Thread: Google misdirection to adware/spyware sites
View Single Post
Old 12-04-2007, 06:49 AM   #1 (permalink)
Beretta
Registered User
 
Join Date: Dec 2007
Posts: 6
OS: XP SP2


Google misdirection to adware/spyware sites
Hello,

My XP SP2 based system is giving me some odd misdirections from Google about which I am concerned as my work laptop suffered similarly before failing completely! I'd appreciate any advice.

I've followed steps 1 to 5 and now have a Panda report and DSS Hijackthis logs - text paster below (I've also installed Spyware Blaster and IE-Spyad). Regards - Mike

Deckard's System Scanner v20071014.68
Run by Michael on 2007-12-04 13:26:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2007-12-04 13:26:41 UTC - RP567 - Deckard's System Scanner Restore Point
60: 2007-12-03 17:09:51 UTC - RP566 - System Checkpoint
59: 2007-12-01 15:19:18 UTC - RP565 - System Checkpoint
58: 2007-11-30 14:03:32 UTC - RP564 - System Checkpoint
57: 2007-11-28 20:16:39 UTC - RP563 - System Checkpoint


-- First Restore Point --
1: 2007-09-05 21:15:45 UTC - RP507 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Michael.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:29:55, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\Program Files\WebDrive\wdService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WebDrive\webdrive.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Michael\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange31.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange31.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe /trayicon
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097593749703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129301360078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: McAfee Application Installer Cleanup (0027141196758889) (0027141196758889mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\002714~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\WebDrive\wdService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11681 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 WebDriveFSD (WebDrive File System Driver) - c:\program files\webdrive\rffsd.sys
R3 CardReaderFilter (Card Reader Filter) - c:\windows\system32\drivers\usbcrft.sys <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 Cap7134 (MEDION (7134) WDM Video Capture) - c:\windows\system32\drivers\cap7134.sys <Not Verified; Philips Semiconductors; Philips cap7134>
S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 PhTVTune (MEDION TV-TUNER 7134 MK2/3) - c:\windows\system32\drivers\phtvtune.sys <Not Verified; Philips Semiconductors; Philips TVTuner WDM Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SMART Board Service - "c:\program files\smart board software\smartboardservice.exe" <Not Verified; SMART Technologies Inc.; SMART Board Software>
R2 WebDriveService (WebDrive Service) - c:\program files\webdrive\wdservice.exe
R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>

S2 0027141196758889mcinstcleanup (McAfee Application Installer Cleanup (0027141196758889)) - c:\windows\temp\002714~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-04 08:55:47 274 --a------ C:\WINDOWS\Tasks\HP Usg Login.job
2007-01-22 21:15:26 268 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-01-22 21:15:24 360 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-04 13:29:03 0 d-------- C:\Program Files\Trend Micro
2007-12-04 12:59:04 0 d-------- C:\ie-spyad_zo
2007-12-04 12:49:01 0 d-------- C:\Program Files\SpywareBlaster
2007-12-04 09:15:11 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-04 09:01:25 0 d-------- C:\WINDOWS\LastGood


-- Find3M Report ---------------------------------------------------------------

2007-12-04 10:33:31 0 d-------- C:\Program Files\WebDrive
2007-12-04 10:32:26 0 d-------- C:\Program Files\SMART Board Software
2007-12-04 10:28:25 0 d-------- C:\Program Files\QuickTime
2007-12-04 10:27:44 0 d-------- C:\Program Files\orange3
2007-12-04 10:24:48 0 d-------- C:\Program Files\Messenger
2007-12-04 10:19:32 0 d-------- C:\Program Files\iTunes
2007-12-04 10:17:33 0 d-------- C:\Program Files\Google
2007-12-04 09:01:24 0 d-------- C:\Program Files\McAfee
2007-12-03 22:04:00 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-11-29 20:04:26 0 d-------- C:\Documents and Settings\Michael\Application Data\AdobeUM
2007-11-15 19:18:29 0 d-------- C:\Program Files\Common Files\McAfee
2007-10-14 18:55:21 0 d-------- C:\Program Files\Java


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19/09/2007 06:15 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [28/08/2003 04:20]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/09/2002 04:42]
"@"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [17/03/2004 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"Dit"="Dit.exe" [02/04/2004 12:31 C:\WINDOWS\Dit.exe]
"AGRSMMSG"="AGRSMMSG.exe" [04/03/2005 11:01 C:\WINDOWS\AGRSMMSG.exe]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [10/10/2003 12:25]
"CHotkey"="mHotkey.exe" [24/02/2004 13:05 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [03/02/2004 16:15 C:\WINDOWS\CNYHKey.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29/10/2004 16:50]
"nwiz"="nwiz.exe" [29/10/2004 16:50 C:\WINDOWS\system32\nwiz.exe]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [09/11/2004 05:14]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [04/04/2002 20:03]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [04/04/2002 20:01]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [04/04/2002 20:04]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [11/04/2002 04:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38]
"Nokia Tray Application"="C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [03/01/2003 15:45]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 12:00 C:\WINDOWS\system32\bthprops.cpl]
"WebDriveTray"="C:\Program Files\WebDrive\webdrive.exe" [14/03/2003 10:53]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [16/01/2007 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 11:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [16/02/2007 09:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [14/03/2007 18:05]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [26/07/2004 18:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [29/07/2007 14:52]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 20:05]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 18:16:50]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79a1e0ee-3313-11d9-b8ef-806d6172696f}]
AutoRun\command- E:\MSWORKS\autorun.exe




-- End of Deckard's System Scanner: finished at 2007-12-04 13:31:00 ------------


Panda Active Scan Report



Incident Status Location

Adware:adware/cws Not disinfected C:\Documents and Settings\Michael\Favorites\Health
Adware:adware/ist.istbar Not disinfected Windows Registry
Dialer:dialer.min Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF}
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@112.2o7[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@247realmedia[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@adrevolver[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@adtech[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@advertising[1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@adviva[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@anm.co[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@casalemedia[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@cgi-bin[3].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@citi.bridgetrack[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@counter.hitslink[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@fastclick[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@fortunecity[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@media.adrevolver[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@questionmarket[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@revenue[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@searchportal.information[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@statse.webtrendslive[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@tradedoubler[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@www.myaffiliateprogram[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@xmts[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Cookies\michael@112.2o7[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Michael\Cookies\michael@247realmedia[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael\Cookies\michael@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adopt.hbmediapro[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Michael\Cookies\michael@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\Cookies\michael@advertising[2].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adviva[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Michael\Cookies\michael@anm.co[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Michael\Cookies\michael@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michael\Cookies\michael@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Cookies\michael@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Michael\Cookies\michael@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Michael\Cookies\michael@bravenet[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Michael\Cookies\michael@bs.serving-sys[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michael\Cookies\michael@casalemedia[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Michael\Cookies\michael@cdfreaks[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Michael\Cookies\michael@citi.bridgetrack[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Michael\Cookies\michael@club.cdfreaks[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Michael\Cookies\michael@com[2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Michael\Cookies\michael@counter.hitslink[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Michael\Cookies\michael@did-it[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michael\Cookies\michael@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Michael\Cookies\michael@drivecleaner[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Michael\Cookies\michael@fastclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Michael\Cookies\michael@go[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michael\Cookies\michael@media.adrevolver[3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Michael\Cookies\michael@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Cookies\michael@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Cookies\michael@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Michael\Cookies\michael@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Michael\Cookies\michael@realmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Michael\Cookies\michael@searchportal.information[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Cookies\michael@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Michael\Cookies\michael@serving-sys[1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Michael\Cookies\michael@spylog[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Michael\Cookies\michael@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Michael\Cookies\michael@stats.drivecleaner[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Michael\Cookies\michael@statse.webtrendslive[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Michael\Cookies\michael@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michael\Cookies\michael@tribalfusion[2].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Michael\Cookies\michael@weborama[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Michael\Cookies\michael@www3.addfreestats[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Michael\Cookies\michael@www6.addfreestats[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Michael\Cookies\michael@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Michael\Cookies\michael@xmts[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@advertising[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@advertising[2].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@adviva[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@atdmt[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@bluestreak[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@bluestreak[3].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@casalemedia[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@centrport[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@cgi-bin[3].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@mediaplex[1].txt
Attached Files
File Type: txt extra.txt (17.0 KB, 2 views)
Beretta is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here