|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-30-2006, 04:38 PM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 9
OS: XP
|
Spyware/ Malware Removal
Hello tech-types. A friend asked me for some advice concerning problems they were having with their PC. They are fairly non-techy, even less than myself, so I thought I'd have a go but I can't get anywhere so I'm here for some advice.
They generally connect to the net with AOL but whilst AOL will connect to the net they were getting completely blank webpages that they couldn't do anything with. As a result they were connecting with AOL and then using IE6 for browsing. An automatic update downloaded IE7 (which I'm using with no problems) but the installation failed - no idea why. Since then IE looks like v6 but, going to help>about shows a v7 number. The address bar and most links now bring up an error message with words to the effect that 'the lookup key [something or other] context'. Sorry, I can't actually remember the actual wording and I don't have their PC in front on me. The Google homepage will load and the search bar from that will show results. Links from there can be clicked and loaded but after moving a couple of pages on, or trying any download, the same message appears. I suggested getting Firefox to at least be able to browse and see if others were experiencing the same problem. He couldn't download it so I emailed it to him [yes, email is working], along with the standalone IE7 package. He tried installing IE7 that way but with no joy. I told him to run HJT and send me the logfile and run Kaspersky and send that log. He can now get to the page with the online scanner button but after pressing that and the popup arriving asking him to accept the terms, pressing accept does nothing - no start of download for Kaspersky, he just can't get any further. He's tried the same thing with the same result for Panda Active Scan. The only thing he's been able to send me is the HJT log. I did ask him to try again after disabling his firewalls/antivirus but it was no different. AOL seems to have loaded a lot onto his computer, he also seems to be running MacAffee and Norton Firewall. There were well over 50 processes running last time I looked. He probably could do with doing a full reinstall but I'm not sure that he'd really be able to. Please suggest steps to resolve the immediate internet problems and hopefully provide advice on ways of slimming down what's going on with his processes. I'll not be too surprised if there are some beasties on that system somewhere. HJT log below: Logfile of HijackThis v1.99.1 Scan saved at 18:21:23, on 30/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\VoyagerTest\fts.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\alt.exe C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe C:\Program Files\AOL 9.0\aoltray.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HJT!\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00320} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe O4 - HKLM\..\Run: [links] links.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/ins...ploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Thanks Last edited by groovyreg; 11-30-2006 at 04:48 PM. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
12-02-2006, 02:23 PM
|
#2 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
Hello, and welcome to the HijackThis Help Forum.
Apologies for any delay in replying, but we have been rather busy lately. Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance. Thank you.
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.  UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-02-2006, 04:47 PM
|
#3 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 9
OS: XP
|
New logfile
Hi. Thanks for replying. I have a new log file sent from my friend. He seems to be unable to post himself:
You do not have permission to access this page. This could be due to one of several reasons: Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system? If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation. The new log file: Logfile of HijackThis v1.99.1 Scan saved at 21:37:19, on 02/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\alt.exe C:\Program Files\AOL 9.0\aoltray.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HJT!\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\prflbmsgp32.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {621D36CC-09F4-44F6-BA4C-C8FBEAA00207} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00320} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00402} - C:\WINDOWS\system32\fontextb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe O4 - HKLM\..\Run: [links] links.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.exe O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/ins...ploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Thanks |
|
|
|
|
12-02-2006, 05:21 PM
|
#4 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any. Download ComboFix Please download ComboFix to your Desktop. Highlight and copy the following: "%userprofile%\desktop\combofix.exe" /v req st3 admparsek fontextbThen go to Start > Run, paste it into the text field, and then click OK.  Reboot Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows. HijackThis Fixes Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any): O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dllPlease remember to close all other windows, including browsers then click Fix checked. Close HijackThis. Deletions Delete the following Files indicated in RED if they still exist. C:\WINDOWS\alt.exe Reboot Reboot your system to Normal Mode. With Your Next Post... Please paste the following with your next reply (in this order please):
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-02-2006, 06:13 PM
|
#5 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 9
OS: XP
|
Thanks for the advice. It's pretty late here (in the UK, I'm not sure where you are). My friend is monitoring these posts and will follow the instructions but it won't be until tomorrow. I'll post his results as soon as I get them. Thanks again.
|
|
|
|
|
12-02-2006, 06:16 PM
|
#6 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
No problem. I'm subscribed to this thread so I will be notified when you reply. Good luck!
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-02-2006, 06:22 PM
|
#8 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
LOL. No need to apologize. It's only 5:30pm here right now.
See you on the flipside. 
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-04-2006, 02:02 PM
|
#9 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 9
OS: XP
|
Sorry for the wait:
If it's all cleared up, could you please provide protection advice to my friend. Thanks. Combofix & new HJT below - Tom - 06-12-03 11:11:20.78 Service Pack 2 ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Tom\desktop" Command switches used :: /v req st3 admparsek fontextb (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log ))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\req.dll C:\WINDOWS\system32\st3.dll C:\WINDOWS\system32\admparsek.dll C:\WINDOWS\system32\fontextb.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) d:\autorun.inf C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.48 C:\Program Files\winupdates C:\WINDOWS\system32\aamd532.dll ((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 )))))))))))))))))))))))))))))))))) 2006-12-03 11:17 <DIR> d-------- C:\WINNT 2006-12-03 11:16 <DIR> d-------- C:\WINDOWS\erdnt 2006-12-03 10:59 <DIR> dr-h----- C:\Documents and Settings\Tom\Recent 2006-12-01 18:13 <DIR> d-------- C:\Program Files\FrostWire 2006-12-01 18:13 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\FrostWire 2006-11-30 19:00 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2006-11-30 18:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2006-11-30 18:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2006-11-30 18:02 23,040 --------- C:\WINDOWS\kb913800.exe 2006-11-30 18:01 <DIR> d-------- C:\HJT! 2006-11-30 17:53 <DIR> d-------- C:\Program Files\Mozilla Firefox 2006-11-30 17:53 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Mozilla 2006-11-29 22:25 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys 2006-11-29 22:25 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys 2006-11-29 20:49 <DIR> d-------- C:\WINDOWS\system32\DRM 2006-11-29 20:41 <DIR> d-------- C:\WINDOWS\RegisteredPackages 2006-11-29 20:38 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2006-11-29 20:38 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2006-11-29 20:38 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2006-11-25 19:26 <DIR> d-------- C:\Program Files\AOL Companion 2006-11-25 19:25 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll 2006-11-25 19:25 <DIR> d-------- C:\Program Files\AOL Toolbar 2006-11-25 19:24 <DIR> d-------- C:\Program Files\AOL 9.0 2006-11-25 19:22 <DIR> d-------- C:\Program Files\BT Voyager 105 ADSL Modem 2006-11-25 16:25 66,048 --a------ C:\WINDOWS\ieResetIcons.exe 2006-11-24 20:32 <DIR> d-------- C:\WINDOWS\WBEM 2006-11-24 20:32 <DIR> d-------- C:\WINDOWS\system32\en-US 2006-11-24 20:31 <DIR> d--h-c--- C:\WINDOWS\ie7 2006-11-24 20:29 121,856 --------- C:\WINDOWS\system32\xmllite.dll 2006-11-24 20:28 <DIR> d-------- C:\WINDOWS\network diagnostic 2006-11-19 17:52 <DIR> d-------- C:\Program Files\MSXML 4.0 2006-11-19 17:51 <DIR> d-------- C:\f12837022921415ed147 2006-11-15 20:08 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2006-11-15 20:08 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2006-11-15 20:08 <DIR> d-------- C:\Program Files\Winamp 2006-11-15 20:07 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2006-11-15 20:07 <DIR> d-------- C:\WINDOWS\system32\custom matrices 2006-11-15 20:07 <DIR> d-------- C:\WINDOWS\system32\C2MP 2006-11-15 19:46 <DIR> d-------- C:\Program Files\Lavasoft 2006-11-15 19:46 <DIR> d-------- C:\Program Files\CCleaner 2006-11-15 19:46 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Lavasoft 2006-11-15 19:41 <DIR> d-------- C:\Downloaded Programs 2006-11-10 16:43 <DIR> d-------- C:\Program Files\iTunes 2006-11-08 19:43 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll 2006-11-08 19:43 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll 2006-11-08 19:43 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll 2006-11-08 19:43 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Syntrillium 2006-11-08 19:40 <DIR> d-------- C:\Program Files\Cooledit 2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 16:25 <DIR> d-------- C:\Program Files\Ranger Outpost Client 2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-06 11:35 531,568 --a------ C:\WINDOWS\system32\RmActivate_isv.exe 2006-11-06 11:35 523,376 --a------ C:\WINDOWS\system32\RmActivate.exe 2006-11-06 11:35 519,280 --a------ C:\WINDOWS\system32\SecProc_isv.dll 2006-11-06 11:35 518,768 --a------ C:\WINDOWS\system32\SecProc.dll 2006-11-06 11:35 358,000 --a------ C:\WINDOWS\system32\RmActivate_ssp.exe 2006-11-06 11:35 354,416 --a------ C:\WINDOWS\system32\RmActivate_ssp_isv.exe 2006-11-06 11:35 323,696 --a------ C:\WINDOWS\system32\msdrm.dll 2006-11-06 11:35 192,624 --a------ C:\WINDOWS\system32\SecProc_ssp_isv.dll 2006-11-06 11:35 192,624 --a------ C:\WINDOWS\system32\SecProc_ssp.dll 2006-11-04 18:39 <DIR> d-------- C:\Program Files\Riva 2006-11-04 18:39 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-03 11:00 -------- d-------- C:\Documents and Settings\Tom\Application Data\Help 2006-12-03 10:58 99 --a------ C:\WINDOWS\taskmen32.pif 2006-12-03 10:58 -------- d-------- C:\Program Files\Common Files 2006-12-02 10:41 -------- d-------- C:\Program Files\Internet Explorer 2006-11-30 19:00 -------- d-------- C:\Program Files\Windows Media Player 2006-11-27 18:39 11326 --a------ C:\Documents and Settings\Tom\Application Data\wklnhst.dat 2006-11-25 19:26 -------- d-------- C:\Program Files\Common Files\aolshare 2006-11-25 19:26 -------- d-------- C:\Program Files\Common Files\AOL 2006-11-25 19:26 -------- d-------- C:\Documents and Settings\Tom\Application Data\You've Got Pictures screensaver 2006-11-25 19:23 -------- d-------- C:\Program Files\VoyagerTest 2006-11-25 19:23 -------- d-------- C:\Program Files\Common Files\FTL Shared 2006-11-17 22:24 -------- d-------- C:\Program Files\Easy Internet signup 2006-11-17 22:22 -------- d-------- C:\Program Files\enditall 2006-11-16 14:37 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-11-13 06:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll 2006-11-10 16:44 -------- d-------- C:\Program Files\iPod 2006-11-10 16:42 -------- d-------- C:\Program Files\QuickTime 2006-11-08 19:27 -------- d-------- C:\Documents and Settings\Tom\Application Data\Creative 2006-11-07 08:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe 2006-11-04 18:02 -------- d-------- C:\Program Files\DivX 2006-11-02 17:34 -------- d-------- C:\Program Files\XVideoConverter 2006-11-02 16:49 -------- d-------- C:\Program Files\ImTOO 2006-11-02 16:47 -------- d-------- C:\Program Files\SmartSoftVideoConverter 2006-11-02 16:21 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-02 16:20 -------- d-------- C:\Program Files\Samsung 2006-11-02 15:59 79939 --a------ C:\Program Files\watch.htm 2006-10-22 08:14 -------- d-------- C:\Program Files\EA GAMES 2006-10-22 08:10 -------- d-a------ C:\Program Files\MyWebSearch 2006-10-21 19:08 -------- d---s---- C:\Documents and Settings\Tom\Application Data\Microsoft 2006-10-21 17:58 -------- d-------- C:\Program Files\MSN Messenger 2006-10-21 17:57 -------- d-------- C:\Program Files\MyEmoticons 2006-10-20 16:14 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-10-20 16:13 -------- d-------- C:\Program Files\Microsoft.NET 2006-10-20 16:13 -------- d-------- C:\Program Files\Microsoft Office 2006-10-20 16:13 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-10-20 16:13 -------- d-------- C:\Program Files\Common Files\System 2006-10-20 16:13 -------- d-------- C:\Program Files\Common Files\DESIGNER 2006-10-19 21:27 -------- d-------- C:\Documents and Settings\Tom\Application Data\AdobeUM 2006-10-19 21:24 -------- d-------- C:\Program Files\Adobe 2006-10-19 21:19 -------- d-------- C:\Program Files\Apple Software Update 2006-10-19 17:15 -------- d-------- C:\Documents and Settings\Tom\Application Data\My Battle for Middle-earth(tm) II Files 2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe 2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe 2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll 2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll 2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll 2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll 2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll 2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll 2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll 2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll 2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll 2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll 2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll 2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll 2006-10-18 21:47 535040 --a------ C:\WINDOWS\system32\wmdrmsdk.dll 2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll 2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll 2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll 2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll 2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll 2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll 2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll 2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll 2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll 2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll 2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll 2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll 2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll 2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll 2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll 2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll 2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll 2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll 2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll 2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll 2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll 2006-10-18 21:47 212992 --a------ C:\WINDOWS\system32\MFPLAT.dll 2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll 2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll 2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll 2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll 2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll 2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll 2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll 2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll 2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll 2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll 2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll 2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll 2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll 2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll 2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll 2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll 2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll 2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll 2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll 2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe 2006-10-18 20:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys 2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe 2006-10-18 18:51 -------- d-------- C:\Documents and Settings\Tom\Application Data\Steinberg 2006-10-18 18:47 -------- d-------- C:\Program Files\Steinberg 2006-10-18 18:46 -------- d-------- C:\Program Files\Pinnacle 2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe 2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll 2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe 2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll 2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll 2006-10-14 18:20 -------- d-------- C:\Program Files\FinalAlert 2 Yuri's Revenge 2006-10-13 12:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 12:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-13 10:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys 2006-10-09 16:12 235008 --------- C:\WINDOWS\system32\psisdecd.dll 2006-10-08 19:39 209 --a------ C:\Documents and Settings\Tom\Application Data\BonsaiErrorLog.txt 2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll 2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll 2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll 2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll 2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll 2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe 2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll 2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\"" "AlexaToolbar"="C:\\WINDOWS\\alt.exe" "Acme.PCHButton"="C:\\PROGRA~1\\HELPAN~1\\Pavilion\\XPEWWBF4\\plugin\\bin\\pchbutton.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe" "HostManager"="C:\\Program Files\\Common Files\\AOL\\1133035937\\ee\\AOLHostManager.exe" "links"="links.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\"" "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon" "DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe" "AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SetDefaultMIDI"="MIDIDEF.EXE" "StartMS"="\"C:\\Program Files\\Creative\\Shared Files\\Media Sniffer\\StartMS.EXE\" /s" "CMSRegOW.exe"="\"C:\\Program Files\\InstallShield Installation Information\\{56F3E1FF-54FE-4384-A153-6CCABA097814}\\CMSRegOW.exe\" /r" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] "SetDefaultMIDI"="MIDIDEF.EXE" "StartMS"="\"C:\\Program Files\\Creative\\Shared Files\\Media Sniffer\\StartMS.EXE\" /s" "CMSRegOW.exe"="\"C:\\Program Files\\InstallShield Installation Information\\{56F3E1FF-54FE-4384-A153-6CCABA097814}\\CMSRegOW.exe\" /r" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3" "{16875E09-927B-4494-82BD-158A1CD46BA0}"="z" "{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}"="z" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MI1933~1\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk" "backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSOEMON.EXE " "item"="MyWebSearch Email Plugin" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package Menu.lnk" "backup"="C:\\WINDOWS\\pss\\Picture Package Menu.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~3\\SonyTray.exe " "item"="Picture Package Menu" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package VCD Maker.lnk" "backup"="C:\\WINDOWS\\pss\\Picture Package VCD Maker.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~1\\RESIDE~1.EXE -h" "item"="Picture Package VCD Maker" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Registration-Pinnacle Express.lnk] "path"="C:\\Documents and Settings\\HP_Administrator\\Start Menu\\Programs\\Startup\\Registration-Pinnacle Express.lnk" "backup"="C:\\WINDOWS\\pss\\Registration-Pinnacle Express.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\Pinnacle\\PINNAC~1\\EReg\\RegTool.exe Pinnacle Express,EXPSTD,register,US,0,serial=4980263596" "item"="Registration-Pinnacle Express" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="fts" "hkey"="HKLM" "command"="\"C:\\Program Files\\VoyagerTest\\fts.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AGRSMMSG" "hkey"="HKLM" "command"="AGRSMMSG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="atiptaxx" "hkey"="HKLM" "command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CTDVDDet" "hkey"="HKLM" "command"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CTHELPER" "hkey"="HKLM" "command"="CTHELPER.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dslstat" "hkey"="HKLM" "command"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ehtray" "hkey"="HKLM" "command"="C:\\WINDOWS\\ehome\\ehtray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hphmon06" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\hphmon06.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hphupd06" "hkey"="HKLM" "command"="c:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpsysdrv" "hkey"="HKLM" "command"="c:\\windows\\system\\hpsysdrv.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="C:\\Program Files\\iTunes\\iTunesHelper.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KBD" "hkey"="HKLM" "command"="C:\\HP\\KBD\\KBD.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MpfTray" "hkey"="HKLM" "command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mwsoemon" "hkey"="HKLM" "command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ps2" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\ps2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RealPlay" "hkey"="HKLM" "command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RECGUARD" "hkey"="HKLM" "command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdReg" "hkey"="HKLM" "command"="C:\\WINDOWS\\UpdReg.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* MHN Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Easy Internet Sign-up.job C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: 06-12-03 11:19:34.75 Logfile of HijackThis v1.99.1 Scan saved at 13:49:09, on 03/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe C:\Program Files\iPod\bin\iPodService.exe c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\WINDOWS\system32\ctfmon.exe C:\HJT!\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
12-06-2006, 07:09 PM
|
#11 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
Hi StormTroop,
You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Kaspersky's online scanner should work for you now; if it doesn't just skip that step and let me know. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any. Download Attachment Download the file attached to this post and save it to your desktop. Extract it and double-click on the StormTroop.reg file. It will ask you if you want to merge/add it to the registry -- choose Yes. You may delete both files now. Download CleanUp! Download and install CleanUp! but do not run it yet. WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp! WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it. Download AVG Anti-Spyware Please download, install, and update AVG Anti-Spyware.
Download Win32DelfKil Download win32delfkil.exe and save it on your Desktop, but don't do anything else with it yet. Uninstall Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): MyWebSearchPlease let me know if any of these were unable to uninstall. Run Win32DelfKil
Reboot Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows. Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Program Files\MyWebSearchRun CleanUp! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
Run AVG Anti-Spyware
Reboot Reboot your system to Normal Mode. Online Scan Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Submit For Analysis Please submit the following file (if it still exists) to VirusTotal Scan: C:\WINDOWS\system32\aaclient.dllAt the top of the window you should see "Select file" and a blank box. Copy and paste the red text from above into the box. Then click "Send". When it is finished, please copy the information listed the two tables (i.e., the scan results and "Additional Information") into Notepad and save it on your Desktop so you can paste it with your next reply. Download Autoruns
Generate An Uninstall List
With Your Next Post... Please paste the following with your next reply (in this order please):
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-08-2006, 09:32 AM
|
#12 (permalink) |
|
Registered User
Join Date: Dec 2006
Location: UK
Posts: 116
OS: XP Media Centre
|
hmmm
I had quite a few problems in that massive list, and before i post all the logs etc, please can you check some things and help with some others. Here are the problems I found:
1. I was unable to install CleanUp! as the site wouldnt respond as it was too busy. I have aprogram that seems to do a similar thing called CCleaner. Check it out and see what you think. If its no good, please could you email me the setup program for CleanUp! 2. The AVG Spyware Complete Scan took in excess of 2 AND A HALF HOURS!When it was finally done, i made them all quarantine and clicked apply all options. It came up with a message saying something like: '-some file- is embedded in -some folder- and cant be quarantined. Would you like to quarantine the whole folder?' I clicked 'Yes' and another came up, and another and another and... so I clicked Yes to All which appeared to jam the computer. Turns out it was just taking ages but not knowing this, I had to close AVG and do ANOTHER scan. At the end of the scan, there were quite a few items in the list on the left side but ALL of them appeared in the 1st few folders it searched. There was NOTHING in the WINDOWS folder or in the D Drive so, as it was getting late, to stop the scan after it had found all the things in the list that it had done the 1st time. I have the report of that scan but if it isnt sufficient (sigh) ill do another complete scan.. 3. Finally, Kaspersky. I think this has been mentioned in a previous post: when i go to the Kaspersky Site and click on 'Kaspersky Online Scanner', a window pops-up giving me the option to accept some terms or decline. I accept, another window appears and like you said, it prompts me to install some ActiveX thing in a information bar at the top of the window. I click install and it gives me another window, no options or anything, just a few irrelevant links to other parts of the site. I wait ages and nohing happens... so I've also not been able to use the Kaspersky Scanner. However, I DO have: the windelf report the uninstall list the autorun report part of an AVG report and i can get a new HJT log but i havent got one seeing as ive not done all the previous steps. if you want i can post the things i have. |
|
|
|
|
12-08-2006, 08:31 PM
|
#13 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
Post what you have; we'll try to go from there. I was hoping that Kaspersky would work since we already cleaned some malware off your computer.
CCleaner is fine.
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-09-2006, 08:50 AM
|
#14 (permalink) |
|
Registered User
Join Date: Dec 2006
Location: UK
Posts: 116
OS: XP Media Centre
|
windelf
Im gonna have to do this over a few posts.
1. WIN32DELFKIL LOGFILE - by Marckie version 3.112 07/12/2006 18:30:38.25 running from: "C:\Documents and Settings\Tom\Desktop" --- File(s) found in Windows directory --- adsldpbg.dll admparsel.dll prflbmsgp32.dll --- File(s) found in system32 folder --- admparsel.dll --- Services --- --- Export SharedTaskScheduler key --- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3" "{16875E09-927B-4494-82BD-158A1CD46BA0}"="z" "{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z" "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00402}"="z" --- sharedtaskkey (1): 1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5 --- no keys found --- sharedtaskkey (2): 16875E09-927B-4494-82BD-158A1CD46BA0 --- no keys found --- sharedtaskkey (3): 0B5F7FDF-0717-45BF-B49D-695F3168C7FE --- no keys found --- sharedtaskkey (4): A4F94C0C-54A7-4DB1-9AF3-B22E63D00322 --- no keys found --- sharedtaskkey (5): A4F94C0C-54A7-4DB1-9AF3-B22E63D00311 --- no keys found --- sharedtaskkey (6): A4F94C0C-54A7-4DB1-9AF3-B22E63D00401 --- no keys found --- sharedtaskkey (7): A4F94C0C-54A7-4DB1-9AF3-B22E63D00402 --- no keys found --- Notify key --- --- rebooting the computer --- --- File(s) found in Windows directory --- --- File(s) found in system32 folder --- --- Services --- --- Export SharedTaskSchedulerkey --- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" --- Notify key --- Finished! |
|
|
|
|
12-09-2006, 08:55 AM
|
#16 (permalink) |
|
Registered User
Join Date: Dec 2006
Location: UK
Posts: 116
OS: XP Media Centre
|
Autoruns Log
Tom - 08/12/2006@16:07:47.46
running from C:\Documents and Settings\Tom\Desktop\Autorun\ Other users of this machine: * Administrator * Guest * Isabel * Joanna * Musik ---------------------------------------------------------------------------------- HKLM\System\CurrentControlSet\Services AOL ACS AOL Connectivity Service (Verified) America Online, Inc. c:\program files\common files\aol\acs\aolacsd.exe AOLService Removes spyware found by ASP that cannot be removed without a reboot. c:\program files\common files\aol\aol spyware protection\aolserv.exe ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe AVG Anti-Spyware Guard AVG Anti-Spyware guard (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\guard.exe ccEvtMgr Symantec Event Manager (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccevtmgr.exe ccProxy Symantec Network Proxy Service (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccproxy.exe ccSetMgr Symantec Settings Manager (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccsetmgr.exe Creative Service for CDROM Access Creative Service for CDROM Access (Not verified) Creative Technology Ltd c:\windows\system32\ctsvccda.exe MpfService McAfee Personal Firewall Service (Not verified) McAfee Corporation c:\program files\mcafee.com\personal firewall\mpfservice.exe SNDSrvc Symantec Network Drivers Service (Verified) Symantec Corporation c:\program files\common files\symantec shared\sndsrvc.exe SymWSC Symantec WMI Service (Verified) Symantec Corporation c:\program files\common files\symantec shared\security center\symwsc.exe WMDM PMSP Service WMDM PMSP Service (Not verified) Microsoft Corporation c:\windows\system32\mspmspsv.exe HKLM\System\CurrentControlSet\Services AVG Anti-Spyware Driver c:\program files\grisoft\avg anti-spyware 7.5\guard.sys AvgAsCln AVG7 Clean Driver (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avgascln.sys GEARAspiWDM CD/DVD Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys Iviaspi InterVideo ASPI Shell (Not verified) InterVideo, Inc. c:\windows\system32\drivers\iviaspi.sys MPFIREWL c:\windows\system32\drivers\mpfirewall.sys NAVENG AV Engine (Verified) Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20040625.019\naveng.sys NAVEX15 AV Engine (Verified) Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20040625.019\navex15.sys Pfc Padus(R) ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys SAVRT AutoProtect (Verified) Symantec Corporation c:\program files\norton antivirus\savrt.sys SAVRTPEL SAVRTPEL (Verified) Symantec Corporation c:\program files\norton antivirus\savrtpel.sys Secdrv SafeDisc driver (Not verified) Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys sonypvs1 File not found: system32\DRIVERS\sonypvs1.sys SYMDNS DNS Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symdns.sys SymEvent Symantec Event Library (Not verified) Symantec Corporation c:\program files\symantec\symevent.sys SYMFW Firewall Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symfw.sys SYMIDS IDS Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symids.sys SYMIDSCO IDS Core Driver (Verified) Symantec Corporation c:\program files\common files\symantec shared\symcdata\idsdefs\20061113.031\symidsco.sys SYMNDIS NDIS Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symndis.sys SYMREDRV Redirector Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symredrv.sys SYMTDI Network Dispatch Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symtdi.sys HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging (Not verified) Microsoft Corporation c:\windows\system32\mdimon.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccApp Common Client User Session (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccapp.exe AOLDialer AOL Connectivity Service Dialer (Verified) America Online, Inc. c:\program files\common files\aol\acs\aoldial.exe Symantec NetDriver Monitor Symantec Security Drivers Install Monitor (Verified) Symantec Corporation c:\program files\symnetdrv\sndmon.exe Microsoft Works Update Detection Microsoft® Works Update Detection (Not verified) Microsoft® Corporation c:\program files\common files\microsoft shared\works shared\wkufind.exe HostManager AOLHostManager (Verified) America Online, Inc. c:\program files\common files\aol\1133035937\ee\aolhostmanager.exe SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_06\bin\jusched.exe %FP%Friendly fts.exe fts (Not verified) Friendly Technologies c:\program files\voyagertest\fts.exe MPFExe McAfee Personal Firewall Tray Monitor (Not verified) McAfee Security c:\program files\mcafee.com\personal firewall\mpftray.exe QuickTime Task QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe iTunesHelper iTunesHelper Module (Verified) Apple Computer, Inc. c:\program files\itunes\ituneshelper.exe DSLSTATEXE DSL Status Executable (Not verified) GlobespanVirata, Inc. c:\program files\bt voyager 105 adsl modem\dslstat.exe DSLAGENTEXE c:\program files\bt voyager 105 adsl modem\dslagent.exe AOL Spyware Protection AOLSP Scheduler (Verified) America Online, Inc. c:\program files\common files\aol\aol spyware protection\aolsp scheduler.exe !AVG Anti-Spyware AVG Anti-Spyware (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe HKLM\SOFTWARE\Classes\Protocols\Filter application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll HKLM\SOFTWARE\Classes\Protocols\Handler ms-itss Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\information retrieval\msitss.dll msnim MSN Messenger Protocol Handler (Not verified) Microsoft Corporation c:\program files\msn messenger\msgrapp.dll HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components 0 File not found: About:Home HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher (Not verified) Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe AOL 9.0 Tray Icon.lnk AOL Tray Icon (Verified) America Online, Inc. c:\program files\aol 9.0\aoltray.exe AOL Broadband Check-Up.lnk Motive Chorus Command Line Interface (Not verified) Motive Communications, Inc. c:\program files\aol\broadband checkup\bin\matcli.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run MoneyAgent Microsoft Money Express (Not verified) Microsoft Corp. c:\program files\microsoft money\system\mnyexpr.exe Acme.PCHButton (Not verified) Motive Communications, Inc. c:\program files\help and support additions\pavilion\xpewwbf4\plugin\bin\pchbutton.exe Task Scheduler AppleSoftwareUpdate.job Software Application (Verified) Apple Computer, Inc. c:\program files\apple software update\softwareupdate.exe Easy Internet Sign-up.job HP SDP Application Module (Not verified) Hewlett-Packard c:\program files\easy internet signup\hpsdpapp.exe Norton AntiVirus - Scan my computer - HP_Administrator.job Norton AntiVirus Scanner Module (Verified) Symantec Corporation c:\program files\norton antivirus\navw32.exe Symantec NetDetect.job Symantec NetDetect (Verified) Symantec Corporation c:\program files\symantec\liveupdate\ndetect.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll SSVHelper Class Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_06\bin\ssv.dll CNisExtBho Class NIS Shell Extension (Not verified) Symantec Corporation c:\program files\common files\symantec shared\adblocking\nisshext.dll CNavExtBho Class Norton AntiVirusNAVShellExt Module (Verified) Symantec Corporation c:\program files\norton antivirus\navshext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Display Panning CPL Extension File not found: deskpan.dll Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll RecordNow! SendToExt Shell Extensions c:\program files\sonic recordnow!\shlext.dll SampleView ShellvRTF (Not verified) XSS c:\windows\system32\shellvrtf.dll Nokia Phone Browser Phone Browser (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\phonebrowser.dll Contact View Phone Browser Contact View (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\contactview.dll Message View Phone Browser Message View (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\messageview.dll iTunes iTunes Mini Player DLL (Verified) Apple Computer, Inc. c:\program files\itunes\itunesminiplayer.dll Haali Column Provider c:\windows\system32\mmfinfo.dll ShellLink for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll Shell Icon Handler for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll HKLM\Software\Classes\Folder\Shellex\ColumnHandlers Haali Column Provider c:\windows\system32\mmfinfo.dll PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll HKLM\Software\Microsoft\Internet Explorer\Toolbar hpdtlk02.dll hp view toolbar (Not verified) Hewlett-Packard Company c:\program files\hp\digital imaging\bin\hpdtlk02.dll Norton AntiVirus Norton AntiVirusNAVShellExt Module (Verified) Symantec Corporation c:\program files\norton antivirus\navshext.dll toolbar.dll IE Toolbar (Not verified) IE Toolbar c:\program files\aol toolbar\toolbar.dll HKLM\Software\Microsoft\Internet Explorer\Extensions Run IMVU c:\documents and settings\joanna\start menu\programs\imvu\run imvu.lnk @xpsp3res.dll,-20001 File not found: C:\WINDOWS\Network |
|
|
|
|
12-09-2006, 08:56 AM
|
#17 (permalink) |
|
Registered User
Join Date: Dec 2006
Location: UK
Posts: 116
OS: XP Media Centre
|
Uninstall List
102 Dalmatians Activity Centre
Ad-Aware SE Personal Adobe Reader 7.0.8 Advanced X Video Converter Agere Systems PCI Soft Modem Angry Dog AOL Broadband Check-Up AOL Coach Version 1.0(Build:20040229.1 uk) AOL Connectivity Services AOL Spyware Protection AOL Toolbar AOL UK (Choose which version to remove) AOL Uninstaller AOL You've Got Pictures Screensaver Apple Software Update ATI Display Driver AVG Anti-Spyware 7.5 BAMZOOKi v3.1 (build 115.158) Black and White BT Voyager 105 ADSL Modem BT Voyager Modem AOL Test Burping Bear CCleaner (remove only) christmas 11 christmas19 christmas20 Cole2k Media - Codec Pack (Advanced) 6.0.7 Command & Conquer Red Alert 2 Command & Conquer Tiberian Sun Command && Conquer Red Alert 2 - Yuri's Revenge Cool Edit Pro 2.0 Crazy Frog Creative Driver Creative MediaSource Disney's 102 Dalmatians Puppies to the Rescue Dogz 5 Driver Cleaner 3 Easy Internet Sign-up End It All EndItAll 2.0 Excited FinalAlert 2 Yuri's Revenge FrostWire Google Earth Google Video Player Happy Dance Help and Support Additions HijackThis 1.99.1 Hippo Pic Hotfix for Windows XP (KB926239) HP Deskjet Preloaded Printer Drivers HP Image Zone 4.2 HP Image Zone for Media Center PC HP Image Zone Plus 4.2 HP Photo & Imaging 3.5 - HP Devices HP PSC & OfficeJet 4.0 HP Software Update HP Tunes HPIZ402 Insaniquarium Deluxe InterVideo WinDVD Creator 2 InterVideo WinDVD Player iPod for Windows 2006-03-23 iPod Software 1.3 Updater iTunes J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.2_03 KBD Learn2 Player (Uninstall Only) LimeWire 4.12.6 LiveUpdate 2.6 (Symantec Corporation) Love Pug Macromedia Flash Player Macromedia Flash Player 8 Macromedia FreeHand MXa Macromedia Shockwave Player McAfee Personal Firewall Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft AutoRoute v11.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Encarta Encyclopedia Standard - WE 2004 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money Microsoft Money System Pack Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft Picture It! Photo Standard 9 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works Microsoft Works 2004 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word Mozilla Firefox (2.0) MPEG Encoder 3 MSN Messenger 7.5 MSXML 4.0 SP2 (KB927978) PC-Doctor for Windows Photosmart 320,370,7400,8100,8400 Series PTC ProDESKTOP 2000i2 Python 2.2 combined Win32 extensions Python 2.2.1 QuickTime Ranger Outpost Remote Client RealPlayer Basic Riva FLV Encoder 2.0 Riva FLV Player Sad Penguin SAMSUNG CDMA Modem Driver Set SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio Samsung PC Studio 3 USB Driver Installer ScareCrow I Miss You Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Shockwave Sleepy Soldier Sonic Encoders Sonic RecordNow! Sound Blaster Audigy 2 ZS Steinberg Cubase LE Super Yellow 4 Animated Emoticons The Battle for Middle-earth (tm) The Battle for Middle-earth (tm) II The Sims 2 The Sims 2 Pets The Sims 2 University Turbo Tanks Twisted Whiskers Laughing Dog Update for Windows Media Player 10 (KB913800) Viewpoint Media Player Vodafone 804SS USB driver Software Westwood Shared Internet Components Winamp (remove only) Windows Defender Windows Genuine Advantage v1.3.0254.0 Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 Windows Vista Upgrade Advisor Windows XP Media Center Edition 2005 KB908250 Windows XP Media Center Edition 2005 KB925766 |
|
|
|
|
12-09-2006, 08:57 AM
|
#18 (permalink) |
|
Registered User
Join Date: Dec 2006
Location: UK
Posts: 116
OS: XP Media Centre
|
Fresh HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 15:45:09, on 09/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\VoyagerTest\fts.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft Works\WkDStore.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\HJT!\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://media10.fastclick.net/w/safep...22&nfcp=1&fp=2 R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm824YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe |
|
|
|
|
12-09-2006, 12:34 PM
|
#19 (permalink) |
|
Mentor, Analyst - Security Team
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows
|
We're getting there. How is your system behaving now?
P2P Software I see you have P2P software (i.e. LimeWire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. Uninstall Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): Viewpoint Media PlayerPlease let me know if any of these were unable to uninstall. HijackThis Fixes Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any): R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis. Deletions Delete the following Folders indicated in BLUE if they still exist: C:\Documents and Settings\Joanna\Complete Clear Cookies Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General. Under Temporary Internet Files, click on Delete Cookies. Then click Delete Files. Clear your Firefox cookies. From the open browser, go to Tools>Options>Privacy>Cookies>Clear. Download Dr.Web CureIt Download Dr.Web CureIt to the Desktop.
With Your Next Post... Please paste the following with your next reply (in this order please):
__________________
The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 |
|
|
|
|
12-09-2006, 02:29 PM
|
#20 (permalink) |
|
Registered User
Join Date: Dec 2006
Location: UK
Posts: 116
OS: XP Media Centre
|
Heres my DrWeb Report.
killapps.exe;C:\hp\drivers\audio\Creative\AudigyII_ZS\Audio\Drivers\COMMON;Tool.Prockill;Incurable.Moved.; Uninstall My Web Search.dll;C:\Program Files;Adware.Msearch;Incurable.Moved.; setup.exe;C:\Program Files\AOL\Installers\ASP 2.0;Probably BACKDOOR.Trojan;Incurable.Moved.; fwRemoteCfg.dll;C:\Program Files\Common Files\FTL Shared;Probably DLOADER.Trojan;Incurable.Moved.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.1;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.2;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.3;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.4;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.5;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.6;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.7;Trojan.DownLoader.3080;Deleted.; gdnUS250.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.8;Trojan.DownLoader.3080;Deleted.; KILLAPPS.EXE;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.; process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.; restart.exe;C:\WINDOWS\system32;Tool.ShutDown.11;Incurable.Moved.; winks.exe;C:\WINDOWS\system32;Trojan.Isbar.301;Deleted.; This is all i found in hosts: 127.0.0.1 localhost ...and a new HJT Log Logfile of HijackThis v1.99.1 Scan saved at 21:28:22, on 09/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\VoyagerTest\fts.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Common Files\AOL\1133035937\ee\AOLServiceHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe c:\program files\common files\aol\1133035937\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\HJT!\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133035937\ee\AOLHostManager.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPEWWBF4\plugin\bin\pchbutton.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\clbcatix.dll (file missing) O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joanna\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.barnsdesigns.co.uk/surrou...eo/svideo3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52E8A4B5-8DDE-4499-91A6-050A6893390D}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe As for Limewire, I very rarely use it, but when I do, I always have a Firewall running. (if that helps..). |
|
|
|
| Thread Tools | |
|
|
Spyware/ Malware Removal
