Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Need help with malware, virus, spyware problem. Need help with malware, virus, spyware problem.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 2 of 3 < 1 2 3 >
 
Thread Tools
Old 03-22-2007, 06:18 AM   #21 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 47
OS: Windows Vista Home Premium


Re: Need help with malware, virus, spyware problem.
Okay (I've slept) and done the SREng scan for you. Please don't keep yourself up for this. I can use my computer so it's not absolutely dire and I don't want to be cutting into your schedule. I shall attach the log here. Thanks again.
Attached Files
File Type: txt SREngLOG.txt (23.4 KB, 4 views)
stephmw is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-22-2007, 07:47 AM   #22 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista


Re: Need help with malware, virus, spyware problem.
Thanks for your patience.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebportal.net/
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File and Folder if they still exist.

C:\WINDOWS\system32\ wtsisvit.exe
C:\Program Files\ Download Plugin

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.
--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Try now to get an online scan done at Panda. Post the results if you were successful.

--------------------------------------------------------------------

Run another scan with dss.exe. Post the main.txt in your next reply.

--------------------------------------------------------------------

Please include the following in your next reply in the order listed:

AVG A-S results
C:\SDFix\Report.txt
Panda results
main.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-22-2007, 08:58 AM   #23 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 47
OS: Windows Vista Home Premium


Re: Need help with malware, virus, spyware problem.
Hiya, well, first things first I can't get AVG to successfully run on my computer. Bug keeps Hijacking it and closing it down. I've restarted my computer in Safe Mode with Networking, but when I try to update the program I keep getting the message:

Error: Sorry, the server is not ready to serve. Please try again later.

I do have internet connection in Safe Mode as I am, so is this a common problem? Should I just keep trying? Also, will updating in Safe Mode work the same as doing so in Normal mode? Sorry for all of the questions.
stephmw is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-22-2007, 09:56 AM   #24 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista


Re: Need help with malware, virus, spyware problem.
Hi,

No, there is no difference in updating from Normal Mode or Safe Mode with networking however--you want to avoid connecting to the internet while in Safe Mode as your AntiVirus program is not up and running in Safe Mode.

Skip the updates for the moment and move on to the remaining instructions. Still run AVG A-S where placed in the fix.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-22-2007, 10:16 AM   #25 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 47
OS: Windows Vista Home Premium


Re: Need help with malware, virus, spyware problem.
Okay, well I managed to do a manual update straight from the site for AVG A-S, so I do believe it was updated when it ran. I did delete the files and folders you told me to (they were both there). I ran the scan with AVG A-S and it found 171 infected entries/files (whatever you call it...-.-). I was still, however, unable to run Panda ActiveScan upon reboot. So I have only 3 out of 4. Here they are:

AVG A-S results

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:51:37 AM 22/03/2007

+ Scan result:



C:\System Volume Information\_restore{2E603351-8EB3-4CCF-84F5-40B61F48A582}\RP229\A0044470.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E603351-8EB3-4CCF-84F5-40B61F48A582}\RP232\A0045801.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/U3RlcGhhbmllIFdhcmQ/asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E603351-8EB3-4CCF-84F5-40B61F48A582}\RP229\A0045616.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\RUW2DTGS\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{2E603351-8EB3-4CCF-84F5-40B61F48A582}\RP229\A0045579.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.255:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.256:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.387:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.515:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Stephanie\Cookies\stephanie@partygaming.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.140:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.141:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.142:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.278:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.279:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.280:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.220:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.221:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.222:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.223:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.110:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.780:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.198:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.201:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.202:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.134:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.135:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.136:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.137:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.138:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.686:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.145:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.146:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.379:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.380:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.381:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.382:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.61:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.175:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.176:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.179:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.190:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.238:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.239:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.240:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.32:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.397:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.398:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.399:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.400:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.401:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.402:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.403:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.404:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.405:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.406:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.407:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.408:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.409:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.41:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.45:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.46:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.47:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.286:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.287:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.288:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.320:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.321:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.322:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.143:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.144:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.227:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.228:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.229:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.744:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.745:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.746:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.755:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.756:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.757:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.115:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.116:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.764:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.765:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.766:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.533:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.542:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.291:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.292:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.293:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.294:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.548:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.549:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.348:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.596:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.597:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.598:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.599:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.600:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.207:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.289:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.290:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.213:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.218:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.219:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.637:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.638:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.639:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.640:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.641:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.642:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.643:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.109:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.711:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.572:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.573:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.574:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.575:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.576:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.121:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.671:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.681:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.682:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.683:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.684:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.685:C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\xl4dkh4r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


SDFix Report.txt


SDFix: Version 1.73

Run by Stephanie - 22/03/2007 - 10:52:53.12

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\IEXPLORER.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\qoobox\purity\DOCUME~1\STEPHA~1\APPLIC~1\CROSOF~1\d?dplay.exe
C:\qoobox\purity\WINDOWS\system32\SSTEM~1\tracert.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Stephanie\My Documents\ASMR\Fighting the Tide\~WRL0078.tmp

Finished

DSS main.txt

Deckard's System Scanner v20070318.32
Run by Stephanie on 2007-03-22 at 11:01:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Stephanie.exe) -------------------------------------------

HijackThis failed to provide a log after three minutes; running clone instead.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-03-22 11:04:26
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.0.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\iexplorer.exe
C:\Documents and Settings\Stephanie\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebportal.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1157425519949
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


-- Files created between 2007-02-22 and 2007-03-22 -----------------------------

2007-03-22 11:00:03 45252 --a------ C:\WINDOWS\iexplorer.exe<IEXPLO~1.EXE>
2007-03-22 09:52:23 0 d-------- C:\WINDOWS\CSC
2007-03-22 09:46:20 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-22 00:20:19 0 d-------- C:\avenger
2007-03-21 15:56:53 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-03-19 08:51:27 0 d--h----- C:\Program Files\Common Files\Uninstall Information<UNINST~1>
2007-03-19 08:19:32 0 d-------- C:\Program Files\PeDevice
2007-03-19 03:52:43 0 d-------- C:\WINDOWS\pss
2007-03-19 02:11:46 0 d-------- C:\Documents and Settings\Stephanie\.housecall6.6<HOUSEC~1.6>
2007-03-14 01:17:12 0 d-------- C:\Documents and Settings\Stephanie\Application Data\Opera
2007-03-08 18:05:08 0 d--h----- C:\WINDOWS\system32\GroupPolicy<GROUPP~1>
2007-03-07 02:41:42 0 d-------- C:\Program Files\iTunes
2007-03-07 02:38:39 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-23 04:32:39 0 d-------- C:\Documents and Settings\Stephanie\Application Data\DivX
2007-02-22 22:00:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-22 21:02:55 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-02-22 21:01:18 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-22 14:50:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems<ADOBES~1>
2007-02-22 14:50:22 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-02-22 14:30:01 0 d-------- C:\Program Files\PowerISO
2007-02-22 12:25:34 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-22 12:20:00 0 d-------- C:\Documents and Settings\Stephanie\Application Data\OfficeUpdate12<OFFICE~1>
2007-02-22 12:11:13 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-02-22 12:11:12 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-02-22 12:11:12 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-02-22 12:11:12 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-02-22 12:11:12 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-02-22 11:47:31 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-22 11:47:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2007-03-11 04:45:06 0 d-------- C:\Documents and Settings\Stephanie\Application Data\uTorrent
2007-03-07 02:42:07 0 d-------- C:\Program Files\iPod
2007-03-01 04:12:36 0 d-------- C:\Program Files\DC++<DC__~1>
2007-02-23 21:02:18 0 d---s---- C:\Documents and Settings\Stephanie\Application Data\Microsoft<MICROS~1>
2007-02-22 15:53:07 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-22 15:52:49 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-22 15:04:29 0 d-------- C:\Documents and Settings\Stephanie\Application Data\Adobe
2007-02-22 13:07:08 0 d-------- C:\Documents and Settings\Stephanie\Application Data\AdobeUM
2007-02-22 12:11:58 0 d-------- C:\Program Files\DivX
2007-02-21 16:00:26 0 d-------- C:\Program Files\Common Files\Ahead
2007-02-21 14:04:02 0 d-------- C:\Documents and Settings\Stephanie\Application Data\Ahead
2007-01-31 23:56:06 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-01-31 23:56:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-01-31 23:56:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-01-31 23:56:04 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-31 16:27:01 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-30 18:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-01-30 00:03:40 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-30 00:03:26 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-30 00:03:26 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-29 23:56:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-29 23:56:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-29 23:56:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-29 23:56:52 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-29 23:56:52 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-29 23:56:52 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-29 23:56:52 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-29 23:56:52 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-17 10:43:35 16 --a------ C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"MediaFace Integration"="C:\\Program Files\\Fellowes\\MediaFACE 4.2\\SetHook.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Explorer"="C:\\WINDOWS\\iexplorer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-03-22 at 11:04:46 ---------
stephmw is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-22-2007, 10:32 AM   #26 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista


Re: Need help with malware, virus, spyware problem.
Hiya...excellent work manipulating the manual update.

Quick question--has Spybot's Tea Timer ever been activated by you?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-22-2007, 10:45 AM   #27 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 47
OS: Windows Vista Home Premium


Re: Need help with malware, virus, spyware problem.
Heh, given the fact that I'm not aware of what Spybot's Tea Timer is, I can't say that it has. I may have indirectly done it, but as I said, I'm not familiar with it, so I doubt it. I have been trying to use it lately though, so if you think that could have happened in the past few days.

EDIT** when I say I've been trying to use "it" I mean Sypbot the program, not Tea Timer or what have you...in case I wasn't clear.
Last edited by stephmw : 03-22-2007 at 10:46 AM.
stephmw is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-22-2007, 10:52 AM   #28 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista


Re: Need help with malware, virus, spyware problem.
I follow you.

I'll set my next fix to include that contingency anyway--it won't hurt.

I'll have a reply for you in about 20 minutes.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-22-2007, 11:18 AM   #29 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista


Re: Need help with malware, virus, spyware problem.
Ok, here we go again...

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Download ResetProtocolDefaults.reg to your desktop. Do not run it yet.

------------------------------------------------------------------

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Do not run it yet.

------------------------------------------------------------------

Using Internet Explorer, download ResetTeaTimer.bat.

If you are using Firefox, right click the above link and choose ‘Save As’. Save it to your desktop.

Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

---------------------------