Unable to post info concerning browser hijacker

Teach in Clovis · 08-26-2007, 05:41 PM

It appears I have a browser hijacker and I followed the 5 steps prior to posting a thread except that on Step 5, I was unable to use "dss"...everytime I attempted to use dss, after downloading it to my desktop, I received an error msg advising the application needed to be shut down, then a request popped up asking if I wanted to send an error msg to Mircosoft. When downloading dss, I had off all spyware programs, my anti virus program and had IE allowing popups, etc.
I was able to download Panda's scan and have that read for review.
What do I do to download dss?

**Deckard** · 08-26-2007, 07:04 PM

Hi,

Did you see a DSS dialog box at all, or does it crash immediately after double-clicking?

Teach in Clovis · 08-26-2007, 07:11 PM

After clicking on dss, a box will appear - "Backing up Registry Hives"...about 1/2 to a minute of time is running after the Registry Hives box appears, then the error box will appear and the application shuts down.

**Deckard** · 08-26-2007, 07:34 PM

Give me ten minutes; I'm adjusting DSS slightly.

**Deckard** · 08-26-2007, 08:10 PM

Okay, delete any copy of DSS you have and re-download it to your Desktop. Do not run it yet.

http://www.techsupportforum.com/sect...eckard/dss.exe

Highlight and copy the following blue text, then go to Start > Run and paste it into the textbox. Press the OK button when you are done.

"%userprofile%\desktop\dss.exe" /config

When you get to the DSS Configuration dialog box, uncheck Check File Signatures under the Options section (lower right). Then press the Scan! button.

That should solve your problem. Post both logs for me.

Teach in Clovis · 08-26-2007, 08:31 PM

Did as you said, but....when I pasted the wording in Start>Run, the box appears but cannot uncheck the "Check File Signatures" box. It is already checked but appears to be "locked" - cannot check or uncheck it - all of the other boxes can have the checks unchecked if needed (or checked) but not the "Check File Signatures" box.
I went ahead and ran DSS just to see if possibly the lock out would not affect the outcome. No luck. Same error message appeared, though the time it took to pop open was about 1/2 minute longer than usual. Tried the total process as typed three times with the same results each time.

**Deckard** · 08-26-2007, 08:44 PM

Your browser cached the file. Delete that copy and download this link instead:

http://www.techsupportforum.com/sect...dss-clovis.exe

Highlight and copy the following blue text, then go to Start > Run and paste it into the textbox. Press the OK button when you are done.

"%userprofile%\desktop\dss-clovis.exe" /config

It should show you version 20070826.66 on the config dialog.

Teach in Clovis · 08-26-2007, 09:28 PM

Worked this time! When I attempted to reply had error msg that reply was too long. Will have to send two replies, first with DSS results. Second reply will be Panda scan.

Deckard's System Scanner v20070826.66
Run by Jon on 2007-08-26 20:59:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 5 Restore Point(s) --
6: 2007-08-26 16:49:54 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2007-08-26 05:22:09 UTC - RP5 - System Checkpoint
4: 2007-08-25 04:00:13 UTC - RP4 - System Checkpoint
3: 2007-08-24 03:27:07 UTC - RP3 - System Checkpoint
2: 2007-08-23 03:18:55 UTC - RP2 - Removed Advanced Disk Cleaner

-- First Restore Point --
1: 2007-08-23 03:09:56 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Jon.exe) -------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-26 21:04:14
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1107318706\EE\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\antivirus\McShield.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Common Files\AOL\1107318706\EE\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\AOL\1107318706\EE\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1107318706\EE\SSCEvtHdlr.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\AOL\1107318706\EE\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Documents and Settings\Jon\Desktop\dss-clovis.exe
C:\Program Files\Trend Micro\HijackThis\Jon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-us/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1107318706\ee\AOLSoftware.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKEY_LOCAL_MACHINE\..\Run: [AOLSPScheduler] "C:\Program Files\Common Files\AOL\1107318706\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [sscRun] "C:\Program Files\Common Files\AOL\1107318706\ee\SSCRun.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [OASClnt] "C:\Program Files\mcafee.com\antivirus\oasclnt.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [EmailScan] "C:\Program Files\mcafee.com\antivirus\mcvsescn.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1107318706\ee\AOLSoftware.exe"
O4 - HKCU\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [Arovax Shield] "C:\Program Files\Arovax Shield\ArovaxShield.exe" -tray
O4 - HKCU\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\winrnr.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\mswsock.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{680BF26E-92AF-4952-B122-DEC0EF62D921}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4C0D388-B5D2-446A-B072-49F6F3A9041A}: NameServer = 85.255.116.83,85.255.112.236
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: bw+0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {f18f570e-d6f3-4dd3-bf01-7306bdd4efec} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: offline-8876480 - {F18F570E-D6F3-4DD3-BF01-7306BDD4EFEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy - C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - "C:\Program Files\Common Files\AOL\1107318706\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe"
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - "C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe"
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\Program Files\mcafee.com\antivirus\McShield.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - "C:\Program Files\WinClamAVShield\sp_clamsrv.exe"
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - "C:\Program Files\Spyware Terminator\sp_rsser.exe"
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - VBSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; McAfee Inc.; VirusScan>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 SABProcEnum - c:\progra~1\mozill~1\sabprocenum.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 aolavupd (AOL Antivirus Update Service) - "c:\program files\common files\aol\1107318706\ee\services\safetycore\ver210_5_4_1\aolavupd.exe" <Not Verified; AOL LLC; AOL Safety and Security Center>
R2 ITMRTSVC (CA Pest Patrol Realtime Protection Service) - "c:\program files\ca\pprt\bin\itmrtsvc.exe" <Not Verified; CA, Inc.; eTrust PestPatrol Realtime Protection>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R2 spkrmon - c:\program files\analog devices\soundmax\spkrmon.exe <Not Verified; ; spkrmon Module>

S2 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe
S3 sp_clamsrv (Spyware Terminator Clam Service) - "c:\program files\winclamavshield\sp_clamsrv.exe" <Not Verified; Crawler.com; Spyware Terminator>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-08-26 20:41:06 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-08-25 23:57:00 266 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-08-24 11:58:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-18 20:08:06 340 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1145412326.job
2007-08-10 09:38:06 340 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1157902469.job
2007-07-28 15:29:07 340 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1141165644.job
2007-07-27 23:46:07 340 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1141109097.job
2007-07-26 23:57:06 388 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2007-07-05 18:26:06 340 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1125959049.job

-- Files created between 2007-07-26 and 2007-08-26 -----------------------------

2007-08-26 21:00:58 0 d-------- C:\Program Files\Trend Micro
2007-08-26 20:02:13 0 d-------- C:\Program Files\Crawler
2007-08-26 13:58:41 164 --a------ C:\install.dat
2007-08-26 12:02:40 0 dr-h----- C:\Documents and Settings\Jon\Recent
2007-08-26 10:38:06 0 d-------- C:\ie-spyad_zo
2007-08-26 09:35:22 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-22 21:17:21 0 d-------- C:\Program Files\history sweeper
2007-08-21 21:19:28 0 d-------- C:\DECCHECK
2007-08-21 21:11:23 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-08-21 21:11:22 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-08-20 21:32:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2007-08-20 18:56:48 0 d-------- C:\Program Files\Enigma Software Group
2007-08-19 16:53:39 0 d-------- C:\Program Files\a-squared Free
2007-08-19 16:09:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-15 22:16:24 0 d-------- C:\Start Menu
2007-08-15 22:16:23 0 d-------- C:\Program Files\MTV Networks
2007-08-15 18:50:56 0 d-------- C:\Program Files\Windows Live Safety Center
2007-08-15 06:23:53 0 d-------- C:\Program Files\PCPitstop
2007-08-12 22:53:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Arovax
2007-08-05 23:14:05 271224 --a------ C:\WINDOWS\system32\mucltui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-26 23:57:14 0 d-------- C:\Documents and Settings\Jon\Application Data\Uniblue

-- Find3M Report ---------------------------------------------------------------

2007-08-26 20:13:34 0 d-------- C:\Program Files\Spyware Terminator
2007-08-26 20:11:06 0 d-------- C:\Documents and Settings\Jon\Application Data\Spyware Terminator
2007-08-26 11:21:27 0 d-------- C:\Program Files\SpywareBlaster
2007-08-26 10:02:53 0 d-------- C:\Program Files\WordWeb
2007-08-26 10:02:49 0 d-------- C:\Program Files\Windows Defender
2007-08-26 10:02:44 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-26 10:01:43 0 d-------- C:\Program Files\MSN Messenger
2007-08-26 10:00:59 0 d-------- C:\Program Files\Messenger
2007-08-26 09:56:47 0 d-------- C:\Program Files\Common Files\Scanner
2007-08-26 09:55:02 0 d-------- C:\Program Files\AOL 9.0
2007-08-26 09:54:40 0 d-------- C:\Program Files\America Online 8.0
2007-08-26 09:29:54 0 d-------- C:\Program Files\MySpeed PC
2007-08-26 06:33:23 0 d-------- C:\Program Files\WinClamAVShield
2007-08-22 21:26:21 0 d-------- C:\Program Files\Arovax AntiSpyware
2007-08-22 21:20:37 0 d-------- C:\Program Files\Wise Registry Cleaner
2007-08-21 21:02:09 0 d-------- C:\Program Files\Common Files\Real
2007-08-19 16:09:37 0 d-------- C:\Program Files\Lavasoft
2007-08-19 16:08:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-12 22:53:32 0 d-------- C:\Program Files\Arovax Shield
2007-08-04 08:40:08 0 d-------- C:\Program Files\QuickTime
2007-08-02 08:11:45 0 d-------- C:\Program Files\Java
2007-07-30 19:19:42 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-30 19:19:36 549720 --a------ C:\WINDOWS\system32\wuapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-30 19:19:32 325976 --a------ C:\WINDOWS\system32\wucltui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-30 19:19:28 203096 --a------ C:\WINDOWS\system32\wuweb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-30 19:19:20 92504 --a------ C:\WINDOWS\system32\cdm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-30 19:19:16 53080 --a------ C:\WINDOWS\system32\wuauclt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-30 19:19:12 43352 --a------ C:\WINDOWS\system32\wups2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-30 19:19:04 207736 --a------ C:\WINDOWS\system32\muweb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-30 19:18:40 33624 --a------ C:\WINDOWS\system32\wups.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-29 21:26:29 0 d-------- C:\Program Files\Common Files\aolshare
2007-07-25 08:35:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-22 13:16:13 0 d-------- C:\Program Files\Common Files
2007-07-15 11

07 0 d-------- C:\Program Files\Apple Software Update
2007-07-13 23:30:28 0 d-------- C:\Program Files\America Online 9(2).0a
2007-07-13 23:30:22 0 d-------- C:\Program Files\HP
2007-07-13 23:30:22 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-07-13 23:30:21 0 d-------- C:\Program Files\OfficeUpdate11
2007-07-13 23:30:21 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-07-13 23:30:20 0 d-------- C:\Program Files\Webshots
2007-07-13 23:30:20 0 d-------- C:\Program Files\TrueSwitchSuddenlink
2007-07-13 23:30:20 0 d-------- C:\Program Files\TrueSwitch
2007-07-13 23:30:20 0 d-------- C:\Program Files\SiteAdvisor
2007-07-13 22:36:56 0 d-------- C:\Program Files\NKProds
2007-07-06 15:07:45 0 d-------- C:\Program Files\Greetings Workshop
2007-07-05 23:08:55 0 d-------- C:\Documents and Settings\Jon\Application Data\Real
2007-07-05 23:07:31 0 d-------- C:\Program Files\Common Files\xing shared
2007-06-26 00:08:16 1104896 --a------ C:\WINDOWS\system32\msxml3.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 3.0 SP9>
2007-06-19 07:31:19 282112 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-13 04:23:07 1033216 --a------ C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [08/26/2007 08:09 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1107318706\ee\AOLSoftware.exe" [09/25/2006 06:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [06/16/2004 05:03 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1107318706\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe" [01/25/2007 03:34 PM]
"sscRun"="C:\Program Files\Common Files\AOL\1107318706\ee\SSCRun.exe" [01/25/2007 03:34 PM]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [07/28/2006 11:43 AM]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [07/28/2006 11:43 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/09/2007 12:02 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [11/09/2006 04:07 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [06/26/2003 04:50 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [03/15/2004 01:04 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [04/11/2005 08:36 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 01:01 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1107318706\ee\AOLSoftware.exe" [09/25/2006 06:52 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/25/2004 09:35 PM]
"Arovax Shield"="C:\Program Files\Arovax Shield\ArovaxShield.exe" [06/10/2006 04:54 AM]
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [11/07/2006 04:11 PM]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [04/18/2007 12:49 AM]

C:\Documents and Settings\Jon\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [3/31/2007 11:08:01 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 7:56:20 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"NoInstrumentation"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [01/21/2007 11:36 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdpvb.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 05/02/2007 08:53 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\syste

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
backup=C:\WINDOWS\pss\Greetings Workshop Reminders.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
???
?

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
???
?

*Newly Created Service* - ENTDRV51

-- End of Deckard's System Scanner: finished at 2007-08-26 21:05:59 ------------

Incident Status Location

Teach in Clovis · 08-26-2007, 09:38 PM

Second reply also was too long....Panda scan broken down into two replies, first half of scan and second half of scan.

Incident Status Location

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-100.txt[.com.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-100.txt[.go.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-101.txt[.com.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-101.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-101.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-101.txt[.serving-sys.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-101.txt[.go.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-102.txt[.go.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-102.txt[ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-102.txt[.com.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-102.txt[www.burstbeacon.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-103.txt[.com.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-103.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-103.txt[.bs.serving-sys.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-103.txt[.go.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-103.txt[ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-104.txt[.com.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-104.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-104.txt[.bs.serving-sys.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-104.txt[.go.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-104.txt[ad.yieldmanager.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-105.txt[.go.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-105.txt[.com.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-105.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-105.txt[.bs.serving-sys.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-105.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\ai4bja3a.default\cookies-106.txt[ad.y

08-26-2007, 05:41 PM	#1 (permalink)
Teach in Clovis Registered User Join Date: Aug 2007 Posts: 14 OS: Win XP	Unable to post info concerning browser hijacker It appears I have a browser hijacker and I followed the 5 steps prior to posting a thread except that on Step 5, I was unable to use "dss"...everytime I attempted to use dss, after downloading it to my desktop, I received an error msg advising the application needed to be shut down, then a request popped up asking if I wanted to send an error msg to Mircosoft. When downloading dss, I had off all spyware programs, my anti virus program and had IE allowing popups, etc. I was able to download Panda's scan and have that read for review. What do I do to download dss?

08-26-2007, 07:04 PM	#2 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Re: Unable to post info concerning browser hijacker Hi, Did you see a DSS dialog box at all, or does it crash immediately after double-clicking? __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

08-26-2007, 07:11 PM	#3 (permalink)
Teach in Clovis Registered User Join Date: Aug 2007 Posts: 14 OS: Win XP	Re: Unable to post info concerning browser hijacker After clicking on dss, a box will appear - "Backing up Registry Hives"...about 1/2 to a minute of time is running after the Registry Hives box appears, then the error box will appear and the application shuts down.

08-26-2007, 07:34 PM	#4 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Re: Unable to post info concerning browser hijacker Give me ten minutes; I'm adjusting DSS slightly. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

08-26-2007, 08:10 PM	#5 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Re: Unable to post info concerning browser hijacker Okay, delete any copy of DSS you have and re-download it to your Desktop. Do not run it yet. http://www.techsupportforum.com/sect...eckard/dss.exe Highlight and copy the following blue text, then go to Start > Run and paste it into the textbox. Press the OK button when you are done. "%userprofile%\desktop\dss.exe" /config When you get to the DSS Configuration dialog box, uncheck Check File Signatures under the Options section (lower right). Then press the Scan! button. That should solve your problem. Post both logs for me. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

08-26-2007, 08:31 PM	#6 (permalink)
Teach in Clovis Registered User Join Date: Aug 2007 Posts: 14 OS: Win XP	Re: Unable to post info concerning browser hijacker Did as you said, but....when I pasted the wording in Start>Run, the box appears but cannot uncheck the "Check File Signatures" box. It is already checked but appears to be "locked" - cannot check or uncheck it - all of the other boxes can have the checks unchecked if needed (or checked) but not the "Check File Signatures" box. I went ahead and ran DSS just to see if possibly the lock out would not affect the outcome. No luck. Same error message appeared, though the time it took to pop open was about 1/2 minute longer than usual. Tried the total process as typed three times with the same results each time.

08-26-2007, 08:44 PM	#7 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Re: Unable to post info concerning browser hijacker Your browser cached the file. Delete that copy and download this link instead: http://www.techsupportforum.com/sect...dss-clovis.exe Highlight and copy the following blue text, then go to Start > Run and paste it into the textbox. Press the OK button when you are done. "%userprofile%\desktop\dss-clovis.exe" /config It should show you version 20070826.66 on the config dialog. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006