Spyware/ Malware Removal

groovyreg · 11-30-2006, 03:38 PM

Hello tech-types. A friend asked me for some advice concerning problems they were having with their PC. They are fairly non-techy, even less than myself, so I thought I'd have a go but I can't get anywhere so I'm here for some advice.
They generally connect to the net with AOL but whilst AOL will connect to the net they were getting completely blank webpages that they couldn't do anything with. As a result they were connecting with AOL and then using IE6 for browsing. An automatic update downloaded IE7 (which I'm using with no problems) but the installation failed - no idea why. Since then IE looks like v6 but, going to help>about shows a v7 number. The address bar and most links now bring up an error message with words to the effect that 'the lookup key [something or other] context'. Sorry, I can't actually remember the actual wording and I don't have their PC in front on me. The Google homepage will load and the search bar from that will show results. Links from there can be clicked and loaded but after moving a couple of pages on, or trying any download, the same message appears. I suggested getting Firefox to at least be able to browse and see if others were experiencing the same problem. He couldn't download it so I emailed it to him [yes, email is working], along with the standalone IE7 package. He tried installing IE7 that way but with no joy. I told him to run HJT and send me the logfile and run Kaspersky and send that log. He can now get to the page with the online scanner button but after pressing that and the popup arriving asking him to accept the terms, pressing accept does nothing - no start of download for Kaspersky, he just can't get any further. He's tried the same thing with the same result for Panda Active Scan. The only thing he's been able to send me is the HJT log. I did ask him to try again after disabling his firewalls/antivirus but it was no different. AOL seems to have loaded a lot onto his computer, he also seems to be running MacAffee and Norton Firewall. There were well over 50 processes running last time I looked. He probably could do with doing a full reinstall but I'm not sure that he'd really be able to.
Please suggest steps to resolve the immediate internet problems and hopefully provide advice on ways of slimming down what's going on with his processes. I'll not be too surprised if there are some beasties on that system somewhere. HJT log below:

Logfile of HijackThis v1.99.1
Scan saved at 18:21:23, on 30/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\alt.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT!\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00320} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/ins...ploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks

**Deckard** · 12-02-2006, 01:23 PM

Hello, and welcome to the HijackThis Help Forum.

Apologies for any delay in replying, but we have been rather busy lately.

Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance.

Thank you.

groovyreg · 12-02-2006, 03:47 PM

Hi. Thanks for replying. I have a new log file sent from my friend. He seems to be unable to post himself:
You do not have permission to access this page. This could be due to one of several reasons:

Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

The new log file:

Logfile of HijackThis v1.99.1
Scan saved at 21:37:19, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\alt.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe
c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT!\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00320} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/ins...ploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks

**Deckard** · 12-02-2006, 04:21 PM

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Download ComboFix
Please download ComboFix to your Desktop. Highlight and copy the following:

"%userprofile%\desktop\combofix.exe" /v req st3 admparsek fontextb

Then go to Start > Run, paste it into the text field, and then click OK.

While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as C:\ComboFix.txt. Post that log in your next reply.

Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.

HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):

O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - (no file)
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00320} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll
O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [links] links.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/ins...ploader_v6.cab
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll

Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.

Deletions
Delete the following Files indicated in RED if they still exist.

C:\WINDOWS\alt.exe
C:\WINDOWS\netdde.dll
C:\WINDOWS\prflbmsgp32.dll
links.exe << Find via Start>Search

Reboot
Reboot your system to Normal Mode.

With Your Next Post...
Please paste the following with your next reply (in this order please):

The content of C:\ComboFix.txt,
a new HiJackThis log taken after ComboFix finishes.

Let me know how the system is behaving now. Hopefully it's acting a little better.

groovyreg · 12-02-2006, 05:13 PM

Thanks for the advice. It's pretty late here (in the UK, I'm not sure where you are). My friend is monitoring these posts and will follow the instructions but it won't be until tomorrow. I'll post his results as soon as I get them. Thanks again.

**Deckard** · 12-02-2006, 05:16 PM

No problem. I'm subscribed to this thread so I will be notified when you reply. Good luck!

groovyreg · 12-02-2006, 05:17 PM

You're in Oregon - not very observant, sorry.

**Deckard** · 12-02-2006, 05:22 PM

LOL. No need to apologize. It's only 5:30pm here right now.

See you on the flipside.

groovyreg · 12-04-2006, 01:02 PM

Sorry for the wait:
If it's all cleared up, could you please provide protection advice to my friend. Thanks.
Combofix & new HJT below -

Tom - 06-12-03 11:11:20.78 Service Pack 2
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Tom\desktop"
Command switches used :: /v req st3 admparsek fontextb

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\req.dll
C:\WINDOWS\system32\st3.dll
C:\WINDOWS\system32\admparsek.dll
C:\WINDOWS\system32\fontextb.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

d:\autorun.inf
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48
C:\Program Files\winupdates
C:\WINDOWS\system32\aamd532.dll

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))

2006-12-03 11:17 <DIR> d-------- C:\WINNT
2006-12-03 11:16 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-03 10:59 <DIR> dr-h----- C:\Documents and Settings\Tom\Recent
2006-12-01 18:13 <DIR> d-------- C:\Program Files\FrostWire
2006-12-01 18:13 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\FrostWire
2006-11-30 19:00 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-11-30 18:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-11-30 18:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-11-30 18:02 23,040 --------- C:\WINDOWS\kb913800.exe
2006-11-30 18:01 <DIR> d-------- C:\HJT!
2006-11-30 17:53 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-11-30 17:53 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Mozilla
2006-11-29 22:25 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2006-11-29 22:25 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-11-29 20:49 <DIR> d-------- C:\WINDOWS\system32\DRM
2006-11-29 20:41 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-11-29 20:38 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-11-29 20:38 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-11-29 20:38 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2006-11-25 19:26 <DIR> d-------- C:\Program Files\AOL Companion
2006-11-25 19:25 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2006-11-25 19:25 <DIR> d-------- C:\Program Files\AOL Toolbar
2006-11-25 19:24 <DIR> d-------- C:\Program Files\AOL 9.0
2006-11-25 19:22 <DIR> d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2006-11-25 16:25 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2006-11-24 20:32 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-24 20:32 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-24 20:31 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-24 20:29 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-24 20:28 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-19 17:52 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-19 17:51 <DIR> d-------- C:\f12837022921415ed147
2006-11-15 20:08 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-11-15 20:08 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-11-15 20:08 <DIR> d-------- C:\Program Files\Winamp
2006-11-15 20:07 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2006-11-15 20:07 <DIR> d-------- C:\WINDOWS\system32\custom matrices
2006-11-15 20:07 <DIR> d-------- C:\WINDOWS\system32\C2MP
2006-11-15 19:46 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-15 19:46 <DIR> d-------- C:\Program Files\CCleaner
2006-11-15 19:46 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Lavasoft
2006-11-15 19:41 <DIR> d-------- C:\Downloaded Programs
2006-11-10 16:43 <DIR> d-------- C:\Program Files\iTunes
2006-11-08 19:43 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2006-11-08 19:43 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-11-08 19:43 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2006-11-08 19:43 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Syntrillium
2006-11-08 19:40 <DIR> d-------- C:\Program Files\Cooledit
2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 16:25 <DIR> d-------- C:\Program Files\Ranger Outpost Client
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-06 11:35 531,568 --a------ C:\WINDOWS\system32\RmActivate_isv.exe
2006-11-06 11:35 523,376 --a------ C:\WINDOWS\system32\RmActivate.exe
2006-11-06 11:35 519,280 --a------ C:\WINDOWS\system32\SecProc_isv.dll
2006-11-06 11:35 518,768 --a------ C:\WINDOWS\system32\SecProc.dll
2006-11-06 11:35 358,000 --a------ C:\WINDOWS\system32\RmActivate_ssp.exe
2006-11-06 11:35 354,416 --a------ C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2006-11-06 11:35 323,696 --a------ C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192,624 --a------ C:\WINDOWS\system32\SecProc_ssp_isv.dll
2006-11-06 11:35 192,624 --a------ C:\WINDOWS\system32\SecProc_ssp.dll
2006-11-04 18:39 <DIR> d-------- C:\Program Files\Riva
2006-11-04 18:39 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-03 11:00 -------- d-------- C:\Documents and Settings\Tom\Application Data\Help
2006-12-03 10:58 99 --a------ C:\WINDOWS\taskmen32.pif
2006-12-03 10:58 -------- d-------- C:\Program Files\Common Files
2006-12-02 10:41 -------- d-------- C:\Program Files\Internet Explorer
2006-11-30 19:00 -------- d-------- C:\Program Files\Windows Media Player
2006-11-27 18:39 11326 --a------ C:\Documents and Settings\Tom\Application Data\wklnhst.dat
2006-11-25 19:26 -------- d-------- C:\Program Files\Common Files\aolshare
2006-11-25 19:26 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-25 19:26 -------- d-------- C:\Documents and Settings\Tom\Application Data\You've Got Pictures screensaver
2006-11-25 19:23 -------- d-------- C:\Program Files\VoyagerTest
2006-11-25 19:23 -------- d-------- C:\Program Files\Common Files\FTL Shared
2006-11-17 22:24 -------- d-------- C:\Program Files\Easy Internet signup
2006-11-17 22:22 -------- d-------- C:\Program Files\enditall
2006-11-16 14:37 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-13 06:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-10 16:44 -------- d-------- C:\Program Files\iPod
2006-11-10 16:42 -------- d-------- C:\Program Files\QuickTime
2006-11-08 19:27 -------- d-------- C:\Documents and Settings\Tom\Application Data\Creative
2006-11-07 08:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-04 18:02 -------- d-------- C:\Program Files\DivX
2006-11-02 17:34 -------- d-------- C:\Program Files\XVideoConverter
2006-11-02 16:49 -------- d-------- C:\Program Files\ImTOO
2006-11-02 16:47 -------- d-------- C:\Program Files\SmartSoftVideoConverter
2006-11-02 16:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-02 16:20 -------- d-------- C:\Program Files\Samsung
2006-11-02 15:59 79939 --a------ C:\Program Files\watch.htm
2006-10-22 08:14 -------- d-------- C:\Program Files\EA GAMES
2006-10-22 08:10 -------- d-a------ C:\Program Files\MyWebSearch
2006-10-21 19:08 -------- d---s---- C:\Documents and Settings\Tom\Application Data\Microsoft
2006-10-21 17:58 -------- d-------- C:\Program Files\MSN Messenger
2006-10-21 17:57 -------- d-------- C:\Program Files\MyEmoticons
2006-10-20 16:14 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-20 16:13 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-20 16:13 -------- d-------- C:\Program Files\Microsoft Office
2006-10-20 16:13 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-20 16:13 -------- d-------- C:\Program Files\Common Files\System
2006-10-20 16:13 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-19 21:27 -------- d-------- C:\Documents and Settings\Tom\Application Data\AdobeUM
2006-10-19 21:24 -------- d-------- C:\Program Files\Adobe
2006-10-19 21:19 -------- d-------- C:\Program Files\Apple Software Update
2006-10-19 17:15 -------- d-------- C:\Documents and Settings\Tom\Application Data\My Battle for Middle-earth(tm) II Files
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 212992 --a------ C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-18 18:51 -------- d-------- C:\Documents and Settings\Tom\Application Data\Steinberg
2006-10-18 18:47 -------- d-------- C:\Program Files\Steinberg
2006-10-18 18:46 -------- d-------- C:\Program Files\Pinnacle
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-14 18:20 -------- d-------- C:\Program Files\FinalAlert 2 Yuri's Revenge
2006-10-13 12:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 12:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 10:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-09 16:12 235008 --------- C:\WINDOWS\system32\psisdecd.dll
2006-10-08 19:39 209 --a------ C:\Documents and Settings\Tom\Application Data\BonsaiErrorLog.txt
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"AlexaToolbar"="C:\\WINDOWS\\alt.exe"
"Acme.PCHButton"="C:\\PROGRA~1\\HELPAN~1\\Pavilion\\XPEWWBF4\\plugin\\bin\\pchbutton.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1133035937\\ee\\AOLHostManager.exe"
"links"="links.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE"
"StartMS"="\"C:\\Program Files\\Creative\\Shared Files\\Media Sniffer\\StartMS.EXE\" /s"
"CMSRegOW.exe"="\"C:\\Program Files\\InstallShield Installation Information\\{56F3E1FF-54FE-4384-A153-6CCABA097814}\\CMSRegOW.exe\" /r"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"="MIDIDEF.EXE"
"StartMS"="\"C:\\Program Files\\Creative\\Shared Files\\Media Sniffer\\StartMS.EXE\" /s"
"CMSRegOW.exe"="\"C:\\Program Files\\InstallShield Installation Information\\{56F3E1FF-54FE-4384-A153-6CCABA097814}\\CMSRegOW.exe\" /r"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"
"{16875E09-927B-4494-82BD-158A1CD46BA0}"="z"
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}"="z"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}"="z"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MI1933~1\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSOEMON.EXE "
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package Menu.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package Menu.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~3\\SonyTray.exe "
"item"="Picture Package Menu"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package VCD Maker.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package VCD Maker.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~1\\RESIDE~1.EXE -h"
"item"="Picture Package VCD Maker"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Registration-Pinnacle Express.lnk]
"path"="C:\\Documents and Settings\\HP_Administrator\\Start Menu\\Programs\\Startup\\Registration-Pinnacle Express.lnk"
"backup"="C:\\WINDOWS\\pss\\Registration-Pinnacle Express.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Pinnacle\\PINNAC~1\\EReg\\RegTool.exe Pinnacle Express,EXPSTD,register,US,0,serial=4980263596"
"item"="Registration-Pinnacle Express"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fts"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDVDDet"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dslstat"
"hkey"="HKLM"
"command"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon06"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hphmon06.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd06"
"hkey"="HKLM"
"command"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\windows\\system\\hpsysdrv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KBD"
"hkey"="HKLM"
"command"="C:\\HP\\KBD\\KBD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwsoemon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ps2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
MHN

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-12-03 11:19:34.75

Logfile of HijackThis v1.99.1
Scan saved at 13:49:09, on 03/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HJT!\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

StormTroop · 12-06-2006, 11:57 AM

Ok you can carry on from here..

**Deckard** · 12-06-2006, 06:09 PM

Hi StormTroop,

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Kaspersky's online scanner should work for you now; if it doesn't just skip that step and let me know.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Download Attachment
Download the file attached to this post and save it to your desktop. Extract it and double-click on the StormTroop.reg file. It will ask you if you want to merge/add it to the registry -- choose Yes. You may delete both files now.

Download CleanUp!
Download and install CleanUp! but do not run it yet.

WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp!

WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it.

Download AVG Anti-Spyware
Please download, install, and update AVG Anti-Spyware.

Load AVG Anti-Spyware and then click the Shield tab at the top
- Click on the word active to change it to inactive.
Click the Update tab at the top:
- Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater.
- Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours.
Click the Scanner tab at the top and then the Settings sub-tab:
- Under How to act?, click Recommended actions and select Quarantine.
- Under Reports, select Automatically generate report after every scan
Close AVG Anti-Spyware. Do not run a scan with it yet.

Download Win32DelfKil
Download win32delfkil.exe and save it on your Desktop, but don't do anything else with it yet.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

MyWebSearch

Please let me know if any of these were unable to uninstall.

Run Win32DelfKil

Close all windows.
Double click on win32delfkil.exe to start the removal tool.
The computer will reboot automatically.
After reboot a logfile will open: C:\windelf.txt.

Post the contents of the logfile with your next post.

Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.

Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\MyWebSearch
C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
C:\WINDOWS\system32\tsgqec.dll
C:\WINDOWS\system32\rhttpaa.dll
C:\WINDOWS\system32\jgdwmie.dll
C:\WINDOWS\taskmen32.pif

Run CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
- Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked.
Click OK.
Press the CleanUp! button to start the program.

Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later.

Run AVG Anti-Spyware

Run AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action.
If Set all elements to is not set to Quarantine (1), please click Recommended Action and choose Quarantine from the popup menu (2).
At the bottom of the window, click on the Apply all actions button (3).
When it has finished, click the Save Scan Report button (4), then click Save Report As and save the report it to your desktop.
Close AVG Anti-Spyware.

Reboot
Reboot your system to Normal Mode.

Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded, click on NEXT.
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database: extended
- Scan Options: Scan Archives and Scan Mail Bases
Click OK
Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
Now under select a target to scan, select My Computer
The program will start and scan your system.
The scan will take a while so be patient and let it run all the way.
Once the scan is complete it will display if your system has been infected.
Click on the Save as Text button and save the file to your desktop.
Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.

Submit For Analysis
Please submit the following file (if it still exists) to VirusTotal Scan:

C:\WINDOWS\system32\aaclient.dll

At the top of the window you should see "Select file" and a blank box. Copy and paste the red text from above into the box. Then click "Send". When it is finished, please copy the information listed the two tables (i.e., the scan results and "Additional Information") into Notepad and save it on your Desktop so you can paste it with your next reply.

Download Autoruns

Please download Autoruns and AutoCmd.
Extract the contents of Autoruns into a new folder.
Now extract the contents of AutoCmd into the same folder as Autoruns. This is important!
Double-click on AutoCmd.cmd & select option '1'
It will produce a log called autoruns_X_Y.txt (where X and Y are the date and time respectively). Please attach the log in your next reply.

Generate An Uninstall List

Open HijackThis.
Click on the "Configure" button on the bottom right.
Click on the tab "Misc Tools".
Click on the Box that says "Open Uninstall Manager".
Click on the button "Save list"

Please save a copy and paste the contents with your next reply.

With Your Next Post...
Please paste the following with your next reply (in this order please):

The contents of C:\C:\windelf.txt,
AVG Anti-Spyware scan report,
Kaspersky scan report,
your Autoruns log,
your uninstall list, and
a new HiJackThis log taken after Kaspersky finishes.

Let me know how your machine is behaving now.

StormTroop · 12-08-2006, 08:32 AM

I had quite a few problems in that massive list, and before i post all the logs etc, please can you check some things and help with some others. Here are the problems I found:

1. I was unable to install CleanUp! as the site wouldnt respond as it was too busy. I have aprogram that seems to do a similar thing called CCleaner. Check it out and see what you think. If its no good, please could you email me the setup program for CleanUp!

2. The AVG Spyware Complete Scan took in excess of 2 AND A HALF HOURS!When it was finally done, i made them all quarantine and clicked apply all options. It came up with a message saying something like:
'-some file- is embedded in -some folder- and cant be quarantined. Would you like to quarantine the whole folder?'
I clicked 'Yes' and another came up, and another and another and... so I clicked Yes to All which appeared to jam the computer. Turns out it was just taking ages but not knowing this, I had to close AVG and do ANOTHER scan.
At the end of the scan, there were quite a few items in the list on the left side but ALL of them appeared in the 1st few folders it searched. There was NOTHING in the WINDOWS folder or in the D Drive so, as it was getting late, to stop the scan after it had found all the things in the list that it had done the 1st time. I have the report of that scan but if it isnt sufficient (sigh) ill do another complete scan..

3. Finally, Kaspersky. I think this has been mentioned in a previous post: when i go to the Kaspersky Site and click on 'Kaspersky Online Scanner', a window pops-up giving me the option to accept some terms or decline. I accept, another window appears and like you said, it prompts me to install some ActiveX thing in a information bar at the top of the window. I click install and it gives me another window, no options or anything, just a few irrelevant links to other parts of the site. I wait ages and nohing happens...
so I've also not been able to use the Kaspersky Scanner.

However, I DO have:
the windelf report
the uninstall list
the autorun report
part of an AVG report
and i can get a new HJT log but i havent got one seeing as ive not done all the previous steps.

if you want i can post the things i have.

**Deckard** · 12-08-2006, 07:31 PM

Post what you have; we'll try to go from there. I was hoping that Kaspersky would work since we already cleaned some malware off your computer.

CCleaner is fine.

StormTroop · 12-09-2006, 07:50 AM

Im gonna have to do this over a few posts.

1. WIN32DELFKIL LOGFILE - by Marckie

version 3.112
07/12/2006 18:30:38.25
running from: "C:\Documents and Settings\Tom\Desktop"

--- File(s) found in Windows directory ---
adsldpbg.dll
admparsel.dll
prflbmsgp32.dll

--- File(s) found in system32 folder ---
admparsel.dll

--- Services ---

--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"
"{16875E09-927B-4494-82BD-158A1CD46BA0}"="z"
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}"="z"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}"="z"

--- sharedtaskkey (1): 1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5 ---
no keys found

--- sharedtaskkey (2): 16875E09-927B-4494-82BD-158A1CD46BA0 ---
no keys found

--- sharedtaskkey (3): 0B5F7FDF-0717-45BF-B49D-695F3168C7FE ---
no keys found

--- sharedtaskkey (4): A4F94C0C-54A7-4DB1-9AF3-B22E63D00322 ---
no keys found

--- sharedtaskkey (5): A4F94C0C-54A7-4DB1-9AF3-B22E63D00311 ---
no keys found

--- sharedtaskkey (6): A4F94C0C-54A7-4DB1-9AF3-B22E63D00401 ---
no keys found

--- sharedtaskkey (7): A4F94C0C-54A7-4DB1-9AF3-B22E63D00402 ---
no keys found

--- Notify key ---

--- rebooting the computer ---

--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

--- Notify key ---

Finished!

StormTroop · 12-09-2006, 07:54 AM

Heres my AVG scan report. This is MASSIVE so i had to attach it.

Part-Report.txt

StormTroop · 12-09-2006, 07:55 AM

Tom - 08/12/2006@16:07:47.46
running from C:\Documents and Settings\Tom\Desktop\Autorun\

Other users of this machine:
* Administrator
* Guest
* Isabel
* Joanna
* Musik

----------------------------------------------------------------------------------

HKLM\System\CurrentControlSet\Services
AOL ACS
AOL Connectivity Service
(Verified) America Online, Inc.
c:\program files\common files\aol\acs\aolacsd.exe
AOLService
Removes spyware found by ASP that cannot be removed without a reboot.
c:\program files\common files\aol\aol spyware protection\aolserv.exe
ATI Smart
ATI Smart
c:\windows\system32\ati2sgag.exe
AVG Anti-Spyware Guard
AVG Anti-Spyware guard
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
ccEvtMgr
Symantec Event Manager
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\ccevtmgr.exe
ccProxy
Symantec Network Proxy Service
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\ccproxy.exe
ccSetMgr
Symantec Settings Manager
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\ccsetmgr.exe
Creative Service for CDROM Access
Creative Service for CDROM Access
(Not verified) Creative Technology Ltd
c:\windows\system32\ctsvccda.exe
MpfService
McAfee Personal Firewall Service
(Not verified) McAfee Corporation
c:\program files\mcafee.com\personal firewall\mpfservice.exe
SNDSrvc
Symantec Network Drivers Service
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\sndsrvc.exe
SymWSC
Symantec WMI Service
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\security center\symwsc.exe
WMDM PMSP Service
WMDM PMSP Service
(Not verified) Microsoft Corporation
c:\windows\system32\mspmspsv.exe

HKLM\System\CurrentControlSet\Services
AVG Anti-Spyware Driver
c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
AvgAsCln
AVG7 Clean Driver
(Not verified) GRISOFT, s.r.o.
c:\windows\system32\drivers\avgascln.sys
GEARAspiWDM
CD/DVD Class Filter Driver
(Verified) GEAR Software Inc.
c:\windows\system32\drivers\gearaspiwdm.sys
Iviaspi
InterVideo ASPI Shell
(Not verified) InterVideo, Inc.
c:\windows\system32\drivers\iviaspi.sys
MPFIREWL
c:\windows\system32\drivers\mpfirewall.sys
NAVENG
AV Engine
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\virusdefs\20040625.019\naveng.sys
NAVEX15
AV Engine
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\virusdefs\20040625.019\navex15.sys
Pfc
Padus(R) ASPI Shell
(Not verified) Padus, Inc.
c:\windows\system32\drivers\pfc.sys
PxHelp20
Px Engine Device Driver for Windows 2000/XP
(Not verified) Sonic Solutions
c:\windows\system32\drivers\pxhelp20.sys
SAVRT
AutoProtect
(Verified) Symantec Corporation
c:\program files\norton antivirus\savrt.sys
SAVRTPEL
SAVRTPEL
(Verified) Symantec Corporation
c:\program files\norton antivirus\savrtpel.sys
Secdrv
SafeDisc driver
(Not verified) Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
c:\windows\system32\drivers\secdrv.sys
sonypvs1
File not found: system32\DRIVERS\sonypvs1.sys
SYMDNS
DNS Filter Driver
(Verified) Symantec Corporation
c:\windows\system32\drivers\symdns.sys
SymEvent
Symantec Event Library
(Not verified) Symantec Corporation
c:\program files\symantec\symevent.sys
SYMFW
Firewall Filter Driver
(Verified) Symantec Corporation
c:\windows\system32\drivers\symfw.sys
SYMIDS
IDS Filter Driver
(Verified) Symantec Corporation
c:\windows\system32\drivers\symids.sys
SYMIDSCO
IDS Core Driver
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\symcdata\idsdefs\20061113.031\symidsco.sys
SYMNDIS
NDIS Filter Driver
(Verified) Symantec Corporation
c:\windows\system32\drivers\symndis.sys
SYMREDRV
Redirector Filter Driver
(Verified) Symantec Corporation
c:\windows\system32\drivers\symredrv.sys
SYMTDI
Network Dispatch Driver
(Verified) Symantec Corporation
c:\windows\system32\drivers\symtdi.sys

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
Microsoft Document Imaging Writer Monitor
Microsoft® Document Imaging
(Not verified) Microsoft Corporation
c:\windows\system32\mdimon.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp
Common Client User Session
(Verified) Symantec Corporation
c:\program files\common files\symantec shared\ccapp.exe
AOLDialer
AOL Connectivity Service Dialer
(Verified) America Online, Inc.
c:\program files\common files\aol\acs\aoldial.exe
Symantec NetDriver Monitor
Symantec Security Drivers Install Monitor
(Verified) Symantec Corporation
c:\program files\symnetdrv\sndmon.exe
Microsoft Works Update Detection
Microsoft® Works Update Detection
(Not verified) Microsoft® Corporation
c:\program files\common files\microsoft shared\works shared\wkufind.exe
HostManager
AOLHostManager
(Verified) America Online, Inc.
c:\program files\common files\aol\1133035937\ee\aolhostmanager.exe
SunJavaUpdateSched
Java(TM) 2 Platform Standard Edition binary
(Not verified) Sun Microsystems, Inc.
c:\program files\java\jre1.5.0_06\bin\jusched.exe
%FP%Friendly fts.exe
fts
(Not verified) Friendly Technologies
c:\program files\voyagertest\fts.exe
MPFExe
McAfee Personal Firewall Tray Monitor
(Not verified) McAfee Security
c:\program files\mcafee.com\personal firewall\mpftray.exe
QuickTime Task
QuickTime Task
(Not verified) Apple Computer, Inc.
c:\program files\quicktime\qttask.exe
iTunesHelper
iTunesHelper Module
(Verified) Apple Computer, Inc.
c:\program files\itunes\ituneshelper.exe
DSLSTATEXE
DSL Status Executable
(Not verified) GlobespanVirata, Inc.
c:\program files\bt voyager 105 adsl modem\dslstat.exe
DSLAGENTEXE
c:\program files\bt voyager 105 adsl modem\dslagent.exe
AOL Spyware Protection
AOLSP Scheduler
(Verified) America Online, Inc.
c:\program files\common files\aol\aol spyware protection\aolsp scheduler.exe
!AVG Anti-Spyware
AVG Anti-Spyware
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe

HKLM\SOFTWARE\Classes\Protocols\Filter
application/octet-stream
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
application/x-complus
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
application/x-msdownload
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll

HKLM\SOFTWARE\Classes\Protocols\Handler
ms-itss
Microsoft® InfoTech Storage System Library
(Not verified) Microsoft Corporation
c:\program files\common files\microsoft shared\information retrieval\msitss.dll
msnim
MSN Messenger Protocol Handler
(Not verified) Microsoft Corporation
c:\program files\msn messenger\msgrapp.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
0
File not found: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
n/a
Microsoft .NET IE SECURITY REGISTRATION
(Not verified) Microsoft Corporation
c:\windows\system32\mscories.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk
Adobe Acrobat SpeedLauncher
(Not verified) Adobe Systems Incorporated
c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
AOL 9.0 Tray Icon.lnk
AOL Tray Icon
(Verified) America Online, Inc.
c:\program files\aol 9.0\aoltray.exe
AOL Broadband Check-Up.lnk
Motive Chorus Command Line Interface
(Not verified) Motive Communications, Inc.
c:\program files\aol\broadband checkup\bin\matcli.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MoneyAgent
Microsoft Money Express
(Not verified) Microsoft Corp.
c:\program files\microsoft money\system\mnyexpr.exe
Acme.PCHButton
(Not verified) Motive Communications, Inc.
c:\program files\help and support additions\pavilion\xpewwbf4\plugin\bin\pchbutton.exe

Task Scheduler
AppleSoftwareUpdate.job
Software Application
(Verified) Apple Computer, Inc.
c:\program files\apple software update\softwareupdate.exe
Easy Internet Sign-up.job
HP SDP Application Module
(Not verified) Hewlett-Packard
c:\program files\easy internet signup\hpsdpapp.exe
Norton AntiVirus - Scan my computer - HP_Administrator.job
Norton AntiVirus Scanner Module
(Verified) Symantec Corporation
c:\program files\norton antivirus\navw32.exe
Symantec NetDetect.job
Symantec NetDetect
(Verified) Symantec Corporation
c:\program files\symantec\liveupdate\ndetect.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Adobe PDF Reader Link Helper
Adobe Acrobat IE Helper Version 7.0 for ActiveX
(Verified) Adobe Systems, Incorporated
c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
SSVHelper Class
Java(TM) 2 Platform Standard Edition binary
(Not verified) Sun Microsystems, Inc.
c:\program files\java\jre1.5.0_06\bin\ssv.dll
CNisExtBho Class
NIS Shell Extension
(Not verified) Symantec Corporation
c:\program files\common files\symantec shared\adblocking\nisshext.dll
CNavExtBho Class
Norton AntiVirusNAVShellExt Module
(Verified) Symantec Corporation
c:\program files\norton antivirus\navshext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
AVG Anti-Spyware 7.5
AVG Anti-Spyware shellexecutehook
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Display Panning CPL Extension
File not found: deskpan.dll
Fusion Cache
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
RecordNow! SendToExt
Shell Extensions
c:\program files\sonic recordnow!\shlext.dll
SampleView
ShellvRTF
(Not verified) XSS
c:\windows\system32\shellvrtf.dll
Nokia Phone Browser
Phone Browser
(Not verified) Nokia
c:\program files\nokia\nokia pc suite 6\phonebrowser.dll
Contact View
Phone Browser Contact View
(Not verified) Nokia
c:\program files\nokia\nokia pc suite 6\contactview.dll
Message View
Phone Browser Message View
(Not verified) Nokia
c:\program files\nokia\nokia pc suite 6\messageview.dll
iTunes
iTunes Mini Player DLL
(Verified) Apple Computer, Inc.
c:\program files\itunes\itunesminiplayer.dll
Haali Column Provider
c:\windows\system32\mmfinfo.dll
ShellLink for Application References
Application Deployment Support Library
(Not verified) Microsoft Corporation
c:\windows\system32\dfshim.dll
Shell Icon Handler for Application References
Application Deployment Support Library
(Not verified) Microsoft Corporation
c:\windows\system32\dfshim.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
Haali Column Provider
c:\windows\system32\mmfinfo.dll
PDF Shell Extension
PDF Shell Extension
(Not verified) Adobe Systems, Inc.
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar
hpdtlk02.dll
hp view toolbar
(Not verified) Hewlett-Packard Company
c:\program files\hp\digital imaging\bin\hpdtlk02.dll
Norton AntiVirus
Norton AntiVirusNAVShellExt Module
(Verified) Symantec Corporation
c:\program files\norton antivirus\navshext.dll
toolbar.dll
IE Toolbar
(Not verified) IE Toolbar
c:\program files\aol toolbar\toolbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions
Run IMVU
c:\documents and settings\joanna\start menu\programs\imvu\run imvu.lnk
@xpsp3res.dll,-20001
File not found: C:\WINDOWS\Network

StormTroop · 12-09-2006, 07:56 AM

102 Dalmatians Activity Centre
Ad-Aware SE Personal
Adobe Reader 7.0.8
Advanced X Video Converter
Agere Systems PCI Soft Modem
Angry Dog
AOL Broadband Check-Up
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar
AOL UK (Choose which version to remove)
AOL Uninstaller
AOL You've Got Pictures Screensaver
Apple Software Update
ATI Display Driver
AVG Anti-Spyware 7.5
BAMZOOKi v3.1 (build 115.158)
Black and White
BT Voyager 105 ADSL Modem
BT Voyager Modem AOL Test
Burping Bear
CCleaner (remove only)
christmas 11
christmas19
christmas20
Cole2k Media - Codec Pack (Advanced) 6.0.7
Command & Conquer Red Alert 2
Command & Conquer Tiberian Sun
Command && Conquer Red Alert 2 - Yuri's Revenge
Cool Edit Pro 2.0
Crazy Frog
Creative Driver
Creative MediaSource
Disney's 102 Dalmatians Puppies to the Rescue
Dogz 5
Driver Cleaner 3
Easy Internet Sign-up
End It All
EndItAll 2.0
Excited
FinalAlert 2 Yuri's Revenge
FrostWire
Google Earth
Google Video Player
Happy Dance
Help and Support Additions
HijackThis 1.99.1
Hippo Pic
Hotfix for Windows XP (KB926239)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.2
HP Image Zone for Media Center PC
HP Image Zone Plus 4.2
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 4.0
HP Software Update
HP Tunes
HPIZ402
Insaniquarium Deluxe
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iPod for Windows 2006-03-23
iPod Software 1.3 Updater
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
KBD
Learn2 Player (Uninstall Only)
LimeWire 4.12.6
LiveUpdate 2.6 (Symantec Corporation)
Love Pug
Macromedia Flash Player
Macromedia Flash Player 8
Macromedia FreeHand MXa
Macromedia Shockwave Player
McAfee Personal Firewall Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft AutoRoute v11.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Picture It! Photo Standard 9
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (2.0)
MPEG Encoder 3
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
PC-Doctor for Windows
Photosmart 320,370,7400,8100,8400 Series
PTC ProDESKTOP 2000i2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
Ranger Outpost Remote Client
RealPlayer Basic
Riva FLV Encoder 2.0
Riva FLV Player
Sad Penguin
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
ScareCrow I Miss You
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Shockwave
Sleepy Soldier
Sonic Encoders
Sonic RecordNow!
Sound Blaster Audigy 2 ZS
Steinberg Cubase LE
Super Yellow 4 Animated Emoticons
The Battle for Middle-earth (tm)
The Battle for Middle-earth (tm) II
The Sims 2
The Sims 2 Pets
The Sims 2 University
Turbo Tanks
Twisted Whiskers Laughing Dog
Update for Windows Media Player 10 (KB913800)
Viewpoint Media Player
Vodafone 804SS USB driver Software
Westwood Shared Internet Components
Winamp (remove only)
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Vista Upgrade Advisor
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB925766

StormTroop · 12-09-2006, 07:57 AM

Logfile of HijackThis v1.99.1
Scan saved at 15:45:09, on 09/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\HJT!\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://media10.fastclick.net/w/safep...22&nfcp=1&fp=2
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm824YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

**Deckard** · 12-09-2006, 11:34 AM

We're getting there. How is your system behaving now?

P2P Software
I see you have P2P software (i.e. LimeWire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Viewpoint Media Player

Please let me know if any of these were unable to uninstall.

HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm824YYGB

Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.

Deletions
Delete the following Folders indicated in BLUE if they still exist:

C:\Documents and Settings\Joanna\Complete
C:\Documents and Settings\Tom\Complete
C:\Program Files\Viewpoint

Clear Cookies
Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General. Under Temporary Internet Files, click on Delete Cookies. Then click Delete Files.

Clear your Firefox cookies. From the open browser, go to Tools>Options>Privacy>Cookies>Clear.

Download Dr.Web CureIt
Download Dr.Web CureIt to the Desktop.

Doubleclick the drweb-cureit.exe file and Allow to run the express scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured (in case if we need samples).
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

With Your Next Post...
Please paste the following with your next reply (in this order please):

Dr.Web scan report,
The contents of C:\WINDOWS\system32\drivers\etc\hosts, and
a new HiJackThis log taken after Dr.Web finishes.

StormTroop · 12-09-2006, 01:29 PM

Heres my DrWeb Report.

killapps.exe;C:\hp\drivers\audio\Creative\AudigyII_ZS\Audio\Drivers\COMMON;Tool.Prockill;Incurable.Moved.;
Uninstall My Web Search.dll;C:\Program Files;Adware.Msearch;Incurable.Moved.;
setup.exe;C:\Program Files\AOL\Installers\ASP 2.0;Probably BACKDOOR.Trojan;Incurable.Moved.;
fwRemoteCfg.dll;C:\Program Files\Common Files\FTL Shared;Probably DLOADER.Trojan;Incurable.Moved.;
gdnUS250.exe;C:\WINDOWS\Downloaded Program Files;Trojan.DownLoader.3080;Deleted.;
gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.1;Trojan.DownLoader.3080;Deleted.;
gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.2;Trojan.DownLoader.3080;Deleted.;
gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.3;Trojan.DownLoader.3080;Deleted.;
gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.4;Trojan.DownLoader.3080;Deleted.;
gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.5;Trojan.DownLoader.3080;Deleted.;
gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.6;Trojan.DownLoader.3080;Deleted.;
gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.7;Trojan.DownLoader.3080;Deleted.;
gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.8;Trojan.DownLoader.3080;Deleted.;
KILLAPPS.EXE;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\WINDOWS\system32;Tool.ShutDown.11;Incurable.Moved.;
winks.exe;C:\WINDOWS\system32;Trojan.Isbar.301;Deleted.;

This is all i found in hosts:

127.0.0.1 localhost

...and a new HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 21:28:22, on 09/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\HJT!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

As for Limewire, I very rarely use it, but when I do, I always have a Firewall running. (if that helps..).

11-30-2006, 03:38 PM	#1 (permalink)
groovyreg Registered User Join Date: Sep 2006 Posts: 9 OS: XP	Spyware/ Malware Removal Hello tech-types. A friend asked me for some advice concerning problems they were having with their PC. They are fairly non-techy, even less than myself, so I thought I'd have a go but I can't get anywhere so I'm here for some advice. They generally connect to the net with AOL but whilst AOL will connect to the net they were getting completely blank webpages that they couldn't do anything with. As a result they were connecting with AOL and then using IE6 for browsing. An automatic update downloaded IE7 (which I'm using with no problems) but the installation failed - no idea why. Since then IE looks like v6 but, going to help>about shows a v7 number. The address bar and most links now bring up an error message with words to the effect that 'the lookup key [something or other] context'. Sorry, I can't actually remember the actual wording and I don't have their PC in front on me. The Google homepage will load and the search bar from that will show results. Links from there can be clicked and loaded but after moving a couple of pages on, or trying any download, the same message appears. I suggested getting Firefox to at least be able to browse and see if others were experiencing the same problem. He couldn't download it so I emailed it to him [yes, email is working], along with the standalone IE7 package. He tried installing IE7 that way but with no joy. I told him to run HJT and send me the logfile and run Kaspersky and send that log. He can now get to the page with the online scanner button but after pressing that and the popup arriving asking him to accept the terms, pressing accept does nothing - no start of download for Kaspersky, he just can't get any further. He's tried the same thing with the same result for Panda Active Scan. The only thing he's been able to send me is the HJT log. I did ask him to try again after disabling his firewalls/antivirus but it was no different. AOL seems to have loaded a lot onto his computer, he also seems to be running MacAffee and Norton Firewall. There were well over 50 processes running last time I looked. He probably could do with doing a full reinstall but I'm not sure that he'd really be able to. Please suggest steps to resolve the immediate internet problems and hopefully provide advice on ways of slimming down what's going on with his processes. I'll not be too surprised if there are some beasties on that system somewhere. HJT log below: Logfile of HijackThis v1.99.1 Scan saved at 18:21:23, on 30/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\VoyagerTest\fts.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\alt.exe C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe C:\Program Files\AOL 9.0\aoltray.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HJT!\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00320} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe O4 - HKLM\..\Run: [links] links.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/ins...ploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Thanks Last edited by groovyreg; 11-30-2006 at 03:48 PM.

12-02-2006, 01:23 PM	#2 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Hello, and welcome to the HijackThis Help Forum. Apologies for any delay in replying, but we have been rather busy lately. Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance. Thank you. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

12-02-2006, 03:47 PM	#3 (permalink)
groovyreg Registered User Join Date: Sep 2006 Posts: 9 OS: XP	New logfile Hi. Thanks for replying. I have a new log file sent from my friend. He seems to be unable to post himself: You do not have permission to access this page. This could be due to one of several reasons: Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system? If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation. The new log file: Logfile of HijackThis v1.99.1 Scan saved at 21:37:19, on 02/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\alt.exe C:\Program Files\AOL 9.0\aoltray.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HJT!\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00320} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe O4 - HKLM\..\Run: [links] links.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/ins...ploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Thanks

12-02-2006, 04:21 PM	#4 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any. Download ComboFix Please download ComboFix to your Desktop. Highlight and copy the following: "%userprofile%\desktop\combofix.exe" /v req st3 admparsek fontextb Then go to Start > Run, paste it into the text field, and then click OK. While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as C:\ComboFix.txt. Post that log in your next reply. Reboot Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows. HijackThis Fixes Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any): O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - (no file) O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00320} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [links] links.exe O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/ins...ploader_v6.cab O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis. Deletions Delete the following Files indicated in RED if they still exist. C:\WINDOWS\alt.exe C:\WINDOWS\netdde.dll C:\WINDOWS\prflbmsgp32.dll links.exe << Find via Start>Search Reboot Reboot your system to Normal Mode. With Your Next Post... Please paste the following with your next reply (in this order please): The content of C:\ComboFix.txt, a new HiJackThis log taken after ComboFix finishes. Let me know how the system is behaving now. Hopefully it's acting a little better. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

12-02-2006, 05:16 PM	#6 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	No problem. I'm subscribed to this thread so I will be notified when you reply. Good luck! __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

12-02-2006, 05:13 PM	#5 (permalink)
groovyreg Registered User Join Date: Sep 2006 Posts: 9 OS: XP	Thanks for the advice. It's pretty late here (in the UK, I'm not sure where you are). My friend is monitoring these posts and will follow the instructions but it won't be until tomorrow. I'll post his results as soon as I get them. Thanks again.

12-02-2006, 05:17 PM	#7 (permalink)
groovyreg Registered User Join Date: Sep 2006 Posts: 9 OS: XP	You're in Oregon - not very observant, sorry.

12-02-2006, 05:22 PM	#8 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	LOL. No need to apologize. It's only 5:30pm here right now. See you on the flipside. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

12-06-2006, 11:57 AM	#10 (permalink)
StormTroop Registered User Join Date: Dec 2006 Location: UK Posts: 116 OS: XP Media Centre	Spyware/ Malware Removal Ok you can carry on from here..

12-08-2006, 08:32 AM	#12 (permalink)
StormTroop Registered User Join Date: Dec 2006 Location: UK Posts: 116 OS: XP Media Centre	hmmm I had quite a few problems in that massive list, and before i post all the logs etc, please can you check some things and help with some others. Here are the problems I found: 1. I was unable to install CleanUp! as the site wouldnt respond as it was too busy. I have aprogram that seems to do a similar thing called CCleaner. Check it out and see what you think. If its no good, please could you email me the setup program for CleanUp! 2. The AVG Spyware Complete Scan took in excess of 2 AND A HALF HOURS!When it was finally done, i made them all quarantine and clicked apply all options. It came up with a message saying something like: '-some file- is embedded in -some folder- and cant be quarantined. Would you like to quarantine the whole folder?' I clicked 'Yes' and another came up, and another and another and... so I clicked Yes to All which appeared to jam the computer. Turns out it was just taking ages but not knowing this, I had to close AVG and do ANOTHER scan. At the end of the scan, there were quite a few items in the list on the left side but ALL of them appeared in the 1st few folders it searched. There was NOTHING in the WINDOWS folder or in the D Drive so, as it was getting late, to stop the scan after it had found all the things in the list that it had done the 1st time. I have the report of that scan but if it isnt sufficient (sigh) ill do another complete scan.. 3. Finally, Kaspersky. I think this has been mentioned in a previous post: when i go to the Kaspersky Site and click on 'Kaspersky Online Scanner', a window pops-up giving me the option to accept some terms or decline. I accept, another window appears and like you said, it prompts me to install some ActiveX thing in a information bar at the top of the window. I click install and it gives me another window, no options or anything, just a few irrelevant links to other parts of the site. I wait ages and nohing happens... so I've also not been able to use the Kaspersky Scanner. However, I DO have: the windelf report the uninstall list the autorun report part of an AVG report and i can get a new HJT log but i havent got one seeing as ive not done all the previous steps. if you want i can post the things i have.

12-08-2006, 07:31 PM	#13 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Post what you have; we'll try to go from there. I was hoping that Kaspersky would work since we already cleaned some malware off your computer. CCleaner is fine. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

12-09-2006, 07:50 AM	#14 (permalink)
StormTroop Registered User Join Date: Dec 2006 Location: UK Posts: 116 OS: XP Media Centre	windelf Im gonna have to do this over a few posts. 1. WIN32DELFKIL LOGFILE - by Marckie version 3.112 07/12/2006 18:30:38.25 running from: "C:\Documents and Settings\Tom\Desktop" --- File(s) found in Windows directory --- adsldpbg.dll admparsel.dll prflbmsgp32.dll --- File(s) found in system32 folder --- admparsel.dll --- Services --- --- Export SharedTaskScheduler key --- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3" "{16875E09-927B-4494-82BD-158A1CD46BA0}"="z" "{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}"="z" --- sharedtaskkey (1): 1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5 --- no keys found --- sharedtaskkey (2): 16875E09-927B-4494-82BD-158A1CD46BA0 --- no keys found --- sharedtaskkey (3): 0B5F7FDF-0717-45BF-B49D-695F3168C7FE --- no keys found --- sharedtaskkey (4): A4F94C0C-54A7-4DB1-9AF3-B22E63D00322 --- no keys found --- sharedtaskkey (5): A4F94C0C-54A7-4DB1-9AF3-B22E63D00311 --- no keys found --- sharedtaskkey (6): A4F94C0C-54A7-4DB1-9AF3-B22E63D00401 --- no keys found --- sharedtaskkey (7): A4F94C0C-54A7-4DB1-9AF3-B22E63D00402 --- no keys found --- Notify key --- --- rebooting the computer --- --- File(s) found in Windows directory --- --- File(s) found in system32 folder --- --- Services --- --- Export SharedTaskSchedulerkey --- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" --- Notify key --- Finished!

12-09-2006, 07:54 AM	#15 (permalink)
StormTroop Registered User Join Date: Dec 2006 Location: UK Posts: 116 OS: XP Media Centre	my part AVG scan Heres my AVG scan report. This is MASSIVE so i had to attach it. Part-Report.txt

12-09-2006, 07:55 AM	#16 (permalink)
StormTroop Registered User Join Date: Dec 2006 Location: UK Posts: 116 OS: XP Media Centre	Autoruns Log Tom - 08/12/2006@16:07:47.46 running from C:\Documents and Settings\Tom\Desktop\Autorun\ Other users of this machine: * Administrator * Guest * Isabel * Joanna * Musik ---------------------------------------------------------------------------------- HKLM\System\CurrentControlSet\Services AOL ACS AOL Connectivity Service (Verified) America Online, Inc. c:\program files\common files\aol\acs\aolacsd.exe AOLService Removes spyware found by ASP that cannot be removed without a reboot. c:\program files\common files\aol\aol spyware protection\aolserv.exe ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe AVG Anti-Spyware Guard AVG Anti-Spyware guard (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\guard.exe ccEvtMgr Symantec Event Manager (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccevtmgr.exe ccProxy Symantec Network Proxy Service (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccproxy.exe ccSetMgr Symantec Settings Manager (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccsetmgr.exe Creative Service for CDROM Access Creative Service for CDROM Access (Not verified) Creative Technology Ltd c:\windows\system32\ctsvccda.exe MpfService McAfee Personal Firewall Service (Not verified) McAfee Corporation c:\program files\mcafee.com\personal firewall\mpfservice.exe SNDSrvc Symantec Network Drivers Service (Verified) Symantec Corporation c:\program files\common files\symantec shared\sndsrvc.exe SymWSC Symantec WMI Service (Verified) Symantec Corporation c:\program files\common files\symantec shared\security center\symwsc.exe WMDM PMSP Service WMDM PMSP Service (Not verified) Microsoft Corporation c:\windows\system32\mspmspsv.exe HKLM\System\CurrentControlSet\Services AVG Anti-Spyware Driver c:\program files\grisoft\avg anti-spyware 7.5\guard.sys AvgAsCln AVG7 Clean Driver (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avgascln.sys GEARAspiWDM CD/DVD Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys Iviaspi InterVideo ASPI Shell (Not verified) InterVideo, Inc. c:\windows\system32\drivers\iviaspi.sys MPFIREWL c:\windows\system32\drivers\mpfirewall.sys NAVENG AV Engine (Verified) Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20040625.019\naveng.sys NAVEX15 AV Engine (Verified) Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20040625.019\navex15.sys Pfc Padus(R) ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys SAVRT AutoProtect (Verified) Symantec Corporation c:\program files\norton antivirus\savrt.sys SAVRTPEL SAVRTPEL (Verified) Symantec Corporation c:\program files\norton antivirus\savrtpel.sys Secdrv SafeDisc driver (Not verified) Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys sonypvs1 File not found: system32\DRIVERS\sonypvs1.sys SYMDNS DNS Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symdns.sys SymEvent Symantec Event Library (Not verified) Symantec Corporation c:\program files\symantec\symevent.sys SYMFW Firewall Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symfw.sys SYMIDS IDS Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symids.sys SYMIDSCO IDS Core Driver (Verified) Symantec Corporation c:\program files\common files\symantec shared\symcdata\idsdefs\20061113.031\symidsco.sys SYMNDIS NDIS Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symndis.sys SYMREDRV Redirector Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symredrv.sys SYMTDI Network Dispatch Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symtdi.sys HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging (Not verified) Microsoft Corporation c:\windows\system32\mdimon.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccApp Common Client User Session (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccapp.exe AOLDialer AOL Connectivity Service Dialer (Verified) America Online, Inc. c:\program files\common files\aol\acs\aoldial.exe Symantec NetDriver Monitor Symantec Security Drivers Install Monitor (Verified) Symantec Corporation c:\program files\symnetdrv\sndmon.exe Microsoft Works Update Detection Microsoft® Works Update Detection (Not verified) Microsoft® Corporation c:\program files\common files\microsoft shared\works shared\wkufind.exe HostManager AOLHostManager (Verified) America Online, Inc. c:\program files\common files\aol\1133035937\ee\aolhostmanager.exe SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_06\bin\jusched.exe %FP%Friendly fts.exe fts (Not verified) Friendly Technologies c:\program files\voyagertest\fts.exe MPFExe McAfee Personal Firewall Tray Monitor (Not verified) McAfee Security c:\program files\mcafee.com\personal firewall\mpftray.exe QuickTime Task QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe iTunesHelper iTunesHelper Module (Verified) Apple Computer, Inc. c:\program files\itunes\ituneshelper.exe DSLSTATEXE DSL Status Executable (Not verified) GlobespanVirata, Inc. c:\program files\bt voyager 105 adsl modem\dslstat.exe DSLAGENTEXE c:\program files\bt voyager 105 adsl modem\dslagent.exe AOL Spyware Protection AOLSP Scheduler (Verified) America Online, Inc. c:\program files\common files\aol\aol spyware protection\aolsp scheduler.exe !AVG Anti-Spyware AVG Anti-Spyware (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe HKLM\SOFTWARE\Classes\Protocols\Filter application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll HKLM\SOFTWARE\Classes\Protocols\Handler ms-itss Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\information retrieval\msitss.dll msnim MSN Messenger Protocol Handler (Not verified) Microsoft Corporation c:\program files\msn messenger\msgrapp.dll HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components 0 File not found: About:Home HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher (Not verified) Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe AOL 9.0 Tray Icon.lnk AOL Tray Icon (Verified) America Online, Inc. c:\program files\aol 9.0\aoltray.exe AOL Broadband Check-Up.lnk Motive Chorus Command Line Interface (Not verified) Motive Communications, Inc. c:\program files\aol\broadband checkup\bin\matcli.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run MoneyAgent Microsoft Money Express (Not verified) Microsoft Corp. c:\program files\microsoft money\system\mnyexpr.exe Acme.PCHButton (Not verified) Motive Communications, Inc. c:\program files\help and support additions\pavilion\xpewwbf4\plugin\bin\pchbutton.exe Task Scheduler AppleSoftwareUpdate.job Software Application (Verified) Apple Computer, Inc. c:\program files\apple software update\softwareupdate.exe Easy Internet Sign-up.job HP SDP Application Module (Not verified) Hewlett-Packard c:\program files\easy internet signup\hpsdpapp.exe Norton AntiVirus - Scan my computer - HP_Administrator.job Norton AntiVirus Scanner Module (Verified) Symantec Corporation c:\program files\norton antivirus\navw32.exe Symantec NetDetect.job Symantec NetDetect (Verified) Symantec Corporation c:\program files\symantec\liveupdate\ndetect.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll SSVHelper Class Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_06\bin\ssv.dll CNisExtBho Class NIS Shell Extension (Not verified) Symantec Corporation c:\program files\common files\symantec shared\adblocking\nisshext.dll CNavExtBho Class Norton AntiVirusNAVShellExt Module (Verified) Symantec Corporation c:\program files\norton antivirus\navshext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Display Panning CPL Extension File not found: deskpan.dll Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll RecordNow! SendToExt Shell Extensions c:\program files\sonic recordnow!\shlext.dll SampleView ShellvRTF (Not verified) XSS c:\windows\system32\shellvrtf.dll Nokia Phone Browser Phone Browser (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\phonebrowser.dll Contact View Phone Browser Contact View (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\contactview.dll Message View Phone Browser Message View (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\messageview.dll iTunes iTunes Mini Player DLL (Verified) Apple Computer, Inc. c:\program files\itunes\itunesminiplayer.dll Haali Column Provider c:\windows\system32\mmfinfo.dll ShellLink for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll Shell Icon Handler for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll HKLM\Software\Classes\Folder\Shellex\ColumnHandlers Haali Column Provider c:\windows\system32\mmfinfo.dll PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll HKLM\Software\Microsoft\Internet Explorer\Toolbar hpdtlk02.dll hp view toolbar (Not verified) Hewlett-Packard Company c:\program files\hp\digital imaging\bin\hpdtlk02.dll Norton AntiVirus Norton AntiVirusNAVShellExt Module (Verified) Symantec Corporation c:\program files\norton antivirus\navshext.dll toolbar.dll IE Toolbar (Not verified) IE Toolbar c:\program files\aol toolbar\toolbar.dll HKLM\Software\Microsoft\Internet Explorer\Extensions Run IMVU c:\documents and settings\joanna\start menu\programs\imvu\run imvu.lnk @xpsp3res.dll,-20001 File not found: C:\WINDOWS\Network

12-09-2006, 07:56 AM	#17 (permalink)
StormTroop Registered User Join Date: Dec 2006 Location: UK Posts: 116 OS: XP Media Centre	Uninstall List 102 Dalmatians Activity Centre Ad-Aware SE Personal Adobe Reader 7.0.8 Advanced X Video Converter Agere Systems PCI Soft Modem Angry Dog AOL Broadband Check-Up AOL Coach Version 1.0(Build:20040229.1 uk) AOL Connectivity Services AOL Spyware Protection AOL Toolbar AOL UK (Choose which version to remove) AOL Uninstaller AOL You've Got Pictures Screensaver Apple Software Update ATI Display Driver AVG Anti-Spyware 7.5 BAMZOOKi v3.1 (build 115.158) Black and White BT Voyager 105 ADSL Modem BT Voyager Modem AOL Test Burping Bear CCleaner (remove only) christmas 11 christmas19 christmas20 Cole2k Media - Codec Pack (Advanced) 6.0.7 Command & Conquer Red Alert 2 Command & Conquer Tiberian Sun Command && Conquer Red Alert 2 - Yuri's Revenge Cool Edit Pro 2.0 Crazy Frog Creative Driver Creative MediaSource Disney's 102 Dalmatians Puppies to the Rescue Dogz 5 Driver Cleaner 3 Easy Internet Sign-up End It All EndItAll 2.0 Excited FinalAlert 2 Yuri's Revenge FrostWire Google Earth Google Video Player Happy Dance Help and Support Additions HijackThis 1.99.1 Hippo Pic Hotfix for Windows XP (KB926239) HP Deskjet Preloaded Printer Drivers HP Image Zone 4.2 HP Image Zone for Media Center PC HP Image Zone Plus 4.2 HP Photo & Imaging 3.5 - HP Devices HP PSC & OfficeJet 4.0 HP Software Update HP Tunes HPIZ402 Insaniquarium Deluxe InterVideo WinDVD Creator 2 InterVideo WinDVD Player iPod for Windows 2006-03-23 iPod Software 1.3 Updater iTunes J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.2_03 KBD Learn2 Player (Uninstall Only) LimeWire 4.12.6 LiveUpdate 2.6 (Symantec Corporation) Love Pug Macromedia Flash Player Macromedia Flash Player 8 Macromedia FreeHand MXa Macromedia Shockwave Player McAfee Personal Firewall Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft AutoRoute v11.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Encarta Encyclopedia Standard - WE 2004 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money Microsoft Money System Pack Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft Picture It! Photo Standard 9 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works Microsoft Works 2004 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word Mozilla Firefox (2.0) MPEG Encoder 3 MSN Messenger 7.5 MSXML 4.0 SP2 (KB927978) PC-Doctor for Windows Photosmart 320,370,7400,8100,8400 Series PTC ProDESKTOP 2000i2 Python 2.2 combined Win32 extensions Python 2.2.1 QuickTime Ranger Outpost Remote Client RealPlayer Basic Riva FLV Encoder 2.0 Riva FLV Player Sad Penguin SAMSUNG CDMA Modem Driver Set SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio Samsung PC Studio 3 USB Driver Installer ScareCrow I Miss You Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Shockwave Sleepy Soldier Sonic Encoders Sonic RecordNow! Sound Blaster Audigy 2 ZS Steinberg Cubase LE Super Yellow 4 Animated Emoticons The Battle for Middle-earth (tm) The Battle for Middle-earth (tm) II The Sims 2 The Sims 2 Pets The Sims 2 University Turbo Tanks Twisted Whiskers Laughing Dog Update for Windows Media Player 10 (KB913800) Viewpoint Media Player Vodafone 804SS USB driver Software Westwood Shared Internet Components Winamp (remove only) Windows Defender Windows Genuine Advantage v1.3.0254.0 Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 Windows Vista Upgrade Advisor Windows XP Media Center Edition 2005 KB908250 Windows XP Media Center Edition 2005 KB925766

12-09-2006, 07:57 AM	#18 (permalink)
StormTroop Registered User Join Date: Dec 2006 Location: UK Posts: 116 OS: XP Media Centre	Fresh HJT Log Logfile of HijackThis v1.99.1 Scan saved at 15:45:09, on 09/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\VoyagerTest\fts.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft Works\WkDStore.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\HJT!\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://media10.fastclick.net/w/safep...22&nfcp=1&fp=2 R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm824YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

12-09-2006, 11:34 AM	#19 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	We're getting there. How is your system behaving now? P2P Software I see you have P2P software (i.e. LimeWire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. Uninstall Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): Viewpoint Media Player Please let me know if any of these were unable to uninstall. HijackThis Fixes Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any): R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm824YYGB Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis. Deletions Delete the following Folders indicated in BLUE if they still exist: C:\Documents and Settings\Joanna\Complete C:\Documents and Settings\Tom\Complete C:\Program Files\Viewpoint Clear Cookies Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General. Under Temporary Internet Files, click on Delete Cookies. Then click Delete Files. Clear your Firefox cookies. From the open browser, go to Tools>Options>Privacy>Cookies>Clear. Download Dr.Web CureIt Download Dr.Web CureIt to the Desktop. Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured (in case if we need samples). After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. With Your Next Post... Please paste the following with your next reply (in this order please): Dr.Web scan report, The contents of C:\WINDOWS\system32\drivers\etc\hosts, and a new HiJackThis log taken after Dr.Web finishes. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006

12-09-2006, 01:29 PM	#20 (permalink)
StormTroop Registered User Join Date: Dec 2006 Location: UK Posts: 116 OS: XP Media Centre	Heres my DrWeb Report. killapps.exe;C:\hp\drivers\audio\Creative\AudigyII_ZS\Audio\Drivers\COMMON;Tool.Prockill;Incurable.Moved.; Uninstall My Web Search.dll;C:\Program Files;Adware.Msearch;Incurable.Moved.; setup.exe;C:\Program Files\AOL\Installers\ASP 2.0;Probably BACKDOOR.Trojan;Incurable.Moved.; fwRemoteCfg.dll;C:\Program Files\Common Files\FTL Shared;Probably DLOADER.Trojan;Incurable.Moved.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.1;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.2;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.3;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.4;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.5;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.6;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.7;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.8;Trojan.DownLoader.3080;Deleted.; KILLAPPS.EXE;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.; process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.; restart.exe;C:\WINDOWS\system32;Tool.ShutDown.11;Incurable.Moved.; winks.exe;C:\WINDOWS\system32;Trojan.Isbar.301;Deleted.; This is all i found in hosts: 127.0.0.1 localhost ...and a new HJT Log Logfile of HijackThis v1.99.1 Scan saved at 21:28:22, on 09/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\VoyagerTest\fts.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\HJT!\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe As for Limewire, I very rarely use it, but when I do, I always have a Firewall running. (if that helps..).