|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
12-04-2007, 06:49 AM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 6
OS: XP SP2
|
Google misdirection to adware/spyware sites
Hello,
My XP SP2 based system is giving me some odd misdirections from Google about which I am concerned as my work laptop suffered similarly before failing completely! I'd appreciate any advice. I've followed steps 1 to 5 and now have a Panda report and DSS Hijackthis logs - text paster below (I've also installed Spyware Blaster and IE-Spyad). Regards - Mike Deckard's System Scanner v20071014.68 Run by Michael on 2007-12-04 13:26:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 61: 2007-12-04 13:26:41 UTC - RP567 - Deckard's System Scanner Restore Point 60: 2007-12-03 17:09:51 UTC - RP566 - System Checkpoint 59: 2007-12-01 15:19:18 UTC - RP565 - System Checkpoint 58: 2007-11-30 14:03:32 UTC - RP564 - System Checkpoint 57: 2007-11-28 20:16:39 UTC - RP563 - System Checkpoint -- First Restore Point -- 1: 2007-09-05 21:15:45 UTC - RP507 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Michael.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:29:55, on 04/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SMART Board Software\SMARTBoardService.exe C:\Program Files\WebDrive\wdService.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SM1BG.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\WebDrive\webdrive.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Documents and Settings\Michael\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Michael.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange31.dll O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange31.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe /trayicon O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097593749703 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129301360078 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O23 - Service: McAfee Application Installer Cleanup (0027141196758889) (0027141196758889mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\002714~1.EXE (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\WebDrive\wdService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11681 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System> R2 WebDriveFSD (WebDrive File System Driver) - c:\program files\webdrive\rffsd.sys R3 CardReaderFilter (Card Reader Filter) - c:\windows\system32\drivers\usbcrft.sys <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> S3 Cap7134 (MEDION (7134) WDM Video Capture) - c:\windows\system32\drivers\cap7134.sys <Not Verified; Philips Semiconductors; Philips cap7134> S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 PhTVTune (MEDION TV-TUNER 7134 MK2/3) - c:\windows\system32\drivers\phtvtune.sys <Not Verified; Philips Semiconductors; Philips TVTuner WDM Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 SMART Board Service - "c:\program files\smart board software\smartboardservice.exe" <Not Verified; SMART Technologies Inc.; SMART Board Software> R2 WebDriveService (WebDrive Service) - c:\program files\webdrive\wdservice.exe R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module> S2 0027141196758889mcinstcleanup (McAfee Application Installer Cleanup (0027141196758889)) - c:\windows\temp\002714~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-12-04 08:55:47 274 --a------ C:\WINDOWS\Tasks\HP Usg Login.job 2007-01-22 21:15:26 268 --a------ C:\WINDOWS\Tasks\McDefragTask.job 2007-01-22 21:15:24 360 --a------ C:\WINDOWS\Tasks\McQcTask.job -- Files created between 2007-11-04 and 2007-12-04 ----------------------------- 2007-12-04 13:29:03 0 d-------- C:\Program Files\Trend Micro 2007-12-04 12:59:04 0 d-------- C:\ie-spyad_zo 2007-12-04 12:49:01 0 d-------- C:\Program Files\SpywareBlaster 2007-12-04 09:15:11 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-04 09:01:25 0 d-------- C:\WINDOWS\LastGood -- Find3M Report --------------------------------------------------------------- 2007-12-04 10:33:31 0 d-------- C:\Program Files\WebDrive 2007-12-04 10:32:26 0 d-------- C:\Program Files\SMART Board Software 2007-12-04 10:28:25 0 d-------- C:\Program Files\QuickTime 2007-12-04 10:27:44 0 d-------- C:\Program Files\orange3 2007-12-04 10:24:48 0 d-------- C:\Program Files\Messenger 2007-12-04 10:19:32 0 d-------- C:\Program Files\iTunes 2007-12-04 10:17:33 0 d-------- C:\Program Files\Google 2007-12-04 09:01:24 0 d-------- C:\Program Files\McAfee 2007-12-03 22:04:00 12 --a------ C:\WINDOWS\bthservsdp.dat 2007-11-29 20:04:26 0 d-------- C:\Documents and Settings\Michael\Application Data\AdobeUM 2007-11-15 19:18:29 0 d-------- C:\Program Files\Common Files\McAfee 2007-10-14 18:55:21 0 d-------- C:\Program Files\Java -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}] 19/09/2007 06:15 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SM1BG"="C:\WINDOWS\SM1BG.EXE" [28/08/2003 04:20] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/09/2002 04:42] "@"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [17/03/2004 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Cmaudio"="cmicnfg.cpl" [] "Dit"="Dit.exe" [02/04/2004 12:31 C:\WINDOWS\Dit.exe] "AGRSMMSG"="AGRSMMSG.exe" [04/03/2005 11:01 C:\WINDOWS\AGRSMMSG.exe] "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [10/10/2003 12:25] "CHotkey"="mHotkey.exe" [24/02/2004 13:05 C:\WINDOWS\mHotkey.exe] "ledpointer"="CNYHKey.exe" [03/02/2004 16:15 C:\WINDOWS\CNYHKey.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29/10/2004 16:50] "nwiz"="nwiz.exe" [29/10/2004 16:50 C:\WINDOWS\system32\nwiz.exe] "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [09/11/2004 05:14] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [04/04/2002 20:03] "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [04/04/2002 20:01] "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [04/04/2002 20:04] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [11/04/2002 04:19] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38] "Nokia Tray Application"="C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [03/01/2003 15:45] "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 12:00 C:\WINDOWS\system32\bthprops.cpl] "WebDriveTray"="C:\Program Files\WebDrive\webdrive.exe" [14/03/2003 10:53] "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [16/01/2007 13:59] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 11:22] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [16/02/2007 09:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [14/03/2007 18:05] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [26/07/2004 18:14] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [29/07/2007 14:52] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 20:05] C:\Documents and Settings\Michael\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 18:16:50] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79a1e0ee-3313-11d9-b8ef-806d6172696f}] AutoRun\command- E:\MSWORKS\autorun.exe -- End of Deckard's System Scanner: finished at 2007-12-04 13:31:00 ------------ Panda Active Scan Report Incident Status Location Adware:adware/cws Not disinfected C:\Documents and Settings\Michael\Favorites\Health Adware:adware/ist.istbar Not disinfected Windows Registry Dialer:dialer.min Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF} Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@112.2o7[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@247realmedia[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@ad.yieldmanager[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@adrevolver[2].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@adtech[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@advertising[1].txt Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@adviva[2].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@anm.co[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@atdmt[2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@bluestreak[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@bs.serving-sys[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@casalemedia[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@cgi-bin[3].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@citi.bridgetrack[1].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@counter.hitslink[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@fastclick[1].txt Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@fortunecity[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@media.adrevolver[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@mediaplex[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@questionmarket[1].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@revenue[2].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@searchportal.information[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@serving-sys[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@statse.webtrendslive[2].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@tradedoubler[1].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@www.myaffiliateprogram[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@xiti[1].txt Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Joanna\Cookies\joanna@xmts[2].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Cookies\michael@112.2o7[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Michael\Cookies\michael@247realmedia[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael\Cookies\michael@ad.yieldmanager[2].txt Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adopt.hbmediapro[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adrevolver[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Michael\Cookies\michael@ads.pointroll[2].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adtech[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\Cookies\michael@advertising[2].txt Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adviva[2].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Michael\Cookies\michael@anm.co[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Michael\Cookies\michael@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michael\Cookies\michael@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Cookies\michael@atwola[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Michael\Cookies\michael@bluestreak[1].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Michael\Cookies\michael@bravenet[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Michael\Cookies\michael@bs.serving-sys[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michael\Cookies\michael@casalemedia[1].txt Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Michael\Cookies\michael@cdfreaks[2].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Michael\Cookies\michael@citi.bridgetrack[1].txt Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Michael\Cookies\michael@club.cdfreaks[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Michael\Cookies\michael@com[2].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Michael\Cookies\michael@counter.hitslink[2].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Michael\Cookies\michael@did-it[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michael\Cookies\michael@doubleclick[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Michael\Cookies\michael@drivecleaner[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Michael\Cookies\michael@fastclick[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Michael\Cookies\michael@go[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michael\Cookies\michael@media.adrevolver[3].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Michael\Cookies\michael@mediaplex[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Cookies\michael@overture[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Cookies\michael@perf.overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Michael\Cookies\michael@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Michael\Cookies\michael@realmedia[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Michael\Cookies\michael@searchportal.information[1].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Cookies\michael@server.iad.liveperson[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Michael\Cookies\michael@serving-sys[1].txt Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Michael\Cookies\michael@spylog[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Michael\Cookies\michael@statcounter[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Michael\Cookies\michael@stats.drivecleaner[2].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Michael\Cookies\michael@statse.webtrendslive[1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Michael\Cookies\michael@tradedoubler[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michael\Cookies\michael@tribalfusion[2].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Michael\Cookies\michael@weborama[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Michael\Cookies\michael@www3.addfreestats[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Michael\Cookies\michael@www6.addfreestats[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Michael\Cookies\michael@xiti[1].txt Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Michael\Cookies\michael@xmts[2].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@adtech[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@advertising[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@advertising[2].txt Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@adviva[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@atdmt[2].txt Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@bfast[2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@bluestreak[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@bluestreak[3].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@casalemedia[1].txt Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@centrport[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@cgi-bin[3].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@fastclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Michael\My Documents\work\Old Work My Docs Backup\in7842\Cookies\in7842@mediaplex[1].txt |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
12-07-2007, 08:49 AM
|
#2 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,646
OS: xp
|
Re: Google misdirection to adware/spyware sites
Welcome to the forum Beretta
Post a couple example urls from the google redirects please. Download then install AVG Anti-Rootkit Free http://free.grisoft.com/doc/39798/lng/us/tpl/v5e fallow the prompts to restart your pc then run the program and do an indepth search, when its finished If any items are found press save results and post it in your next reply. |
|
|
|
|
12-11-2007, 02:01 PM
|
#3 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 6
OS: XP SP2
|
Re: Google misdirection to adware/spyware sites
I've done a few dozen searches over the last couple of days but the redirects are not happening now - though to my knowledge I've done nothing to rectify anything awry on my system. The AVG Anti-Rootkit also found nothing out of order. Am I off the hook or is there something further I should do!?
|
|
|
|
|
12-11-2007, 04:29 PM
|
#4 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,646
OS: xp
|
Re: Google misdirection to adware/spyware sites
Lets get one more opinion
http://www.kaspersky.com/virusscanner Click scan settings and place a check next to use [x]extended database etc etc. Click ok. Then choose: my computer: scan all your hard drives and mapped disks. when finished click save as text and post that in your reply. Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component |
|
|
|
|
12-13-2007, 02:37 PM
|
#5 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 6
OS: XP SP2
|
Re: Google misdirection to adware/spyware sites
Here's the report - assuming the locked objects are not hiding something it looks promising. What do you think?
Best regards, Mike ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, December 13, 2007 9:36:13 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 13/12/2007 Kaspersky Anti-Virus database records: 481736 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 144680 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 02:00:28 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{5E26FD4C-0A31-465C-AF61-8B2F5E615CBC}.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRB.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Michael\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped C:\Documents and Settings\Michael\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped C:\Documents and Settings\Michael\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012007121320071214\index.dat Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Temp\fb_348.lck Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Temp\Perflib_Perfdata_c4c.dat Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Temp\sqlite_1UXXz3bL0RAs6r4 Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Temp\sqlite_oEcuZwO4KJooFpj Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Temp\~DF477E.tmp Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Temp\~DF721E.tmp Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp Object is locked skipped C:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Michael\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\SMART Board Software\SMARTBoardService.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{179001E5-6952-451B-A2F3-CCACA9C8CC55}\RP576\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\mcmsc_8wH5boJnN9GD8T2 Object is locked skipped C:\WINDOWS\Temp\mcmsc_TMGeVn1UlnGuv5R Object is locked skipped C:\WINDOWS\Temp\mcmsc_wj35pEZk8bf6mAm Object is locked skipped C:\WINDOWS\Temp\sqlite_6kz7wSGxBSbGAUm Object is locked skipped C:\WINDOWS\Temp\sqlite_kpEPzIbgJXsYCFD Object is locked skipped C:\WINDOWS\Temp\sqlite_xuSlkujeDJFz2VG Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. |
|
|
|
|
12-13-2007, 02:53 PM
|
#6 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,646
OS: xp
|
Re: Google misdirection to adware/spyware sites
Looks good Beretta
Think Prevention: Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm How To Download and Extract the HOSTS file: http://www.mvps.org/winhelp2002/hosts2.htm Repeat that proccess about once or twice a month PC Safety and Security--What Do I Need? To help avoid reinfection see "So how did I get infected in the first place?" http://castlecops.com/postlite7736-.html |
|
|
|
| Thread Tools | |
|
|
