Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Please Help, Very Frustrated
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 08-26-2007, 06:52 PM   #1 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Please Help, Very Frustrated
Hello,
I have come to your site looking for some help. I have a malware infection and it keeps popping up windows and trying to redirect me to a website called pcsecuritylabs.com
I know this is malware but I need help, where do I start?
Thanks in advance for your help.
Brian
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-26-2007, 06:56 PM   #2 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
Maybe getting ahead of myself but I downloaded the Hihack here are the results of the first scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:48 PM, on 08/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RealVNC\WinVNC\winvnc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1127348673\ee\AOLServiceHost.exe
C:\PROGRA~1\3BSOFT~1\WINDOW~2\Windows Clean-Up Pro.uzy
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\msbind32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\SpywareDetector\SpywareDetector.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcleodusa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in-forum.com/index.cfm?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: msscds32.msdn_hlp - {C934903B-61BE-403A-BC70-D738DAF43B8E} - C:\WINDOWS\system32\msscds32.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Windows Clean-Up Pro] C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-507921405-879983540-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm464YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126570090110
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: NameServer = 24.116.0.202,24.116.209.232
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Abyss Web Server (AbyssWebServer) - Aprelium Technologies - C:\Program Files\Abyss Web Server\abyssws.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\winvnc.exe

--
End of file - 14224 bytes
Last edited by bri4878; 08-26-2007 at 07:08 PM.
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-26-2007, 07:27 PM   #3 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
??????
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-27-2007, 05:18 AM   #4 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
Here are the results of the Panda ActiveScan


Incident Status Location

Dialer:Dialer.B Not disinfected C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Adware:adware/downloadware Not disinfected c:\windows\Digital Signature 20030130.htm
Adware:adware/twain-tech Not disinfected c:\windows\satmat.exe
Adware:adware/rapidblaster Not disinfected c:\program files\RapidBlaster
Adware:adware/seekmo Not disinfected Windows Registry
Adware:adware/surfassistant Not disinfected Windows Registry
Adware:adware/transponder Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Adware:adware/404search Not disinfected Windows Registry
Adware:adware/adlogix Not disinfected Windows Registry
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Spyware:spyware/betterinet Not disinfected Windows Registry
Adware:adware/keenvalue Not disinfected Windows Registry
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.perf.overture.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.cs.sexcounter.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.sextracker.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.adultfriendfinder.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.webpower.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[landing.domainsponsor.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.revenue.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.ccbill.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.paycounter.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.xiti.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.valueclick.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[server.iad.liveperson.net/hc/42100763]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.com.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.go.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cm7okrho.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.date.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.qksrv.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.bluestreak.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.kinghost.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.paycounter.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.centrport.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.xiti.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.valueclick.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.bfast.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ogw584bl.slt\cookies.txt[.go.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[3].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@CAYFDLBI.txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter.hitslink[1].txt
Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Owner\Cookies\owner@date[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[10].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[11].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[12].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[13].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[14].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[15].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[16].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[17].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[19].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[4].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[5].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[6].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[7].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[8].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[9].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tucows[1].txt
Adware:Adware/WinAD Not disinfected C:\Documents and Settings\Owner\Desktop\Stuff\incredimail_install.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\intr32.dll
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-27-2007, 05:59 AM   #5 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
DSS Main text report

Deckard's System Scanner v20070819.64
Run by Owner on 2007-08-27 06:34:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
64: 2007-08-27 11:28:46 UTC - RP1758 - Deckard's System Scanner Restore Point
63: 2007-08-27 01:41:46 UTC - RP1757 - Removed Kazaa 2.7.2
62: 2007-08-26 11:52:38 UTC - RP1756 - System Checkpoint
61: 2007-08-25 11:34:18 UTC - RP1755 - System Checkpoint
60: 2007-08-24 11:04:18 UTC - RP1754 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-06-28 04:56:16 UTC - RP1695 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:55 AM, on 08/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1127348673\ee\AOLServiceHost.exe
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\3BSOFT~1\WINDOW~2\Windows Clean-Up Pro.uzy
C:\Program Files\CASIO\Ploader\Plauto.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\mpf\mc\mpfalert.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcleodusa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in-forum.com/index.cfm?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: msscds32.msdn_hlp - {C934903B-61BE-403A-BC70-D738DAF43B8E} - C:\WINDOWS\system32\msscds32.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Windows Clean-Up Pro] C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm464YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126570090110
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: NameServer = 24.116.0.202,24.116.209.232
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Abyss Web Server (AbyssWebServer) - Aprelium Technologies - C:\Program Files\Abyss Web Server\abyssws.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\winvnc.exe

--
End of file - 13969 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R2 DXSOFTIO - c:\windows\system32\drivers\dxsoftio.sys
R2 LZNMQUKP - c:\windows\system32\lznmqukp.oek
R3 Cap7134 (713x_3 TV Card Capture) - c:\windows\system32\drivers\cap7134.sys <Not Verified; Philips Semiconductors; Philips cap7134>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


pe386 driver present

lzx32 driver present

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>

S2 winvnc (VNC Server) - "c:\program files\realvnc\winvnc\winvnc.exe" -service <Not Verified; RealVNC Ltd.; RealVNC Ltd. - WinVNC>
S3 AbyssWebServer (Abyss Web Server) - c:\program files\abyss web server\abyssws.exe --service <Not Verified; Aprelium Technologies; Abyss Web Server X1>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {00000000-0000-0000-0000-000000000000}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_0004&SUBSYS_00531102&REV_03\4&2AF9ED5&0&00F0
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_0004&SUBSYS_00531102&REV_03\4&2AF9ED5&0&00F0
Service:

Class GUID:
Description:
Device ID: STREAM\5835MFF\5&155235A4&0&0
Manufacturer:
Name:
PNP Device ID: STREAM\5835MFF\5&155235A4&0&0
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP


-- Scheduled Tasks -------------------------------------------------------------

2007-08-27 02:32:00 342 --a------ C:\WINDOWS\Tasks\Scan for Viruses.job
2007-08-27 01:43:53 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-08-27 01:01:44 352 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-08-27 00:33:00 258 --a------ C:\WINDOWS\Tasks\Windows Update.job


-- Files created between 2007-07-27 and 2007-08-27 -----------------------------

2007-08-27 06:20:15 0 d-------- C:\Program Files\SpywareBlaster
2007-08-26 19:54:47 0 d-------- C:\Program Files\Trend Micro
2007-08-26 16:11:40 123 --a------ C:\WINDOWS\system\SysSD.dll
2007-08-26 16:10:58 6656 --a------ C:\WINDOWS\system32\SDEarlyDelete.exe
2007-08-26 16:10:44 270336 --a------ C:\WINDOWS\system32\CheckDll.dll <Not Verified; Max Secure Software; Spyware Detector>
2007-08-26 16:10:42 0 d-------- C:\Program Files\SpywareDetector
2007-08-24 21:40:32 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-24 21:21:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-08-24 21:05:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2007-08-24 20:56:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-08-23 22:12:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-23 22:10:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-23 20:17:44 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-08-23 19:44:57 31488 --a------ C:\WINDOWS\vxddsk.exe
2007-08-23 19:44:56 20992 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-08-23 19:44:55 20224 --a------ C:\WINDOWS\wml.exe
2007-08-23 19:44:55 9216 --a------ C:\WINDOWS\system32\wml.exe
2007-08-23 19:44:54 19712 --a------ C:\WINDOWS\satmat.exe
2007-08-23 19:44:52 23040 --a------ C:\WINDOWS\7search.dll
2007-08-23 19:44:51 9216 --a------ C:\WINDOWS\flt.dll
2007-08-23 19:44:51 24064 --a------ C:\WINDOWS\764.exe
2007-08-23 19:44:50 26880 --a------ C:\WINDOWS\pbar.dll
2007-08-23 19:44:48 18944 --a------ C:\WINDOWS\voiceip.dll
2007-08-23 19:44:48 16128 --a------ C:\WINDOWS\stcloader.exe
2007-08-23 19:44:47 10496 --a------ C:\WINDOWS\swin32.dll
2007-08-23 19:44:47 30208 --a------ C:\WINDOWS\cdsm32.dll
2007-08-23 19:44:46 19712 --a------ C:\WINDOWS\bokja.exe
2007-08-23 19:44:44 10496 --a------ C:\WINDOWS\mspphe.dll
2007-08-23 19:44:44 23040 --a------ C:\WINDOWS\bjam.dll
2007-08-23 19:44:43 31488 --a------ C:\WINDOWS\2020search.dll
2007-08-23 19:44:42 13312 --a------ C:\WINDOWS\system32\MSIXU.DLL
2007-08-23 19:44:38 9472 --a------ C:\WINDOWS\saiemod.dll
2007-08-23 19:44:29 25088 --a------ C:\WINDOWS\system32\msscds32.dll <Not Verified; Microsoft; Windows Explorer cdrom optimizer>
2007-08-23 19:44:27 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-08-23 19:44:03 28164 --a------ C:\WINDOWS\system32\dgygxdoq.exe <Not Verified; Microsoft; _>


-- Find3M Report ---------------------------------------------------------------

2007-08-26 23:00:38 0 d-------- C:\Program Files\WinSCP3
2007-08-26 22:45:29 0 d-------- C:\Program Files\QuickTime
2007-08-26 22:41:10 0 d-------- C:\Program Files\MSN Messenger
2007-08-26 22:30:31 0 d-------- C:\Program Files\iTunes
2007-08-26 22:22:24 0 d-------- C:\Program Files\Google
2007-08-26 22:21:40 0 d-------- C:\Program Files\ESPNRunTime
2007-08-26 22:17:27 0 d-------- C:\Program Files\DIGStream
2007-08-26 20:41:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-26 16:40:45 0 d-------- C:\Program Files\Common Files
2007-08-23 22:12:10 0 d-------- C:\Program Files\Lavasoft
2007-08-22 15:04:47 0 d-------- C:\Program Files\LimeWire
2007-08-16 17:27:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-05 19:54:07 0 d-------- C:\Program Files\Java
2007-07-31 06:33:30 0 d-------- C:\Program Files\Common Files\McAfee
2007-07-22 23:22:05 0 d-------- C:\Program Files\EphPod


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C934903B-61BE-403A-BC70-D738DAF43B8E}]
08/23/2007 07:44 PM 25088 --a------ C:\WINDOWS\system32\msscds32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [01/30/2002 09:01 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/23/2001 04:52 PM]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [09/14/2001 02:34 PM]
"Windows Clean-Up Pro"="C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe" [06/24/2003 03:53 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [07/27/2007 10:45 AM]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [07/27/2007 10:45 AM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [10/05/2001 07:34 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 02:01 AM]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [05/08/2000 08:20 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [07/24/2006 03:28 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [05/16/2006 06:50 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [07/25/2001 11:00 AM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 04:21 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [05/14/2002 08:29 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [05/14/2002 08:20 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe" [07/29/2005 11:53 AM]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [11/30/1998 07:04 PM]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [10/31/2005 12:05 PM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 12:18 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [05/16/2006 06:51 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"Windows Registry Repair Pro"="C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [09/07/2005 04:01 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/07/2003 05:49 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [12/15/2006 8:24:44 PM]
PowerReg SchedulerV2.exe [12/16/2002 9:11:38 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [09/24/2005 1:05:26 AM]
Instant Wireless Configuration Utility.lnk - C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe [01/10/2004 9:19:29 AM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [04/26/2007 8:49:28 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [02/13/2001 2:01:04 AM]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Ploader\Plauto.exe [01/21/2003 7:50:05 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 07/23/2007 12:38 PM 176128 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.test.com
127.0.0.1 www.ads.x10.com
127.0.0.1 www.600pics.com
127.0.0.1 www.doberman.befree.com
127.0.0.1 www.enews.bfast.com
127.0.0.1 www.etoys.bfast.com
127.0.0.1 www.falcon.bfast.com
127.0.0.1 www.ftp.befree.com
127.0.0.1 www.ftp.bfast.com
127.0.0.1 www.geocities.bfast.com

844 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-08-27 06:41:36 ------------
Attached Files
File Type: txt extra.txt (26.1 KB, 2 views)
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-27-2007, 04:51 PM   #6 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
A little more specific on my problem. The desktop keeps changing from my preference to a red desktop. I get many popups saying your computers infected with spyware click here to resolve this or another popup says a hacker is attempting to access my computer & other messages that when clicked on all redirect you to a page on the internet, heres the page
http://pcsecuritylab.com/
This infection seems to really be more directed with IE Explorer then firefox. I'm using IE explorer 7 and I'm running XP home version 2002 with service pack 2
Computer is a pentium 4 with a 2.4 gig processor and running only 512 memory
Hope all this info helps.
Thanks for your help.
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-27-2007, 09:36 PM   #7 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Please Help, Very Frustrated
Hello bri4878,

There sure is a huge mess here.. While we can attempt to clean what we see in your logs, we can't guarantee that your computer will be completely in the clear since we have no way of knowing what has been done to the computer.

Download http://www.uploads.ejvindh.net/rustbfix.exe .... and save it to your desktop.

Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%avenger.txt & %root%rustbfixpelog.txt). Post the content of these log files along with a new DSS log
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-27-2007, 10:05 PM   #8 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
Ok, I ran that but nothing was found, here's what it said.

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
08/27/2007 23:04:21.06

No Rustock.b-rootkits found

******************************* End of Logfile ********************************
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-27-2007, 10:06 PM   #9 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
Will run the DSS again and post that
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-27-2007, 10:08 PM   #10 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
Here are the results of the DSS scan

Deckard's System Scanner v20070819.64
Run by Owner on 2007-08-27 2314
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:55 AM, on 08/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1127348673\ee\AOLServiceHost.exe
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\3BSOFT~1\WINDOW~2\Windows Clean-Up Pro.uzy
C:\Program Files\CASIO\Ploader\Plauto.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\mpf\mc\mpfalert.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcleodusa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in-forum.com/index.cfm?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: msscds32.msdn_hlp - {C934903B-61BE-403A-BC70-D738DAF43B8E} - C:\WINDOWS\system32\msscds32.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Windows Clean-Up Pro] C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm464YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126570090110
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: NameServer = 24.116.0.202,24.116.209.232
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Abyss Web Server (AbyssWebServer) - Aprelium Technologies - C:\Program Files\Abyss Web Server\abyssws.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\winvnc.exe

--
End of file - 13969 bytes

-- Files created between 2007-07-27 and 2007-08-27 -----------------------------

2007-08-27 23:04:17 0 d-------- C:\Rustbfix
2007-08-27 21:17:48 4696 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-26 19:54:47 0 d-------- C:\Program Files\Trend Micro
2007-08-26 16:11:40 123 --a------ C:\WINDOWS\system\SysSD.dll
2007-08-26 16:10:58 6144 --a------ C:\WINDOWS\system32\SDEarlyDelete.exe
2007-08-26 16:10:44 270336 --a------ C:\WINDOWS\system32\CheckDll.dll <Not Verified; Max Secure Software; Spyware Detector>
2007-08-26 16:10:42 0 d-------- C:\Program Files\SpywareDetector
2007-08-24 21:40:32 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-24 21:21:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-08-24 21:05:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2007-08-24 20:56:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-08-23 22:12:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-23 22:10:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-23 20:17:44 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-08-23 19:44:57 31488 --a------ C:\WINDOWS\vxddsk.exe
2007-08-23 19:44:56 20992 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-08-23 19:44:55 20224 --a------ C:\WINDOWS\wml.exe
2007-08-23 19:44:55 9216 --a------ C:\WINDOWS\system32\wml.exe
2007-08-23 19:44:54 19712 --a------ C:\WINDOWS\satmat.exe
2007-08-23 19:44:52 23040 --a------ C:\WINDOWS\7search.dll
2007-08-23 19:44:51 9216 --a------ C:\WINDOWS\flt.dll
2007-08-23 19:44:51 24064 --a------ C:\WINDOWS\764.exe
2007-08-23 19:44:50 26880 --a------ C:\WINDOWS\pbar.dll
2007-08-23 19:44:48 18944 --a------ C:\WINDOWS\voiceip.dll
2007-08-23 19:44:48 16128 --a------ C:\WINDOWS\stcloader.exe
2007-08-23 19:44:47 10496 --a------ C:\WINDOWS\swin32.dll
2007-08-23 19:44:47 30208 --a------ C:\WINDOWS\cdsm32.dll
2007-08-23 19:44:46 19712 --a------ C:\WINDOWS\bokja.exe
2007-08-23 19:44:44 10496 --a------ C:\WINDOWS\mspphe.dll
2007-08-23 19:44:44 23040 --a------ C:\WINDOWS\bjam.dll
2007-08-23 19:44:43 31488 --a------ C:\WINDOWS\2020search.dll
2007-08-23 19:44:42 13312 --a------ C:\WINDOWS\system32\MSIXU.DLL
2007-08-23 19:44:38 9472 --a------ C:\WINDOWS\saiemod.dll
2007-08-23 19:44:29 25088 --a------ C:\WINDOWS\system32\msscds32.dll <Not Verified; Microsoft; Windows Explorer cdrom optimizer>
2007-08-23 19:44:27 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-08-23 19:44:03 28164 --a------ C:\WINDOWS\system32\dgygxdoq.exe <Not Verified; Microsoft; _>


-- Find3M Report ---------------------------------------------------------------

2007-08-27 20:58:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-08-27 20:57:53 0 d-------- C:\Program Files\Yahoo!
2007-08-26 23:00:38 0 d-------- C:\Program Files\WinSCP3
2007-08-26 22:45:29 0 d-------- C:\Program Files\QuickTime
2007-08-26 22:41:10 0 d-------- C:\Program Files\MSN Messenger
2007-08-26 22:30:31 0 d-------- C:\Program Files\iTunes
2007-08-26 22:22:24 0 d-------- C:\Program Files\Google
2007-08-26 22:21:40 0 d-------- C:\Program Files\ESPNRunTime
2007-08-26 22:17:27 0 d-------- C:\Program Files\DIGStream
2007-08-26 20:41:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-26 16:40:45 0 d-------- C:\Program Files\Common Files
2007-08-23 22:12:10 0 d-------- C:\Program Files\Lavasoft
2007-08-22 15:04:47 0 d-------- C:\Program Files\LimeWire
2007-08-16 17:27:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-05 19:54:07 0 d-------- C:\Program Files\Java
2007-07-31 06:33:30 0 d-------- C:\Program Files\Common Files\McAfee
2007-07-22 23:22:05 0 d-------- C:\Program Files\EphPod


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C934903B-61BE-403A-BC70-D738DAF43B8E}]
08/23/2007 07:44 PM 25088 --a------ C:\WINDOWS\system32\msscds32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [01/30/2002 09:01 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/23/2001 04:52 PM]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [09/14/2001 02:34 PM]
"Windows Clean-Up Pro"="C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe" [06/24/2003 03:53 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [07/27/2007 10:45 AM]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [07/27/2007 10:45 AM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [10/05/2001 07:34 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 02:01 AM]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [05/08/2000 08:20 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [07/24/2006 03:28 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [05/16/2006 06:50 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [07/25/2001 11:00 AM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 04:21 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [05/14/2002 08:29 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [05/14/2002 08:20 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe" [07/29/2005 11:53 AM]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [11/30/1998 07:04 PM]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [10/31/2005 12:05 PM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 12:18 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [05/16/2006 06:51 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"Windows Registry Repair Pro"="C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [09/07/2005 04:01 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/07/2003 05:49 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [12/15/2006 8:24:44 PM]
PowerReg SchedulerV2.exe [12/16/2002 9:11:38 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [09/24/2005 1:05:26 AM]
Instant Wireless Configuration Utility.lnk - C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe [01/10/2004 9:19:29 AM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [04/26/2007 8:49:28 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [02/13/2001 2:01:04 AM]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Ploader\Plauto.exe [01/21/2003 7:50:05 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 08/22/2007 03:25 PM 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-08-27 23:07:52 ------------
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-27-2007, 10:10 PM   #11 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
I should mention that I deleted an old spyware program as I read in several other topics that having two was not a good thing.
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-27-2007, 10:14 PM   #12 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
Here is a recent HJT Scan and log file if you need it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:18 PM, on 08/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\PROGRA~1\3BSOFT~1\WINDOW~2\Windows Clean-Up Pro.uzy
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Common Files\AOL\1127348673\ee\AOLServiceHost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CASIO\Ploader\Plauto.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcleodusa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in-forum.com/index.cfm?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: msscds32.msdn_hlp - {C934903B-61BE-403A-BC70-D738DAF43B8E} - C:\WINDOWS\system32\msscds32.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Windows Clean-Up Pro] C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-507921405-879983540-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm464YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126570090110
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: NameServer = 24.116.0.202,24.116.209.232
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Abyss Web Server (AbyssWebServer) - Aprelium Technologies - C:\Program Files\Abyss Web Server\abyssws.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\winvnc.exe

--
End of file - 12665 bytes
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-27-2007, 10:57 PM   #13 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Please Help, Very Frustrated
Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\stfv.bin
    C:\WINDOWS\vxddsk.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\wml.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\satmat.exe
    C:\WINDOWS\7search.dll
    C:\WINDOWS\flt.dll
    C:\WINDOWS\764.exe
    C:\WINDOWS\pbar.dll
    C:\WINDOWS\voiceip.dll
    C:\WINDOWS\stcloader.exe
    C:\WINDOWS\swin32.dll
    C:\WINDOWS\cdsm32.dll
    C:\WINDOWS\bokja.exe
    C:\WINDOWS\mspphe.dll
    C:\WINDOWS\bjam.dll
    C:\WINDOWS\2020search.dll
    C:\WINDOWS\system32\MSIXU.DLL
    C:\WINDOWS\saiemod.dll
    C:\WINDOWS\system32\msscds32.dll
    C:\WINDOWS\system32\gtv_sd.bin
    C:\WINDOWS\system32\dgygxdoq.exe
    c:\windows\Digital Signature 20030130.htm
    c:\windows\satmat.exe
    c:\program files\RapidBlaster
    C:\WINDOWS\system32\intr32.dll


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

--------------------------------------------------------------
  1. Please download SmitfraudFix to your Desktop. Do not run it yet. We will shortly

  2. Restart your computer in Safe Mode
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8
    • Instead of Windows loading as normal, a menu should appear
    • Use the up arrow key to highlight Safe Mode and press Enter.
    • Login with your usual account
    • Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

    Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

    --------------------------------------------------------------

    Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

    O2 - BHO: msscds32.msdn_hlp - {C934903B-61BE-403A-BC70-D738DAF43B8E} - C:\WINDOWS\system32\msscds32.dll

    Please remember to close all other windows, including browsers then click Fix checked.

    --------------------------------------------------------------
  3. Double-click on SmitfraudFix.exe to start the tool.

  4. Select option #2 - Clean by typing 2 and press Enter.
    Wait for the tool to complete and disk cleanup to finish.

  5. You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows.

  6. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

  7. Next, go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
    · "Security Info"
    · "Warning Message"
    · "Security Desktop"
    · "Warning Homepage"
    · "Desktop Uninstall"

    Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

  8. Restart your computer in Normal Mode

--------------------------------------------------------------
  1. Double-click on SmitfraudFix.exe to start the tool.

  2. Select option #3 - Delete Trusted zone by typing 3 and press Enter

  3. Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

    Note: if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

--------------------------------------------------------------

Please run DSS.exe and post the resulting log.

--------------------------------------------------------------

How is your system behaving at this point?

--------------------------------------------------------------

Please reply back with the following logs:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
C:\rapport.txt
Fresh DSS log (main.txt)
Update on system
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 06:39 AM   #14 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
Ok here are the logs

Deckard's System Scanner v20070819.64
Run by Owner on 2007-08-28 07:24:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:18 PM, on 08/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\PROGRA~1\3BSOFT~1\WINDOW~2\Windows Clean-Up Pro.uzy
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Common Files\AOL\1127348673\ee\AOLServiceHost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CASIO\Ploader\Plauto.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcleodusa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in-forum.com/index.cfm?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: msscds32.msdn_hlp - {C934903B-61BE-403A-BC70-D738DAF43B8E} - C:\WINDOWS\system32\msscds32.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Windows Clean-Up Pro] C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-507921405-879983540-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm464YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126570090110
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: NameServer = 24.116.0.202,24.116.209.232
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Abyss Web Server (AbyssWebServer) - Aprelium Technologies - C:\Program Files\Abyss Web Server\abyssws.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\winvnc.exe

--
End of file - 12665 bytes

-- Files created between 2007-07-28 and 2007-08-28 -----------------------------

2007-08-27 23:04:17 0 d-------- C:\Rustbfix
2007-08-27 21:17:48 4696 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-26 19:54:47 0 d-------- C:\Program Files\Trend Micro
2007-08-26 16:11:40 123 --a------ C:\WINDOWS\system\SysSD.dll
2007-08-26 16:10:58 6144 --a------ C:\WINDOWS\system32\SDEarlyDelete.exe
2007-08-26 16:10:44 270336 --a------ C:\WINDOWS\system32\CheckDll.dll <Not Verified; Max Secure Software; Spyware Detector>
2007-08-26 16:10:42 0 d-------- C:\Program Files\SpywareDetector
2007-08-24 21:40:32 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-24 21:21:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-08-24 21:05:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2007-08-24 20:56:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-08-23 22:12:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-23 22:10:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2007-08-27 20:58:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-08-27 20:57:53 0 d-------- C:\Program Files\Yahoo!
2007-08-26 23:00:38 0 d-------- C:\Program Files\WinSCP3
2007-08-26 22:45:29 0 d-------- C:\Program Files\QuickTime
2007-08-26 22:41:10 0 d-------- C:\Program Files\MSN Messenger
2007-08-26 22:30:31 0 d-------- C:\Program Files\iTunes
2007-08-26 22:22:24 0 d-------- C:\Program Files\Google
2007-08-26 22:21:40 0 d-------- C:\Program Files\ESPNRunTime
2007-08-26 22:17:27 0 d-------- C:\Program Files\DIGStream
2007-08-26 20:41:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-26 16:40:45 0 d-------- C:\Program Files\Common Files
2007-08-23 22:12:10 0 d-------- C:\Program Files\Lavasoft
2007-08-22 15:04:47 0 d-------- C:\Program Files\LimeWire
2007-08-16 17:27:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-05 19:54:07 0 d-------- C:\Program Files\Java
2007-07-31 06:33:30 0 d-------- C:\Program Files\Common Files\McAfee
2007-07-22 23:22:05 0 d-------- C:\Program Files\EphPod


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C934903B-61BE-403A-BC70-D738DAF43B8E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [01/30/2002 09:01 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/23/2001 04:52 PM]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [09/14/2001 02:34 PM]
"Windows Clean-Up Pro"="C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe" [06/24/2003 03:53 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [07/27/2007 10:45 AM]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [07/27/2007 10:45 AM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [10/05/2001 07:34 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 02:01 AM]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [05/08/2000 08:20 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [07/24/2006 03:28 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [05/16/2006 06:50 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [07/25/2001 11:00 AM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 04:21 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [05/14/2002 08:29 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [05/14/2002 08:20 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe" [07/29/2005 11:53 AM]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [11/30/1998 07:04 PM]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [10/31/2005 12:05 PM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 12:18 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [05/16/2006 06:51 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"Windows Registry Repair Pro"="C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [09/07/2005 04:01 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/07/2003 05:49 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [12/15/2006 8:24:44 PM]
PowerReg SchedulerV2.exe [12/16/2002 9:11:38 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [09/24/2005 1:05:26 AM]
Instant Wireless Configuration Utility.lnk - C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe [01/10/2004 9:19:29 AM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [04/26/2007 8:49:28 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [02/13/2001 2:01:04 AM]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Ploader\Plauto.exe [01/21/2003 7:50:05 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 08/22/2007 03:25 PM 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-08-28 07:26:02 ------------

Rapport.txt file

Deckard's System Scanner v20070819.64
Run by Owner on 2007-08-28 07:24:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:18 PM, on 08/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\PROGRA~1\3BSOFT~1\WINDOW~2\Windows Clean-Up Pro.uzy
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Common Files\AOL\1127348673\ee\AOLServiceHost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CASIO\Ploader\Plauto.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcleodusa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in-forum.com/index.cfm?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: msscds32.msdn_hlp - {C934903B-61BE-403A-BC70-D738DAF43B8E} - C:\WINDOWS\system32\msscds32.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Windows Clean-Up Pro] C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-507921405-879983540-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm464YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126570090110
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: NameServer = 24.116.0.202,24.116.209.232
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Abyss Web Server (AbyssWebServer) - Aprelium Technologies - C:\Program Files\Abyss Web Server\abyssws.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\winvnc.exe

--
End of file - 12665 bytes

-- Files created between 2007-07-28 and 2007-08-28 -----------------------------

2007-08-27 23:04:17 0 d-------- C:\Rustbfix
2007-08-27 21:17:48 4696 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-26 19:54:47 0 d-------- C:\Program Files\Trend Micro
2007-08-26 16:11:40 123 --a------ C:\WINDOWS\system\SysSD.dll
2007-08-26 16:10:58 6144 --a------ C:\WINDOWS\system32\SDEarlyDelete.exe
2007-08-26 16:10:44 270336 --a------ C:\WINDOWS\system32\CheckDll.dll <Not Verified; Max Secure Software; Spyware Detector>
2007-08-26 16:10:42 0 d-------- C:\Program Files\SpywareDetector
2007-08-24 21:40:32 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-24 21:21:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-08-24 21:05:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2007-08-24 20:56:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-08-23 22:12:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-23 22:10:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2007-08-27 20:58:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-08-27 20:57:53 0 d-------- C:\Program Files\Yahoo!
2007-08-26 23:00:38 0 d-------- C:\Program Files\WinSCP3
2007-08-26 22:45:29 0 d-------- C:\Program Files\QuickTime
2007-08-26 22:41:10 0 d-------- C:\Program Files\MSN Messenger
2007-08-26 22:30:31 0 d-------- C:\Program Files\iTunes
2007-08-26 22:22:24 0 d-------- C:\Program Files\Google
2007-08-26 22:21:40 0 d-------- C:\Program Files\ESPNRunTime
2007-08-26 22:17:27 0 d-------- C:\Program Files\DIGStream
2007-08-26 20:41:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-26 16:40:45 0 d-------- C:\Program Files\Common Files
2007-08-23 22:12:10 0 d-------- C:\Program Files\Lavasoft
2007-08-22 15:04:47 0 d-------- C:\Program Files\LimeWire
2007-08-16 17:27:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-05 19:54:07 0 d-------- C:\Program Files\Java
2007-07-31 06:33:30 0 d-------- C:\Program Files\Common Files\McAfee
2007-07-22 23:22:05 0 d-------- C:\Program Files\EphPod


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C934903B-61BE-403A-BC70-D738DAF43B8E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [01/30/2002 09:01 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/23/2001 04:52 PM]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [09/14/2001 02:34 PM]
"Windows Clean-Up Pro"="C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe" [06/24/2003 03:53 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [07/27/2007 10:45 AM]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [07/27/2007 10:45 AM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [10/05/2001 07:34 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 02:01 AM]
"SO5 Integrator Pass Two"="C:\WINDOWS\SOINTGR.EXE" [05/08/2000 08:20 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [07/24/2006 03:28 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [05/16/2006 06:50 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [07/25/2001 11:00 AM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 04:21 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [05/14/2002 08:29 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [05/14/2002 08:20 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe" [07/29/2005 11:53 AM]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [11/30/1998 07:04 PM]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [10/31/2005 12:05 PM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 12:18 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [05/16/2006 06:51 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"Windows Registry Repair Pro"="C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [09/07/2005 04:01 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/07/2003 05:49 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [12/15/2006 8:24:44 PM]
PowerReg SchedulerV2.exe [12/16/2002 9:11:38 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [09/24/2005 1:05:26 AM]
Instant Wireless Configuration Utility.lnk - C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe [01/10/2004 9:19:29 AM]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [04/26/2007 8:49:28 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [02/13/2001 2:01:04 AM]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Ploader\Plauto.exe [01/21/2003 7:50:05 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 08/22/2007 03:25 PM 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-08-28 07:26:02 ------------

I can't seem to find the ot move it log file? Not sure what happened to it. Will I need to run that again? I won't be able to respond to do that till after 5pm today, have to leave for work. Thank You for all your help so far and I will check when I get home for further instructions.
Brian
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 04:13 PM   #15 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Please Help, Very Frustrated
Hello,

We are missing a few logs as I can tell from your post. You accidentally posted the DSS log twice, instead of the rapport.txt

The log can be located here -> C:\rapport.txt

Can you verify if the _OTMoveIt folder was even created?

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

- The m's stand for the month
- The d's stand for the day
- The y's stand for the year

Do you see a file named something similar below?

08282007_011758.log

Right now we will hold off on running another scan.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by forhockey; 08-28-2007 at 04:16 PM.
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 04:33 PM   #16 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
Sorry about that, heres the Rapport txt log

SmitFraudFix v2.217

Scan done at 6:59:52.31, Tue 08/28/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 www.test.com
127.0.0.1 www.ads.x10.com
127.0.0.1 www.600pics.com
127.0.0.1 www.doberman.befree.com
127.0.0.1 www.enews.bfast.com
127.0.0.1 www.etoys.bfast.com
127.0.0.1 www.falcon.bfast.com
127.0.0.1 www.ftp.befree.com
127.0.0.1 www.ftp.bfast.com
127.0.0.1 www.geocities.bfast.com
127.0.0.1 www.goshoppingonline.bfast.com
127.0.0.1 www.great-dane.befree.com
127.0.0.1 www.great-dane.bfast.com
127.0.0.1 www.greyhound.bfast.com
127.0.0.1 www.help.bfast.com
127.0.0.1 www.husky.bfast.com
127.0.0.1 www.images.bfast.com
127.0.0.1 www.imp.bfast.com
127.0.0.1 www.njmgt1.bfast.com
127.0.0.1 www.njmgt2.bfast.com
127.0.0.1 www.njrep0.bfast.com
127.0.0.1 www.njrep1.bfast.com
127.0.0.1 www.njrep2.bfast.com
127.0.0.1 www.njtxn1.bfast.com
127.0.0.1 www.otterhound.bfast.com
127.0.0.1 www.preprod-geocities.bfast.com
127.0.0.1 www.preprod.bfast.com
127.0.0.1 www.qwest.bfast.com
127.0.0.1 www.reporting.net
127.0.0.1 www.ridgeback.befree.com
127.0.0.1 www.ridgeback.bfast.com
127.0.0.1 www.samoyed.bfast.com
127.0.0.1 www.scrappy.befree.com
127.0.0.1 www.service.bfast.com
127.0.0.1 www.travelocity.bfast.com
127.0.0.1 www.travsoft.bfast.com
127.0.0.1 www.verisign.bfast.com
127.0.0.1 www.vulture.bfast.com
127.0.0.1 www.whippet.bfast.com
127.0.0.1 www.wolfhound.bfast.com
127.0.0.1 www.befree.com
127.0.0.1 www.s0.bluestreak.com
127.0.0.1 www.s1.bluestreak.com
127.0.0.1 www.s2.bluestreak.com
127.0.0.1 www.s3.bluestreak.com
127.0.0.1 www.s4.bluestreak.com
127.0.0.1 www.s5.bluestreak.com
127.0.0.1 www.s6.bluestreak.com
127.0.0.1 www.s7.bluestreak.com
127.0.0.1 www.s8.bluestreak.com
127.0.0.1 www.abc.bnex.com
127.0.0.1 www.alpha.bnex.com
127.0.0.1 www.bnex.com
127.0.0.1 www.customer.bnex.com
127.0.0.1 www.db.bnex.com
127.0.0.1 www.dev.bnex.com
127.0.0.1 www.do.you.uh.yahoo.at.bnex.com
127.0.0.1 www.ghost.in.the.shell.at.bnex.com
127.0.0.1 www.granite.bnex.com
127.0.0.1 www.intarsia.bnex.com
127.0.0.1 www.intranet.bnex.com
127.0.0.1 www.jade.bnex.com
127.0.0.1 www.malachite.bnex.com
127.0.0.1 www.marble.bnex.com
127.0.0.1 www.megastore.bnex.com
127.0.0.1 www.mosaic.bnex.com
127.0.0.1 www.ns1.bnex.com
127.0.0.1 www.ns2.bnex.com
127.0.0.1 www.onyx.bnex.com
127.0.0.1 www.orion.bnex.com
127.0.0.1 www.pebble.bnex.com
127.0.0.1 www.preview.bnex.com
127.0.0.1 www.quartz.bnex.com
127.0.0.1 www.terrazzo.bnex.com
127.0.0.1 www.vpos.bnex.com
127.0.0.1 www.www.bnex.com
127.0.0.1 www.ads.bpath.com
127.0.0.1 www.ads01.bpath.com
127.0.0.1 www.ads03.bpath.com
127.0.0.1 www.ads04.bpath.com
127.0.0.1 www.ads05.bpath.com
127.0.0.1 www.ads06.bpath.com
127.0.0.1 www.ads07.bpath.com
127.0.0.1 www.ads08.bpath.com
127.0.0.1 www.ads09.bpath.com
127.0.0.1 www.ads1.bpath.com
127.0.0.1 www.ads10.bpath.com
127.0.0.1 www.ads11.bpath.com
127.0.0.1 www.ads12.bpath.com
127.0.0.1 www.ads13.bpath.com
127.0.0.1 www.ads14.bpath.com
127.0.0.1 www.ads15.bpath.com
127.0.0.1 www.ads16.bpath.com
127.0.0.1 www.ads17.bpath.com
127.0.0.1 www.ads18.bpath.com
127.0.0.1 www.ads19.bpath.com
127.0.0.1 www.ads2.bpath.com
127.0.0.1 www.ads20.bpath.com
127.0.0.1 www.ads21.bpath.com
127.0.0.1 www.ads22.bpath.com
127.0.0.1 www.ads23.bpath.com
127.0.0.1 www.ads24.bpath.com
127.0.0.1 www.ads25.bpath.com
127.0.0.1 www.ads26.bpath.com
127.0.0.1 www.ads27.bpath.com
127.0.0.1 www.ads28.bpath.com
127.0.0.1 www.ads29.bpath.com
127.0.0.1 www.ads3.bpath.com
127.0.0.1 www.ads32.bpath.com
127.0.0.1 www.ads33.bpath.com
127.0.0.1 www.ads34.bpath.com
127.0.0.1 www.ads35.bpath.com
127.0.0.1 www.ads36.bpath.com
127.0.0.1 www.ads37.bpath.com
127.0.0.1 www.ads38.bpath.com
127.0.0.1 www.ads39.bpath.com
127.0.0.1 www.ads40.bpath.com
127.0.0.1 www.ads41.bpath.com
127.0.0.1 www.ads42.bpath.com
127.0.0.1 www.ads43.bpath.com
127.0.0.1 www.ads44.bpath.com
127.0.0.1 www.ads45.bpath.com
127.0.0.1 www.ads46.bpath.com
127.0.0.1 www.ads47.bpath.com
127.0.0.1 www.ads48.bpath.com
127.0.0.1 www.ads49.bpath.com
127.0.0.1 www.ads50.bpath.com
127.0.0.1 www.ads51.bpath.com
127.0.0.1 www.ads52.bpath.com
127.0.0.1 www.bpath.com
127.0.0.1 www.www.bpath.com
127.0.0.1 www.acim.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.e250a.track4.com
127.0.0.1 www.fingerhut.track4.com
127.0.0.1 www.foxy.acim.com
127.0.0.1 www.foxy.track4.com
127.0.0.1 www.ftp.acim.com
127.0.0.1 www.ftp.track4.com
127.0.0.1 www.gate.acim.com
127.0.0.1 www.gifttree.track4.com
127.0.0.1 www.maximizer.acim.com
127.0.0.1 www.ns1.acim.com
127.0.0.1 www.ns2.acim.com
127.0.0.1 www.plum.acim.com
127.0.0.1 www.sz.track4.com
127.0.0.1 www.toten.acim.com
127.0.0.1 www.towerrecords.track4.com
127.0.0.1 www.track4.com
127.0.0.1 www.translucent.acim.com
127.0.0.1 www.www.acim.com
127.0.0.1 www1.track4.com
127.0.0.1 www2.track4.com
127.0.0.1 www3.track4.com
127.0.0.1 www.3Aad.doubleclick.net
127.0.0.1 www.aa.doubleclick.net
127.0.0.1 www.accord.netgravity.com
127.0.0.1 www.ad.au.doubleclick.net
127.0.0.1 www.ad.br.doubleclick.net
127.0.0.1 www.ad.ca.doubleclick.net
127.0.0.1 www.ad.contentzone.com
127.0.0.1 www.ad.de.doubleclick.net
127.0.0.1 www.ad.doubleclick.com
127.0.0.1 www.ad.es.doubleclick.net
127.0.0.1 www.ad.fi.doubleclick.net
127.0.0.1 www.ad.fr.doubleclick.net
127.0.0.1 www.ad.it.doubleclick.net
127.0.0.1 www.ad.jp.doubleclick.net
127.0.0.1 www.ad.my.doubleclick.net
127.0.0.1 www.ad.nl.doubleclick.net
127.0.0.1 www.ad.no.doubleclick.net
127.0.0.1 www.ad.pt.doubleclick.net
127.0.0.1 www.ad.se.doubleclick.net
127.0.0.1 www.ad.sg.doubleclick.net
127.0.0.1 www.ad.sq.doubleclick.net
127.0.0.1 www.ad.uk.doubleclick.net
127.0.0.1 www.ad.us.doubleclick.net
127.0.0.1 www.ad1.doubleclick.net
127.0.0.1 www.ad2.doubleclick.net
127.0.0.1 www.ad3.doubleclick.net
127.0.0.1 www.adcenter1.netgravity.com
127.0.0.1 www.ADS-SECONDARY.doubleclick.net
127.0.0.1 www.ads.double-click.com
127.0.0.1 www.bay-sw-10.netgravity.com
127.0.0.1 www.bbn-gw.NYC1.doubleclick.net
127.0.0.1 www.caelum.netgravity.com
127.0.0.1 www.de1.doubleclick.net
127.0.0.1 www.demo.netgravity.com
127.0.0.1 www.double-click.com
127.0.0.1 www.doubleclick.com
127.0.0.1 www.doubleclick.net
127.0.0.1 www.draco.netgravity.com
127.0.0.1 www.dyson.netgravity.com
127.0.0.1 www.ecommerce.netgravity.com
127.0.0.1 www.engpptp.netgravity.com
127.0.0.1 www.enterprise.netgravity.com
127.0.0.1 www.exnjadgda1.doubleclick.net
127.0.0.1 www.exnjadgda2.doubleclick.net
127.0.0.1 www.exnjadgds1.doubleclick.net
127.0.0.1 www.exnjmdgda1.doubleclick.net
127.0.0.1 www.exnjmdgds1.doubleclick.net
127.0.0.1 www.exodus-gw.EWR1.doubleclick.net
127.0.0.1 www.fr1.doubleclick.net
127.0.0.1 www.ftp.netgravity.com
127.0.0.1 www.gatekeeper.netgravity.com
127.0.0.1 www.gd20.doubleclick.net
127.0.0.1 www.gd25.doubleclick.net
127.0.0.1 www.gd28.doubleclick.net
127.0.0.1 www.gd4.doubleclick.net
127.0.0.1 www.gravitychannel.netgravity.com
127.0.0.1 www.gravityhome.netgravity.com
127.0.0.1 www.home.netgravity.com
127.0.0.1 www.In.doubleclick.net
127.0.0.1 www.joinchannel.netgravity.com
127.0.0.1 www.jp.doubleclick.net
127.0.0.1 www.listserver.netgravity.com
127.0.0.1 www.ln.doubleclick.net
127.0.0.1 www.lon-router.netgravity.com
127.0.0.1 www.london.netgravity.com
127.0.0.1 www.lucian.netgravity.com
127.0.0.1 www.m.doubleclick.com
127.0.0.1 www.m.doubleclick.net
127.0.0.1 www.m2.doubleclick.net
127.0.0.1 www.MAILEXODUS.doubleclick.net
127.0.0.1 www.mdist.doubleclick.net
127.0.0.1 www.mplex-dfa.doubleclick.net
127.0.0.1 www.myhome.netgravity.com
127.0.0.1 www.nda.netgravity.com
127.0.0.1 www.netgravity.com
127.0.0.1 www.network-199-95-207-10.doubleclick.net
127.0.0.1 www.network-199-95-207-138.doubleclick.net
127.0.0.1 www.network-199-95-207-148.doubleclick.net
127.0.0.1 www.network-199-95-207-2.doubleclick.net
127.0.0.1 www.network-199-95-207-3.doubleclick.net
127.0.0.1 www.network-199-95-207-4.doubleclick.net
127.0.0.1 www.network-199-95-207-5.doubleclick.net
127.0.0.1 www.network-199-95-207-6.doubleclick.net
127.0.0.1 www.network-199-95-207-7.doubleclick.net
127.0.0.1 www.network-199-95-207-8.doubleclick.net
127.0.0.1 www.network-199-95-207-9.doubleclick.net
127.0.0.1 www.network-199-95-208-10.doubleclick.net
127.0.0.1 www.network-199-95-208-2.doubleclick.net
127.0.0.1 www.network-199-95-208-3.doubleclick.net
127.0.0.1 www.network-199-95-208-4.doubleclick.net
127.0.0.1 www.network-199-95-208-5.doubleclick.net
127.0.0.1 www.network-199-95-208-6.doubleclick.net
127.0.0.1 www.network-199-95-208-7.doubleclick.net
127.0.0.1 www.network-199-95-208-8.doubleclick.net
127.0.0.1 www.network-209-67-38-10.doubleclick.net
127.0.0.1 www.network-209-67-38-2.doubleclick.net
127.0.0.1 www.network-209-67-38-3.doubleclick.net
127.0.0.1 www.network-209-67-38-4.doubleclick.net
127.0.0.1 www.network-209-67-38-5.doubleclick.net
127.0.0.1 www.network-209-67-38-6.doubleclick.net
127.0.0.1 www.network-209-67-38-7.doubleclick.net
127.0.0.1 www.network-209-67-38-8.doubleclick.net
127.0.0.1 www.network-209-67-38-9.doubleclick.net
127.0.0.1 www.news.netgravity.com
127.0.0.1 www.ng-webserver.netgravity.com
127.0.0.1 www.nl.doubleclick.net
127.0.0.1 www.no.doubleclick.net
127.0.0.1 www.ns.doubleclick.net
127.0.0.1 www.ns1.doubleclick.net
127.0.0.1 www.ns2.doubleclick.net
127.0.0.1 www.ny-router.netgravity.com
127.0.0.1 www.ny.netgravity.com
127.0.0.1 www.phase2media.doubleclick.net
127.0.0.1 www.pptp-server.netgravity.com
127.0.0.1 www.pptp.netgravity.com
127.0.0.1 www.proxy.netgravity.com
127.0.0.1 www.rdbox.doubleclick.net
127.0.0.1 www.resolver.doubleclick.net
127.0.0.1 www.sanders.netgravity.com
127.0.0.1 www.se.doubleclick.net
127.0.0.1 www.se1.doubleclick.net
127.0.0.1 www.SITEPAGES.doubleclick.net
127.0.0.1 www.smhq-fe1-0.netgravity.com
127.0.0.1 www.sold.netgravity.com
127.0.0.1 www.suitespot.netgravity.com
127.0.0.1 www.support.netgravity.com
127.0.0.1 www.uk.doubleclick.net
127.0.0.1 www.uk1.doubleclick.net
127.0.0.1 www.us.doubleclick.net
127.0.0.1 www.uunet-gw.NYC1.doubleclick.net
127.0.0.1 www.uunyadgda1.doubleclick.net
127.0.0.1 www.uunyadgds1.doubleclick.net
127.0.0.1 www3.netgravity.com
127.0.0.1 www4.netgravity.com
127.0.0.1 www.zac.netgravity.com
127.0.0.1 www.ads1.speedbit.com
127.0.0.1 www.ads2.speedbit.com
127.0.0.1 www.ads3.speedbit.com
127.0.0.1 www3.speedbit.com
127.0.0.1 www.speedbit.com
127.0.0.1 www.54.conducent.com
127.0.0.1 www.addbtest.conducent.com
127.0.0.1 www.addbtest.timesink.com
127.0.0.1 www.addltest.conducent.com
127.0.0.1 www.addltest.timesink.com
127.0.0.1 www.addltestmaster.conducent.com
127.0.0.1 www.adqa.conducent.com
127.0.0.1 www.contentalpha.conducent.com
127.0.0.1 www.contentqa.conducent.com
127.0.0.1 www.contents.conducent.com
127.0.0.1 www.contents1.conducent.com
127.0.0.1 www.contenttest.conducent.com
127.0.0.1 www.digisle.conducent.com
127.0.0.1 www.DNS1.CONDUCENT.COM
127.0.0.1 www.download.timesink.com
127.0.0.1 www.eroom.conducent.com
127.0.0.1 www.firewall.conducent.com
127.0.0.1 www.firewall.timesink.com
127.0.0.1 www.ftp.conducent.com
127.0.0.1 www.hermes.conducent.com
127.0.0.1 www.ip134.conducent.com
127.0.0.1 www.ip134.timesink.com
127.0.0.1 www.Jerry.conducent.com
127.0.0.1 www.mail.conducent.com
127.0.0.1 www.mail.timesink.com
127.0.0.1 www.nandbob.conducent.com
127.0.0.1 www.nid.conducent.com
127.0.0.1 www.nid.timesink.com
127.0.0.1 www.nidinternal.conducent.com
127.0.0.1 www.nidinternal.timesink.com
127.0.0.1 www.nidinternaltest.conducent.com
127.0.0.1 www.nidtest.conducent.com
127.0.0.1 www.nidtest.timesink.com
127.0.0.1 www.nt2.conducent.com
127.0.0.1 www.pop3.conducent.com
127.0.0.1 www.pop3.timesink.com
127.0.0.1 www.proxytest.conducent.com
127.0.0.1 www.pushv5.conducent.com
127.0.0.1 www.redirectqa.conducent.com
127.0.0.1 www.redirects.conducent.com
127.0.0.1 www.redirects.timesink.com
127.0.0.1 www.redirecttest.conducent.com
127.0.0.1 www.smtp.conducent.com
127.0.0.1 www.smtp.timesink.com
127.0.0.1 www.softwares.conducent.com
127.0.0.1 www.softwares.timesink.com
127.0.0.1 www.sterlinga.conducent.com
127.0.0.1 www.sterlingf.conducent.com
127.0.0.1 www.updates2.conducent.com
127.0.0.1 www.updatetest.conducent.com
127.0.0.1 www.warsport.timesink.com
127.0.0.1 www.conducent.com
127.0.0.1 www.test.conducent.com
127.0.0.1 www.test.timesink.com
127.0.0.1 www.zeus.conducent.com
127.0.0.1 www.zeus.timesink.com
127.0.0.1 www.bob.web3000.com
127.0.0.1 www.tasha.web3000.com
127.0.0.1 www1.web3000.com
127.0.0.1 www7.web3000.com
127.0.0.1 www.abbott.radiate.com
127.0.0.1 www.ad2-1.aureate.com
127.0.0.1 www.ad2-2.aureate.com
127.0.0.1 www.ad2-3.aureate.com
127.0.0.1 www.ad2-4.aureate.com
127.0.0.1 www.adam.radiate.com
127.0.0.1 www.adserv2-301-sjc2.radiate.com
127.0.0.1 www.adserv3-408-sjc2.radiate.com
127.0.0.1 www.adsoftware.com
127.0.0.1 www.aim.adsoftware.com
127.0.0.1 www.aim.aureate.com
127.0.0.1 www.aim1.adsoftware.com
127.0.0.1 www.aim1.aureate.com
127.0.0.1 www.aim2.adsoftware.com
127.0.0.1 www.aim2.aureate.com
127.0.0.1 www.aim3.adsoftware.com
127.0.0.1 www.aim3.aureate.com
127.0.0.1 www.aim4.adsoftware.com
127.0.0.1 www.aim4.aureate.com
127.0.0.1 www.aim5.adsoftware.com
127.0.0.1 www.aim5.aureate.com
127.0.0.1 www.aim6.adsoftware.com
127.0.0.1 www.alexander.aureate.com
127.0.0.1 www.ans-test.adsoftware.com
127.0.0.1 www.ans1.adsoftware.com
127.0.0.1 www.ans10.adsoftware.com
127.0.0.1 www.ans2.adsoftware.com
127.0.0.1 www.ans3.adsoftware.com
127.0.0.1 www.apc-pdu-1.aureate.com
127.0.0.1 www.apc-pdu-2.aureate.com
127.0.0.1 www.aristotle.aureate.com
127.0.0.1 www.ask-a-chick.com
127.0.0.1 www.aureate-colo-hp2424m.aureate.com
127.0.0.1 www.aureate-main-2611.aureate.com
127.0.0.1 www.aureate.com
127.0.0.1 www.aureatemedia.com
127.0.0.1 www.bach.aureate.com
127.0.0.1 www.bc-208-184-172-192.radiate.com
127.0.0.1 www.bigmama.radiate.com
127.0.0.1 www.binarybliss.com
127.0.0.1 www.bonnie2.radiate.com
127.0.0.1 www.brinks.radiate.com
127.0.0.1 www.brutus.radiate.com
127.0.0.1 www.caesar.aureate.com
127.0.0.1 www.confucius.aureate.com
127.0.0.1 www.constantine.aureate.com
127.0.0.1 www.cook.aureate.com
127.0.0.1 www.copernicus.aureate.com
127.0.0.1 www.corona.radiate.com
127.0.0.1 www.costello.radiate.com
127.0.0.1 www.curly.aureate.com
127.0.0.1 www.cyrus.aureate.com
127.0.0.1 www.deadmanwalking.radiate.com
127.0.0.1 www.dell.radiate.com
127.0.0.1 www.dillinger.aureate.com
127.0.0.1 www.dolphinsfootball.com
127.0.0.1 www.dosequis.radiate.com
127.0.0.1 www.download.binarybliss.com
127.0.0.1 www.foreigner.radiate.com
127.0.0.1 www.freud.aureate.com
127.0.0.1 www.ftp.gozilla.com
127.0.0.1 www.gameboy.aureate.com
127.0.0.1 www.gd1.radiate.com
127.0.0.1 www.gizmo.net
127.0.0.1 www.godzilla.radiate.com
127.0.0.1 www.gozilla.com
127.0.0.1 www.group-mail.com
127.0.0.1 www.gzs-6509.radiate.com
127.0.0.1 www.gzs-7206.radiate.com
127.0.0.1 www.gzs-ld.radiate.com
127.0.0.1 www.h-208-184-172-10.radiate.com
127.0.0.1 www.h-208-184-172-100.radiate.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 ads.x10.com
127.0.0.1 600pics.com
127.0.0.1 doberman.befree.com
127.0.0.1 enews.bfast.com
127.0.0.1 etoys.bfast.com
127.0.0.1 falcon.bfast.com
127.0.0.1 ftp.befree.com
127.0.0.1 ftp.bfast.com
127.0.0.1 geocities.bfast.com
127.0.0.1 goshoppingonline.bfast.com
127.0.0.1 great-dane.befree.com
127.0.0.1 great-dane.bfast.com
127.0.0.1 greyhound.bfast.com
127.0.0.1 help.bfast.com
127.0.0.1 husky.bfast.com
127.0.0.1 images.bfast.com
127.0.0.1 imp.bfast.com
127.0.0.1 njmgt1.bfast.com
127.0.0.1 njmgt2.bfast.com
127.0.0.1 njrep0.bfast.com
127.0.0.1 njrep2.bfast.com
127.0.0.1 njrep1.bfast.com
127.0.0.1 njtxn1.bfast.com
127.0.0.1 otterhound.bfast.com
127.0.0.1 preprod-geocities.bfast.com
127.0.0.1 preprod.bfast.com
127.0.0.1 qwest.bfast.com
127.0.0.1 reporting.net
127.0.0.1 ridgeback.befree.com
127.0.0.1 ridgeback.bfast.com
127.0.0.1 samoyed.bfast.com
127.0.0.1 scrappy.befree.com
127.0.0.1 service.bfast.com
127.0.0.1 travelocity.bfast.com
127.0.0.1 travsoft.bfast.com
127.0.0.1 verisign.bfast.com
127.0.0.1 vulture.bfast.com
127.0.0.1 whippet.bfast.com
127.0.0.1 wolfhound.bfast.com
127.0.0.1 befree.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 abc.bnex.com
127.0.0.1 alpha.bnex.com
127.0.0.1 bnex.com
127.0.0.1 customer.bnex.com
127.0.0.1 db.bnex.com
127.0.0.1 dev.bnex.com
127.0.0.1 do.you.uh.yahoo.at.bnex.com
127.0.0.1 ghost.in.the.shell.at.bnex.com
127.0.0.1 granite.bnex.com
127.0.0.1 intarsia.bnex.com
127.0.0.1 intranet.bnex.com
127.0.0.1 jade.bnex.com
127.0.0.1 malachite.bnex.com
127.0.0.1 marble.bnex.com
127.0.0.1 megastore.bnex.com
127.0.0.1 mosaic.bnex.com
127.0.0.1 ns1.bnex.com
127.0.0.1 ns2.bnex.com
127.0.0.1 onyx.bnex.com
127.0.0.1 orion.bnex.com
127.0.0.1 pebble.bnex.com
127.0.0.1 preview.bnex.com
127.0.0.1 quartz.bnex.com
127.0.0.1 terrazzo.bnex.com
127.0.0.1 vpos.bnex.com
127.0.0.1 ads.bpath.com
127.0.0.1 ads01.bpath.com
127.0.0.1 ads03.bpath.com
127.0.0.1 ads04.bpath.com
127.0.0.1 ads05.bpath.com
127.0.0.1 ads06.bpath.com
127.0.0.1 ads07.bpath.com
127.0.0.1 ads08.bpath.com
127.0.0.1 ads09.bpath.com
127.0.0.1 ads1.bpath.com
127.0.0.1 ads10.bpath.com
127.0.0.1 ads11.bpath.com
127.0.0.1 ads12.bpath.com
127.0.0.1 ads13.bpath.com
127.0.0.1 ads14.bpath.com
127.0.0.1 ads15.bpath.com
127.0.0.1 ads16.bpath.com
127.0.0.1 ads17.bpath.com
127.0.0.1 ads18.bpath.com
127.0.0.1 ads19.bpath.com
127.0.0.1 ads2.bpath.com
127.0.0.1 ads20.bpath.com
127.0.0.1 ads21.bpath.com
127.0.0.1 ads22.bpath.com
127.0.0.1 ads23.bpath.com
127.0.0.1 ads24.bpath.com
127.0.0.1 ads25.bpath.com
127.0.0.1 ads26.bpath.com
127.0.0.1 ads27.bpath.com
127.0.0.1 ads28.bpath.com
127.0.0.1 ads29.bpath.com
127.0.0.1 ads3.bpath.com
127.0.0.1 ads32.bpath.com
127.0.0.1 ads33.bpath.com
127.0.0.1 ads34.bpath.com
127.0.0.1 ads35.bpath.com
127.0.0.1 ads36.bpath.com
127.0.0.1 ads37.bpath.com
127.0.0.1 ads38.bpath.com
127.0.0.1 ads39.bpath.com
127.0.0.1 ads40.bpath.com
127.0.0.1 ads41.bpath.com
127.0.0.1 ads42.bpath.com
127.0.0.1 ads43.bpath.com
127.0.0.1 ads44.bpath.com
127.0.0.1 ads45.bpath.com
127.0.0.1 ads46.bpath.com
127.0.0.1 ads47.bpath.com
127.0.0.1 ads48.bpath.com
127.0.0.1 ads49.bpath.com
127.0.0.1 ads50.bpath.com
127.0.0.1 ads51.bpath.com
127.0.0.1 ads52.bpath.com
127.0.0.1 bpath.com
127.0.0.1 acim.com
127.0.0.1 commission-junction.com
127.0.0.1 e250a.track4.com
127.0.0.1 fingerhut.track4.com
127.0.0.1 foxy.acim.com
127.0.0.1 foxy.track4.com
127.0.0.1 ftp.acim.com
127.0.0.1 ftp.track4.com
127.0.0.1 gate.acim.com
127.0.0.1 gifttree.track4.com
127.0.0.1 maximizer.acim.com
127.0.0.1 ns1.acim.com
127.0.0.1 ns2.acim.com
127.0.0.1 plum.acim.com
127.0.0.1 sz.track4.com
127.0.0.1 toten.acim.com
127.0.0.1 towerrecords.track4.com
127.0.0.1 track4.com
127.0.0.1 translucent.acim.com
127.0.0.1 1.track4.com
127.0.0.1 2.track4.com
127.0.0.1 3.track4.com
127.0.0.1 3Aad.doubleclick.net
127.0.0.1 aa.doubleclick.net
127.0.0.1 accord.netgravity.com
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 ad.br.doubleclick.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.contentzone.com
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.com
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fi.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.my.doubleclick.net
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.pt.doubleclick.net
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 ad.sq.doubleclick.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.us.doubleclick.net
127.0.0.1 ad1.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 adcenter1.netgravity.com
127.0.0.1 ADS-SECONDARY.doubleclick.net
127.0.0.1 ads.double-click.com
127.0.0.1 bay-sw-10.netgravity.com
127.0.0.1 bbn-gw.NYC1.doubleclick.net
127.0.0.1 caelum.netgravity.com
127.0.0.1 de1.doubleclick.net
127.0.0.1 demo.netgravity.com
127.0.0.1 double-click.com
127.0.0.1 doubleclick.com
127.0.0.1 doubleclick.net
127.0.0.1 draco.netgravity.com
127.0.0.1 dyson.netgravity.com
127.0.0.1 ecommerce.netgravity.com
127.0.0.1 engpptp.netgravity.com
127.0.0.1 enterprise.netgravity.com
127.0.0.1 exnjadgda1.doubleclick.net
127.0.0.1 exnjadgda2.doubleclick.net
127.0.0.1 exnjadgds1.doubleclick.net
127.0.0.1 exnjmdgda1.doubleclick.net
127.0.0.1 exnjmdgds1.doubleclick.net
127.0.0.1 exodus-gw.EWR1.doubleclick.net
127.0.0.1 fr1.doubleclick.net
127.0.0.1 ftp.netgravity.com
127.0.0.1 gatekeeper.netgravity.com
127.0.0.1 gd20.doubleclick.net
127.0.0.1 gd25.doubleclick.net
127.0.0.1 gd28.doubleclick.net
127.0.0.1 gd4.doubleclick.net
127.0.0.1 gravitychannel.netgravity.com
127.0.0.1 gravityhome.netgravity.com
127.0.0.1 home.netgravity.com
127.0.0.1 In.doubleclick.net
127.0.0.1 joinchannel.netgravity.com
127.0.0.1 jp.doubleclick.net
127.0.0.1 listserver.netgravity.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 lon-router.netgravity.com
127.0.0.1 london.netgravity.com
127.0.0.1 lucian.netgravity.com
127.0.0.1 m.doubleclick.com
127.0.0.1 m.doubleclick.net
127.0.0.1 m2.doubleclick.net
127.0.0.1 MAILEXODUS.doubleclick.net
127.0.0.1 mdist.doubleclick.net
127.0.0.1 mplex-dfa.doubleclick.net
127.0.0.1 myhome.netgravity.com
127.0.0.1 nda.netgravity.com
127.0.0.1 netgravity.com
127.0.0.1 network-199-95-207-10.doubleclick.net
127.0.0.1 network-199-95-207-138.doubleclick.net
127.0.0.1 network-199-95-207-148.doubleclick.net
127.0.0.1 network-199-95-207-2.doubleclick.net
127.0.0.1 network-199-95-207-3.doubleclick.net
127.0.0.1 network-199-95-207-4.doubleclick.net
127.0.0.1 network-199-95-207-5.doubleclick.net
127.0.0.1 network-199-95-207-6.doubleclick.net
127.0.0.1 network-199-95-207-7.doubleclick.net
127.0.0.1 network-199-95-207-8.doubleclick.net
127.0.0.1 network-199-95-207-9.doubleclick.net
127.0.0.1 network-199-95-208-10.doubleclick.net
127.0.0.1 network-199-95-208-2.doubleclick.net
127.0.0.1 network-199-95-208-3.doubleclick.net
127.0.0.1 network-199-95-208-4.doubleclick.net
127.0.0.1 network-199-95-208-5.doubleclick.net
127.0.0.1 network-199-95-208-6.doubleclick.net
127.0.0.1 network-199-95-208-7.doubleclick.net
127.0.0.1 network-199-95-208-8.doubleclick.net
127.0.0.1 network-209-67-38-10.doubleclick.net
127.0.0.1 network-209-67-38-2.doubleclick.net
127.0.0.1 network-209-67-38-3.doubleclick.net
127.0.0.1 network-209-67-38-4.doubleclick.net
127.0.0.1 network-209-67-38-5.doubleclick.net
127.0.0.1 network-209-67-38-6.doubleclick.net
127.0.0.1 network-209-67-38-7.doubleclick.net
127.0.0.1 network-209-67-38-8.doubleclick.net
127.0.0.1 network-209-67-38-9.doubleclick.net
127.0.0.1 news.netgravity.com
127.0.0.1 ng-webserver.netgravity.com
127.0.0.1 nl.doubleclick.net
127.0.0.1 no.doubleclick.net
127.0.0.1 ns.doubleclick.net
127.0.0.1 ns1.doubleclick.net
127.0.0.1 ns2.doubleclick.net
127.0.0.1 ny-router.netgravity.com
127.0.0.1 ny.netgravity.com
127.0.0.1 phase2media.doubleclick.net
127.0.0.1 pptp-server.netgravity.com
127.0.0.1 pptp.netgravity.com
127.0.0.1 proxy.netgravity.com
127.0.0.1 rdbox.doubleclick.net
127.0.0.1 resolver.doubleclick.net
127.0.0.1 sanders.netgravity.com
127.0.0.1 se.doubleclick.net
127.0.0.1 se1.doubleclick.net
127.0.0.1 SITEPAGES.doubleclick.net
127.0.0.1 smhq-fe1-0.netgravity.com
127.0.0.1 sold.netgravity.com
127.0.0.1 suitespot.netgravity.com
127.0.0.1 support.netgravity.com
127.0.0.1 uk.doubleclick.net
127.0.0.1 uk1.doubleclick.net
127.0.0.1 us.doubleclick.net
127.0.0.1 uunet-gw.NYC1.doubleclick.net
127.0.0.1 uunyadgda1.doubleclick.net
127.0.0.1 uunyadgds1.doubleclick.net
127.0.0.1 3.netgravity.com
127.0.0.1 4.netgravity.com
127.0.0.1 zac.netgravity.com
127.0.0.1 ads1.speedbit.com
127.0.0.1 ads2.speedbit.com
127.0.0.1 ads3.speedbit.com
127.0.0.1 speedbit.com
127.0.0.1 54.conducent.com
127.0.0.1 addbtest.conducent.com
127.0.0.1 addbtest.timesink.com
127.0.0.1 addltest.conducent.com
127.0.0.1 addltest.timesink.com
127.0.0.1 adqa.conducent.com
127.0.0.1 contentalpha.conducent.com
127.0.0.1 contentqa.conducent.com
127.0.0.1 contents.conducent.com
127.0.0.1 contents1.conducent.com
127.0.0.1 contenttest.conducent.com
127.0.0.1 digisle.conducent.com
127.0.0.1 DNS1.CONDUCENT.COM
127.0.0.1 download.timesink.com
127.0.0.1 eroom.conducent.com
127.0.0.1 firewall.conducent.com
127.0.0.1 firewall.timesink.com
127.0.0.1 ftp.conducent.com
127.0.0.1 hermes.conducent.com
127.0.0.1 ip134.conducent.com
127.0.0.1 ip134.timesink.com
127.0.0.1 Jerry.conducent.com
127.0.0.1 mail.conducent.com
127.0.0.1 mail.timesink.com
127.0.0.1 nandbob.conducent.com
127.0.0.1 nid.conducent.com
127.0.0.1 nid.timesink.com
127.0.0.1 nidinternal.conducent.com
127.0.0.1 nidinternal.timesink.com
127.0.0.1 nidinternaltest.conducent.com
127.0.0.1 nidtest.conducent.com
127.0.0.1 nidtest.timesink.com
127.0.0.1 nt2.conducent.com
127.0.0.1 pop3.conducent.com
127.0.0.1 pop3.timesink.com
127.0.0.1 proxytest.conducent.com
127.0.0.1 pushv5.conducent.com
127.0.0.1 redirectqa.conducent.com
127.0.0.1 redirects.conducent.com
127.0.0.1 redirects.timesink.com
127.0.0.1 redirecttest.conducent.com
127.0.0.1 smtp.conducent.com
127.0.0.1 smtp.timesink.com
127.0.0.1 softwares.conducent.com
127.0.0.1 softwares.timesink.com
127.0.0.1 sterlinga.conducent.com
127.0.0.1 sterlingf.conducent.com
127.0.0.1 updates2.conducent.com
127.0.0.1 updatetest.conducent.com
127.0.0.1 warsport.timesink.com
127.0.0.1 conducent.com
127.0.0.1 test.conducent.com
127.0.0.1 test.timesink.com
127.0.0.1 zeus.conducent.com
127.0.0.1 zeus.timesink.com
127.0.0.1 bob.web3000.com
127.0.0.1 tasha.web3000.com
127.0.0.1 web3000.com
127.0.0.1 7.web3000.com
127.0.0.1 abbott.radiate.com
127.0.0.1 ad2-1.aureate.com
127.0.0.1 ad2-2.aureate.com
127.0.0.1 ad2-3.aureate.com
127.0.0.1 ad2-4.aureate.com
127.0.0.1 adam.radiate.com
127.0.0.1 adserv2-301-sjc2.radiate.com
127.0.0.1 adserv3-408-sjc2.radiate.com
127.0.0.1 adsoftware.com
127.0.0.1 aim.adsoftware.com
127.0.0.1 aim.aureate.com
127.0.0.1 aim1.adsoftware.com
127.0.0.1 aim1.aureate.com
127.0.0.1 aim2.adsoftware.com
127.0.0.1 aim2.aureate.com
127.0.0.1 aim3.adsoftware.com
127.0.0.1 aim3.aureate.com
127.0.0.1 aim4.adsoftware.com
127.0.0.1 aim4.aureate.com
127.0.0.1 aim5.adsoftware.com
127.0.0.1 aim5.aureate.com
127.0.0.1 aim6.adsoftware.com
127.0.0.1 alexander.aureate.com
127.0.0.1 ans-test.adsoftware.com
127.0.0.1 ans1.adsoftware.com
127.0.0.1 ans10.adsoftware.com
127.0.0.1 ans2.adsoftware.com
127.0.0.1 ans3.adsoftware.com
127.0.0.1 apc-pdu-1.aureate.com
127.0.0.1 apc-pdu-2.aureate.com
127.0.0.1 aristotle.aureate.com
127.0.0.1 ask-a-chick.com
127.0.0.1 aureate-colo-hp2424m.aureate.com
127.0.0.1 aureate-main-2611.aureate.com
127.0.0.1 aureate.com
127.0.0.1 aureatemedia.com
127.0.0.1 bach.aureate.com
127.0.0.1 bc-208-184-172-192.radiate.com
127.0.0.1 bigmama.radiate.com
127.0.0.1 binarybliss.com
127.0.0.1 bonnie2.radiate.com
127.0.0.1 brinks.radiate.com
127.0.0.1 brutus.radiate.com
127.0.0.1 caesar.aureate.com
127.0.0.1 confucius.aureate.com
127.0.0.1 constantine.aureate.com
127.0.0.1 cook.aureate.com
127.0.0.1 copernicus.aureate.com
127.0.0.1 corona.radiate.com
127.0.0.1 costello.radiate.com
127.0.0.1 curly.aureate.com
127.0.0.1 cyrus.aureate.com
127.0.0.1 deadmanwalking.radiate.com
127.0.0.1 dell.radiate.com
127.0.0.1 dillinger.aureate.com
127.0.0.1 dolphinsfootball.com
127.0.0.1 dosequis.radiate.com
127.0.0.1 download.binarybliss.com
127.0.0.1 foreigner.radiate.com
127.0.0.1 freud.aureate.com
127.0.0.1 ftp.gozilla.com
127.0.0.1 gameboy.aureate.com
127.0.0.1 gd1.radiate.com
127.0.0.1 gizmo.net
127.0.0.1 godzilla.radiate.com
127.0.0.1 gozilla.com
127.0.0.1 group-mail.com
127.0.0.1 gzs-6509.radiate.com
127.0.0.1 gzs-7206.radiate.com
127.0.0.1 gzs-ld.radiate.com
127.0.0.1 h-208-184-172-10.radiate.com
127.0.0.1 h-208-184-172-100.radiate.com
127.0.0.1 mm.delfinproject.com
127.0.0.1 www.mm.delfinproject.com
127.0.0.1 http://www.perfectedsecurity.com/
127.0.0.1 www.ad.yieldmanager.com
127.0.0.1 www.ads.vitalix.net
127.0.0.1 www.zedo.net

127.0.0.1 puritysweep.com
127.0.0.1 winantivirus.com
127.0.0.1 virusburst.com
127.0.0.1 spyaxe.com
127.0.0.1 pesttrap.com
127.0.0.1 bravesentry.com
127.0.0.1 unspypc.com
127.0.0.1 spywarequake.info
127.0.0.1 spyaxe.biz
127.0.0.1 razespyware.net
127.0.0.1 alfacleaner.com
127.0.0.1 virusblast.com
127.0.0.1 udefender.com
127.0.0.1 clickspring.net
127.0.0.1 antivirus-gold.com
127.0.0.1 psguard.com
127.0.0.1 antispywaresoldier.com
127.0.0.1 pestwiper.com
127.0.0.1 malwarewipe.com
127.0.0.1 winantispyware.com
127.0.0.1 ultimatecleaner.com
127.0.0.1 razespyware.com
127.0.0.1 winhound.com
127.0.0.1 spy-sheriff.com
127.0.0.1 winantispy.com
127.0.0.1 spysheriff.com
127.0.0.1 pest-wiper.com
127.0.0.1 winsoftware.com
127.0.0.1 spyfalcon.com
127.0.0.1 malwarewiped.com
127.0.0.1 spyaxe.net
127.0.0.1 purityscan.com
127.0.0.1 anti-virus-pro.com
127.0.0.1 spyspotter.com
127.0.0.1 spyshield.org
127.0.0.1 spyheal.com
127.0.0.1 antivirusgolden.com
127.0.0.1 antivermins.com

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: DhcpNameServer=24.116.209.232 24.116.2.34
HKLM\SYSTEM\CCS\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: NameServer=24.116.0.202,24.116.209.232
HKLM\SYSTEM\CS1\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: DhcpNameServer=24.116.209.232 24.116.2.34
HKLM\SYSTEM\CS1\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: NameServer=24.116.0.202,24.116.209.232
HKLM\SYSTEM\CS2\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: DhcpNameServer=24.116.209.232 24.116.2.34
HKLM\SYSTEM\CS2\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: NameServer=24.116.0.202,24.116.209.232
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.116.209.232 24.116.2.34
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.116.209.232 24.116.2.34
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.116.209.232 24.116.2.34


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 04:34 PM   #17 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
Yes the OTmoveit did create a logfile, I think this is the one.

File/Folder not found.
File/Folder not found.
C:\WINDOWS\system32\stfv.bin moved successfully.
C:\WINDOWS\vxddsk.exe moved successfully.
C:\WINDOWS\system32\vxddsk.exe moved successfully.
C:\WINDOWS\wml.exe moved successfully.
C:\WINDOWS\system32\wml.exe moved successfully.
C:\WINDOWS\satmat.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\7search.dll
C:\WINDOWS\7search.dll NOT unregistered.
C:\WINDOWS\7search.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\flt.dll
C:\WINDOWS\flt.dll NOT unregistered.
C:\WINDOWS\flt.dll moved successfully.
C:\WINDOWS\764.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\pbar.dll
C:\WINDOWS\pbar.dll NOT unregistered.
C:\WINDOWS\pbar.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\voiceip.dll
C:\WINDOWS\voiceip.dll NOT unregistered.
C:\WINDOWS\voiceip.dll moved successfully.
C:\WINDOWS\stcloader.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\swin32.dll
C:\WINDOWS\swin32.dll NOT unregistered.
C:\WINDOWS\swin32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\cdsm32.dll
C:\WINDOWS\cdsm32.dll NOT unregistered.
C:\WINDOWS\cdsm32.dll moved successfully.
C:\WINDOWS\bokja.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\mspphe.dll
C:\WINDOWS\mspphe.dll NOT unregistered.
C:\WINDOWS\mspphe.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\bjam.dll
C:\WINDOWS\bjam.dll NOT unregistered.
C:\WINDOWS\bjam.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search.dll NOT unregistered.
C:\WINDOWS\2020search.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\MSIXU.DLL
C:\WINDOWS\system32\MSIXU.DLL NOT unregistered.
C:\WINDOWS\system32\MSIXU.DLL moved successfully.
LoadLibrary failed for C:\WINDOWS\saiemod.dll
C:\WINDOWS\saiemod.dll NOT unregistered.
C:\WINDOWS\saiemod.dll moved successfully.
C:\WINDOWS\system32\msscds32.dll unregistered successfully.
C:\WINDOWS\system32\msscds32.dll moved successfully.
C:\WINDOWS\system32\gtv_sd.bin moved successfully.
C:\WINDOWS\system32\dgygxdoq.exe moved successfully.
c:\windows\Digital Signature 20030130.htm moved successfully.
File/Folder c:\windows\satmat.exe not found.
c:\program files\RapidBlaster moved successfully.
C:\WINDOWS\system32\intr32.dll unregistered successfully.
C:\WINDOWS\system32\intr32.dll moved successfully.
File/Folder not found.
File/Folder not found.

Created on 08/28/2007 06:50:27
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 04:38 PM   #18 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
I must have run this one twice due to some errors I got when running it. Here's the second log file

File/Folder C:\WINDOWS\system32\stfv.bin not found.
File/Folder C:\WINDOWS\vxddsk.exe not found.
File/Folder C:\WINDOWS\system32\vxddsk.exe not found.
File/Folder C:\WINDOWS\wml.exe not found.
File/Folder C:\WINDOWS\system32\wml.exe not found.
File/Folder C:\WINDOWS\satmat.exe not found.
File/Folder C:\WINDOWS\7search.dll not found.
File/Folder C:\WINDOWS\flt.dll not found.
File/Folder C:\WINDOWS\764.exe not found.
File/Folder C:\WINDOWS\pbar.dll not found.
File/Folder C:\WINDOWS\voiceip.dll not found.
File/Folder C:\WINDOWS\stcloader.exe not found.
File/Folder C:\WINDOWS\swin32.dll not found.
File/Folder C:\WINDOWS\cdsm32.dll not found.
File/Folder C:\WINDOWS\bokja.exe not found.
File/Folder C:\WINDOWS\mspphe.dll not found.
File/Folder C:\WINDOWS\bjam.dll not found.
File/Folder C:\WINDOWS\2020search.dll not found.
File/Folder C:\WINDOWS\system32\MSIXU.DLL not found.
File/Folder C:\WINDOWS\saiemod.dll not found.
File/Folder C:\WINDOWS\system32\msscds32.dll not found.
File/Folder C:\WINDOWS\system32\gtv_sd.bin not found.
File/Folder C:\WINDOWS\system32\dgygxdoq.exe not found.
File/Folder c:\windows\Digital Signature 20030130.htm not found.
File/Folder c:\windows\satmat.exe not found.
File/Folder c:\program files\RapidBlaster not found.
File/Folder C:\WINDOWS\system32\intr32.dll not found.
File/Folder not found.
File/Folder not found.

Created on 08/28/2007 06:53:25
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-28-2007, 09:16 PM   #19 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Please Help, Very Frustrated
Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

P2P Software

I see you have P2P software ( LimeWire 4.9.30) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

--------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Windows Clean-Up Pro
Spyware Detector - Click here for more info.
Java 2 Runtime Environment, SE v1.4.2_02

--------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: msscds32.msdn_hlp - {C934903B-61BE-403A-BC70-D738DAF43B8E} - C:\WINDOWS\system32\msscds32.dll
O4 - HKLM\..\Run: [Windows Clean-Up Pro] C:\PROGRA~1\3BSOFT~1\WINDOW~2\WINDOWS CLEAN-UP PRO.Exe

Please remember to close all other windows, including browsers then click Fix checked.

--------------------------------------------------------------

Delete the following Folders indicated in BLUE if they still exist.

C:\Program Files\SpywareDetector
C:\PROGRAM FILES\3BSOFT~1 <- This folder begins with 3BSOFT and can end with anything.


Note: If any of the folders resist deletion, then boot into safe mode to delete.

--------------------------------------------------------------


Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

Please run HiJackThis(Should be on your desktop)

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

--------------------------------------------------------------

Please reply back with the following:

Kaspersky Online Scan Results
HiJackThis Log
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-29-2007, 05:25 AM   #20 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 19
OS: xp


Re: Please Help, Very Frustrated
Hello,
Here aret the logfiles you requested.

KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 29, 2007 6:17:42 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 29/08/2007
Kaspersky Anti-Virus database records: 395410
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 169470
Number of viruses found 8
Number of infected objects 20
Number of suspicious objects 0
Duration of the scan process 02:46:56

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\BFTS\BFTSDatabase.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{C800F0C0-BD05-4BC2-9018-A47A9B75705B}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{E1EEE1F1-1C20-44EE-A4DA-6837D4B4E446}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{F012D8B4-7D3E-450E-8680-E1828DB02F21}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR20.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Owner\Desktop\Stuff\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.c skipped
C:\Documents and Settings\Owner\Desktop\Stuff\vnc-3.3.7-x86_win32.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\Documents and Settings\Owner\Desktop\Stuff\vnc-3.3.7-x86_win32.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\Documents and Settings\Owner\Desktop\Stuff\vnc-3.3.7-x86_win32.exe/data0004 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\Documents and Settings\Owner\Desktop\Stuff\vnc-3.3.7-x86_win32.exe Inno: infected - 3 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Shared\[Full] hamms beer 54.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Program Files\RealVNC\WinVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\Program Files\RealVNC\WinVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4CA3D3FB-26F9-4681-AC78-2E57013AC187}\RP1754\A0498460.exe Infected: Trojan-Downloader.Win32.VB.bbz skipped
C:\System Volume Information\_restore{4CA3D3FB-26F9-4681-AC78-2E57013AC187}\RP1754\A0502429.exe Infected: Email-Worm.Win32.Zhelatin.p skipped
C:\System Volume Information\_restore{4CA3D3FB-26F9-4681-AC78-2E57013AC187}\RP1756\A0503510.exe/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\System Volume Information\_restore{4CA3D3FB-26F9-4681-AC78-2E57013AC187}\RP1756\A0503510.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\System Volume Information\_restore{4CA3D3FB-26F9-4681-AC78-2E57013AC187}\RP1756\A0503510.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{4CA3D3FB-26F9-4681-AC78-2E57013AC187}\RP1758\A0504545.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\System Volume Information\_restore{4CA3D3FB-26F9-4681-AC78-2E57013AC187}\RP1760\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\lznmqukp.oek Infected: Trojan.Win32.Agent.qe skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_aMaItIR8uZpj3jw Object is locked skipped
C:\WINDOWS\Temp\mcafee_yH1GBlBV4tVHOSi Object is locked skipped
C:\WINDOWS\Temp\mcmsc_5Mem4av6ixPcku0 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_doixTkSWQCovHBP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Ns0gVBV3emEppYt Object is locked skipped
C:\WINDOWS\Temp\mcmsc_ujeDlMCoCB7BvZq Object is locked skipped
C:\WINDOWS\Temp\mcmsc_WsfU2n57zNaKMPa Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\dgygxdoq.exe Infected: Trojan-Downloader.Win32.VB.bbz skipped
Scan process completed.


And the DSS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:08 AM, on 08/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\CASIO\Ploader\Plauto.exe
C:\Program Files\Common Files\AOL\1127348673\ee\AOLServiceHost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mcleodusa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in-forum.com/index.cfm?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C934903B-61BE-403A-BC70-D738DAF43B8E} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127348673\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm464YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126570090110
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{582BD86F-A305-46D9-9043-35BF36606866}: NameServer = 24.116.0.202,24.116.209.232
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Abyss Web Server (AbyssWebServer) - Aprelium Technologies - C:\Program Files\Abyss Web Server\abyssws.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\winvnc.exe

--
End of file - 11555 bytes
bri4878 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:56 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85