaKiller: Root class (Registry key, nothing done) HKEY_CLASSES_ROOT\MezziaCodec.Chl Virtumonde: Executable (File, nothing done) C:\Documents and Settings\Joe Bly\Local Settings\Temp\removalfile.bat Virtumonde: Settings (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Zlob.VideoActiveXObject: User settings (Registry value, nothing done) HKEY_USERS\S-1-5-21-2461700238-3647360330-3069536493-1007\Software\Internet Security\Path=...C:\Program Files\Video ActiveX Object... Zlob.VideoActiveXObject: Program directory (Directory, nothing done) C:\Program Files\Video ActiveX Object\ WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) TagASaurus: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) FastClick: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) Clickbank: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) SpywareBOT: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) Win32.Small.ddx: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) Win32.Small.ddx: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) SystemDoctor2006: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) DoubleClick: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) Win32.Small.ddx: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) ErrorSafe: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) ErrorSafe: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) Targetsaver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) Winsoftware: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) Winsoftware: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) Winsoftware: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) WebTrends live: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) Winsoftware: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) Virtumonde: Tracking cookie (Internet Explorer: Joe Bly) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done) Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done) Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done) Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done) Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done) FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done) FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done) MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done) SexTracker: Tracking cookie (Firefox: default) (Cookie, nothing done) Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done) Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done) Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done) CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2007-08-13 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2007-05-23 advcheck.dll (1.5.3.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2007-07-31 Tools.dll (2.1.2.0) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2007-08-08 Includes\Cookies.sbi () 2007-07-25 Includes\Dialer.sbi () 2007-08-08 Includes\DialerC.sbi () 2007-07-11 Includes\Hijackers.sbi () 2007-08-08 Includes\HijackersC.sbi () 2007-07-25 Includes\Keyloggers.sbi () 2007-08-08 Includes\KeyloggersC.sbi () 2004-11-29 Includes\LSP.sbi () 2007-08-01 Includes\Malware.sbi () 2007-08-08 Includes\MalwareC.sbi () 2007-08-08 Includes\PUPS.sbi () 2007-08-08 Includes\PUPSC.sbi () 2007-08-08 Includes\Revision.sbi () 2007-05-30 Includes\Security.sbi () 2007-08-08 Includes\SecurityC.sbi () 2007-08-01 Includes\Spybots.sbi () 2007-08-08 Includes\SpybotsC.sbi () 2005-02-17 Includes\Tracks.uti 2007-08-01 Includes\Trojans.sbi () 2007-08-08 Includes\TrojansC.sbi (*) 2007-06-06 Plugins\TCPIPAddress.dll After spybot I rebooted and tried IE again. Same error. I next ran: AVG Anti-Spyware 7.5 AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:21:37 PM 8/13/2007 + Scan result: C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : No action taken. C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : No action taken. C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP870\A0234358.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : No action taken. :mozilla.21:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.22:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.23:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.24:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.25:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.26:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.27:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.20:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken. :mozilla.40:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Overture : No action taken. :mozilla.41:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.56:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.57:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.58:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.59:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.60:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.36:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken. :mozilla.31:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken. :mozilla.13:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.14:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.15:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.16:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.17:C:\Documents and Settings\Joe Bly\Application Data\Mozilla\Firefox\Profiles\t0fw4cep.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. ::Report end I also ranHijack this Logfile of HijackThis v1.99.1 Scan saved at 5:37:18 PM, on 8/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\SYSTEM32\Brmfrmps.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\BacsTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\Program Files\DIGStream\digstream.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\WINDOWS\MXOALDR.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HiJack This\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway O1 - Hosts: 66.98.136.25 auto.search.msn.com O1 - Hosts: 66.98.136.25 auto.search.msn.es O1 - Hosts: 66.98.136.25 pagead2.googlesyndication.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (file missing) O2 - BHO: (no name) - {6D55F78D-57E0-7A56-9975-02E12506D1B4} - C:\Program Files\Zbtewchh\scmfsfpl.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [bacstray] BacsTray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [pkpghutm] rundll32.exe "C:\Program Files\pkpghutm\fwlqlofm.dll",Init O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: SmartUI.lnk = ? O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\Flashget\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\Flashget\jc_link.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/036cf42b70a5...4a023f5_35.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/m...s/MsnPUpld.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133391033516 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://stareat.it.helsinki.fi/activex/AMC.cab O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www3.wirelesssync.vzw.com/en/SyncInstall.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ropesgray.webex.com/client/v...rt/ieatgpc.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wineaj32 - wineaj32.dll (file missing) O20 - Winlogon Notify: winkye32 - C:\WINDOWS\SYSTEM32\winkye32.dll O20 - Winlogon Notify: winqne32 - C:\WINDOWS\SYSTEM32\winqne32.dll O20 - Winlogon Notify: winrid32 - C:\WINDOWS\SYSTEM32\winrid32.dll O20 - Winlogon Notify: winwim32 - C:\WINDOWS\SYSTEM32\winwim32.dll O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE __________________ I've yet to dephile myself...

08-13-2007, 10:50 PM	#3 (permalink)
troit Transfer Agent Location: NYC	I'll give that a try. thanks Mike. __________________ I've yet to dephile myself...

08-14-2007, 06:10 AM	#4 (permalink)
Dilbert1234567 Devils Cabana Boy Location: Central Coast CA	your best bet is to pluck the drive and scan it under a second operating system that you know is clean. some of the nasties can hide even in safe mode. __________________ Donate Blood! "Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen

08-14-2007, 07:50 AM	#7 (permalink)
Dilbert1234567 Devils Cabana Boy Location: Central Coast CA	i'm late for work so i'll have to rush this, if anyone knows what i am talking about, please tell troit the steps. one more thing to try, after your scan in safe mode, for each of the files it can't be removed, changed the NTFS permissions and remove all accounts. then reboot, return access and rescan, the files should not be in use because they were unaccessible when the system booted and thus not launched. __________________ Donate Blood! "Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen

08-15-2007, 12:00 AM	#8 (permalink)
MontanaXVI Junkie Location: Go A's!!!!	I had a problem similar in there was something that was taking window focus away from my main window and 100 different programs all found nothing. Until I ran an older program I used to use quite often until Adaware and Spybot became the standard. It is called Swatit, it is a trojan/bot finder and believe it or not, it did find what was the problem, an exe file I knew nothing about in my root dir, once I got rid of it I have had no problems. You might want to give it a run in safe mode and see if it can help, it is freeware and can be downloaded at: http://lockdowncorp.com/bots/downloadswatit.html You have to enter your e-mail and they send you a download link, but what I did was hop on http://10minutemail.com/10MinuteMail/index.html get a free 10 minute email addy and enter that to get your swat it dl link, then just close the 10 minute mail addy and don't worry about spam. Also something else you can try is Webroot's Spy Sweeper, I personally have never used it, but have heard many good things about it's detection and deletion. Also I assume you have an AV program from seeing the Symantec/Norton entries in your log postings but check out AVG and or Avast and see if either of them pick anything up and check out Trend Micro's free online AV scan just as a double check to see if your system is clean. __________________ Spank you very much

08-13-2007, 10:15 PM	#2 (permalink)
MikeSty The Computer Kid :D Location: 127.0.0.1	Making sure all of those scanners are updated, reboot and press F8 before the Windows logo appears and boot into Safe Mode. Run the scanners in safe mode if you can.

08-14-2007, 07:46 AM	#6 (permalink)
HeyAgain Psycho	Can't you do a system restore?