Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page MagicControl.agent is the DEVIL....How do I get rid of it???
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 03-05-2006, 05:09 PM   #1 (permalink)
Registered User
 
lyricallawgirl's Avatar
 
Join Date: Mar 2006
Location: OC, California
Posts: 38
OS: Win XP Home


Send a message via Yahoo to lyricallawgirl
MagicControl.agent is the DEVIL....How do I get rid of it???
Ok...so I will post my hijack this log here and see if any of you can help me get rid of this thing...I've seen other posts, but not having luck on my WinXP Home Edition Dell Laptop....can anyone help me...the only thing that finds this strain is SpyBot and it never gets rid of it...and they are no help there either...thanks!

**** Run Keys ****

RUN: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
RUN: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
RUN: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
RUN: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
RUN: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
RUN: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RUN: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
RUN: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
RUN: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
RUN: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
RUN: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
RUN: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
BHO: [] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [DriveLetterAccess] C:\WINDOWS\system32\dla\tfswshx.dll
BHO: [CNisExtBho Class] C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
BHO: [CNavExtBho Class] C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll


**** IE Toolbars ****

TOOLBAR: [Web assistant] C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
TOOLBAR: [Norton AntiVirus] C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll


**** IE Extensions ****

IEExt: []
IEExt: [Real.com]
IEExt: [MUSICMATCH MX Web Player]
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 www.doubleclick.net
HOSTS: 127.0.0.1 ad.preferances.com
HOSTS: 127.0.0.1 ad.doubleclick.com
HOSTS: 127.0.0.1 ads.web.aol.com
HOSTS: 127.0.0.1 ad.doubleclick.net
HOSTS: 127.0.0.1 ad.preferences.com
HOSTS: 127.0.0.1 ad.washingtonpost.com
HOSTS: 127.0.0.1 adpick.switchboard.com
HOSTS: 127.0.0.1 ads.doubleclick.com
HOSTS: 127.0.0.1 ads.infospace.com
HOSTS: 127.0.0.1 ads.msn.com
HOSTS: 127.0.0.1 ads.switchboard.com
HOSTS: 127.0.0.1 ads.enliven.com
HOSTS: 127.0.0.1 oz.valueclick.com
HOSTS: 127.0.0.1 doubleclick.net
HOSTS: 127.0.0.1 ads.doubleclick.net
HOSTS: 127.0.0.1 ad2.doubleclick.net
HOSTS: 127.0.0.1 ad3.doubleclick.net
HOSTS: 127.0.0.1 ad4.doubleclick.net
HOSTS: 127.0.0.1 ad5.doubleclick.net
HOSTS: 127.0.0.1 ad6.doubleclick.net
HOSTS: 127.0.0.1 ad7.doubleclick.net
HOSTS: 127.0.0.1 ad8.doubleclick.net
HOSTS: 127.0.0.1 ad9.doubleclick.net
HOSTS: 127.0.0.1 ad10.doubleclick.net
HOSTS: 127.0.0.1 ad11.doubleclick.net
HOSTS: 127.0.0.1 ad12.doubleclick.net
HOSTS: 127.0.0.1 ad13.doubleclick.net
HOSTS: 127.0.0.1 ad14.doubleclick.net
HOSTS: 127.0.0.1 ad15.doubleclick.net
HOSTS: 127.0.0.1 ad16.doubleclick.net
HOSTS: 127.0.0.1 ad17.doubleclick.net
HOSTS: 127.0.0.1 ad18.doubleclick.net
HOSTS: 127.0.0.1 ad19.doubleclick.net
HOSTS: 127.0.0.1 ad20.doubleclick.net
HOSTS: 127.0.0.1 ad.ch.doubleclick.net
HOSTS: 127.0.0.1 ad.linkexchange.com
HOSTS: 127.0.0.1 banner.linkexchange.com
HOSTS: 127.0.0.1 ads*.focalink.com
HOSTS: 127.0.0.1 ads.imdb.com
HOSTS: 127.0.0.1 commonwealth.riddler.com
HOSTS: 127.0.0.1 globaltrak.net
HOSTS: 127.0.0.1 nrsite.com
HOSTS: 127.0.0.1 www.nrsite.com
HOSTS: 127.0.0.1 ad-up.com
HOSTS: 127.0.0.1 ad.adsmart.net
HOSTS: 127.0.0.1 ad.atlas.cz
HOSTS: 127.0.0.1 ad.blm.net
HOSTS: 127.0.0.1 ad.dogpile.com
HOSTS: 127.0.0.1 ad.infoseek.com
HOSTS: 127.0.0.1 ad.net-service.de
HOSTS: 127.0.0.1 ad.preferences.com
HOSTS: 127.0.0.1 ad.vol.at
HOSTS: 127.0.0.1 adbot.com
HOSTS: 127.0.0.1 adbureau.net
HOSTS: 127.0.0.1 adcount.hollywood.com
HOSTS: 127.0.0.1 add.yaho.com
HOSTS: 127.0.0.1 adex3.flycast.com
HOSTS: 127.0.0.1 adforce.adtech.de
HOSTS: 127.0.0.1 adforce.imgis.com
HOSTS: 127.0.0.1 adimage.blm.net
HOSTS: 127.0.0.1 adlink.deh.de
HOSTS: 127.0.0.1 ads.criticalmass.com
HOSTS: 127.0.0.1 ads.csi.emcweb.com
HOSTS: 127.0.0.1 ads.filez.com
HOSTS: 127.0.0.1 ads.imagine-inc.com
HOSTS: 127.0.0.1 ads.imdb.com
HOSTS: 127.0.0.1 ads.infospace.com
HOSTS: 127.0.0.1 ads.jwtt3.com
HOSTS: 127.0.0.1 ads.mirrormedia.co.uk
HOSTS: 127.0.0.1 ads.msn.com
HOSTS: 127.0.0.1 ads.narrowline.com
HOSTS: 127.0.0.1 ads.newcitynet.com
HOSTS: 127.0.0.1 ads.realcities.com
HOSTS: 127.0.0.1 ads.realmedia.com
HOSTS: 127.0.0.1 ads.switchboard.com
HOSTS: 127.0.0.1 ads.tripod.com
HOSTS: 127.0.0.1 ads.usatoday.com
HOSTS: 127.0.0.1 ads.washingtonpost.com
HOSTS: 127.0.0.1 ads.web.de
HOSTS: 127.0.0.1 ads.web21.com
HOSTS: 127.0.0.1 adserv.newcentury.net
HOSTS: 127.0.0.1 adservant.guj.de
HOSTS: 127.0.0.1 adservant.mediapoint.de
HOSTS: 127.0.0.1 adserver-espnet.sportszone.com
HOSTS: 127.0.0.1 advert.heise.de
HOSTS: 127.0.0.1 banners.internetextra.com
HOSTS: 127.0.0.1 bannerswap.com
HOSTS: 127.0.0.1 dino.mainz.ibm.de
HOSTS: 127.0.0.1 ganges.imagine-inc.com
HOSTS: 127.0.0.1 globaltrack.com
HOSTS: 127.0.0.1 207-87-18-203.wsmg.digex.net
HOSTS: 127.0.0.1 garden.ngadcenter.net
HOSTS: 127.0.0.1 ogilvy.ngadcenter.net
HOSTS: 127.0.0.1 responsemedia-ad.flycast.com
HOSTS: 127.0.0.1 suissa-ad.flycast.com
HOSTS: 127.0.0.1 ugo.eu-adcenter.net
HOSTS: 127.0.0.1 vnu.eu-adcenter.net
HOSTS: 127.0.0.1 ad-adex3.flycast.com
HOSTS: 127.0.0.1 ad.adsmart.net
HOSTS: 127.0.0.1 ad.de.doubleclick.net
HOSTS: 127.0.0.1 ad.fr.doubleclick.net
HOSTS: 127.0.0.1 ad.jp.doubleclick.net
HOSTS: 127.0.0.1 ad.linkexchange.com
HOSTS: 127.0.0.1 ad.linksynergy.com
HOSTS: 127.0.0.1 ad.nl.doubleclick.net
HOSTS: 127.0.0.1 ad.no.doubleclick.net
HOSTS: 127.0.0.1 ad.sma.punto.net
HOSTS: 127.0.0.1 ad.webprovider.com
HOSTS: 127.0.0.1 ad08.focalink.com
HOSTS: 127.0.0.1 adcontroller.unicast.com
HOSTS: 127.0.0.1 adcreatives.imaginemedia.com
HOSTS: 127.0.0.1 adforce.ads.imgis.com
HOSTS: 127.0.0.1 adforce.imgis.com
HOSTS: 127.0.0.1 adfu.blockstackers.com
HOSTS: 127.0.0.1 adimages.earthweb.com
HOSTS: 127.0.0.1 adimg.egroups.com
HOSTS: 127.0.0.1 admedia.xoom.com
HOSTS: 127.0.0.1 adremote.pathfinder.com
HOSTS: 127.0.0.1 ads.admaximize.com
HOSTS: 127.0.0.1 ads.bfast.com
HOSTS: 127.0.0.1 ads.clickhouse.com
HOSTS: 127.0.0.1 ads.fairfax.com.au
HOSTS: 127.0.0.1 ads.fool.com
HOSTS: 127.0.0.1 ads.freshmeat.net
HOSTS: 127.0.0.1 ads.hollywood.com
HOSTS: 127.0.0.1 ads.i33.com
HOSTS: 127.0.0.1 ads.infi.net
HOSTS: 127.0.0.1 ads.link4ads.com
HOSTS: 127.0.0.1 ads.lycos.com
HOSTS: 127.0.0.1 ads.madison.com
HOSTS: 127.0.0.1 ads.mediaodyssey.com
HOSTS: 127.0.0.1 ads.msn.com
HOSTS: 127.0.0.1 ads.ninemsn.com.au
HOSTS: 127.0.0.1 ads.seattletimes.com
HOSTS: 127.0.0.1 ads.smartclicks.com
HOSTS: 127.0.0.1 ads.smartclicks.net
HOSTS: 127.0.0.1 ads.sptimes.com
HOSTS: 127.0.0.1 ads.web.aol.com
HOSTS: 127.0.0.1 ads.xtra.co.nz
HOSTS: 127.0.0.1 ads.zdnet.com
HOSTS: 127.0.0.1 ads01.focalink.com
HOSTS: 127.0.0.1 ads02.focalink.com
HOSTS: 127.0.0.1 ads03.focalink.com
HOSTS: 127.0.0.1 ads04.focalink.com
HOSTS: 127.0.0.1 ads05.focalink.com
HOSTS: 127.0.0.1 ads06.focalink.com
HOSTS: 127.0.0.1 ads08.focalink.com
HOSTS: 127.0.0.1 ads09.focalink.com
HOSTS: 127.0.0.1 ads1.activeagent.at
HOSTS: 127.0.0.1 ads10.focalink.com
HOSTS: 127.0.0.1 ads11.focalink.com
HOSTS: 127.0.0.1 ads12.focalink.com
HOSTS: 127.0.0.1 ads14.focalink.com
HOSTS: 127.0.0.1 ads16.focalink.com
HOSTS: 127.0.0.1 ads17.focalink.com
HOSTS: 127.0.0.1 ads18.focalink.com
HOSTS: 127.0.0.1 ads19.focalink.com
HOSTS: 127.0.0.1 ads2.zdnet.com
HOSTS: 127.0.0.1 ads20.focalink.com
HOSTS: 127.0.0.1 ads21.focalink.com
HOSTS: 127.0.0.1 ads22.focalink.com
HOSTS: 127.0.0.1 ads23.focalink.com
HOSTS: 127.0.0.1 ads24.focalink.com
HOSTS: 127.0.0.1 ads25.focalink.com
HOSTS: 127.0.0.1 ads3.zdnet.com
HOSTS: 127.0.0.1 ads5.gamecity.net
HOSTS: 127.0.0.1 adserv.iafrica.com
HOSTS: 127.0.0.1 adserv.quality-channel.de
HOSTS: 127.0.0.1 adserver.dbusiness.com
HOSTS: 127.0.0.1 adserver.garden.com
HOSTS: 127.0.0.1 adserver.janes.com
HOSTS: 127.0.0.1 adserver.merc.com
HOSTS: 127.0.0.1 adserver.monster.com
HOSTS: 127.0.0.1 adserver.track-star.com
HOSTS: 127.0.0.1 adserver1.ogilvy-interactive.de
HOSTS: 127.0.0.1 adtegrity.spinbox.net
HOSTS: 127.0.0.1 antfarm-ad.flycast.com
HOSTS: 127.0.0.1 au.ads.link4ads.com
HOSTS: 127.0.0.1 banner.media-system.de
HOSTS: 127.0.0.1 banner.orb.net
HOSTS: 127.0.0.1 banner.relcom.ru
HOSTS: 127.0.0.1 banners.easydns.com
HOSTS: 127.0.0.1 banners.looksmart.com
HOSTS: 127.0.0.1 banners.wunderground.com
HOSTS: 127.0.0.1 barnesandnoble.bfast.com
HOSTS: 127.0.0.1 beseenad.looksmart.com
HOSTS: 127.0.0.1 bizad.nikkeibp.co.jp
HOSTS: 127.0.0.1 bn.bfast.com
HOSTS: 127.0.0.1 c3.xxxcounter.com
HOSTS: 127.0.0.1 califia.imaginemedia.com
HOSTS: 127.0.0.1 cds.mediaplex.com
HOSTS: 127.0.0.1 click.avenuea.com
HOSTS: 127.0.0.1 click.go2net.com
HOSTS: 127.0.0.1 click.linksynergy.com
HOSTS: 127.0.0.1 cookies.cmpnet.com
HOSTS: 127.0.0.1 cornflakes.pathfinder.com
HOSTS: 127.0.0.1 counter.hitbox.com
HOSTS: 127.0.0.1 crux.songline.com
HOSTS: 127.0.0.1 erie.smartage.com
HOSTS: 127.0.0.1 etad.telegraph.co.uk
HOSTS: 127.0.0.1 fp.valueclick.com
HOSTS: 127.0.0.1 gadgeteer.pdamart.com
HOSTS: 127.0.0.1 gm.preferences.com
HOSTS: 127.0.0.1 gp.dejanews.com
HOSTS: 127.0.0.1 hg1.hitbox.com
HOSTS: 127.0.0.1 image.click2net.com
HOSTS: 127.0.0.1 image.eimg.com
HOSTS: 127.0.0.1 images2.nytimes.com
HOSTS: 127.0.0.1 jobkeys.ngadcenter.net
HOSTS: 127.0.0.1 kansas.valueclick.com
HOSTS: 127.0.0.1 liquidad.narrowcastmedia.com
HOSTS: 127.0.0.1 macaddictads.snv.futurenet.com
HOSTS: 127.0.0.1 maximumpcads.imaginemedia.com
HOSTS: 127.0.0.1 media.preferences.com
HOSTS: 127.0.0.1 mercury.rmuk.co.uk
HOSTS: 127.0.0.1 mojofarm.sjc.mediaplex.com
HOSTS: 127.0.0.1 nbc.adbureau.net
HOSTS: 127.0.0.1 newads.cmpnet.com
HOSTS: 127.0.0.1 ng3.ads.warnerbros.com
HOSTS: 127.0.0.1 ngads.smartage.com
HOSTS: 127.0.0.1 nsads.hotwired.com
HOSTS: 127.0.0.1 ntbanner.digitalriver.com
HOSTS: 127.0.0.1 ph-ad05.focalink.com
HOSTS: 127.0.0.1 ph-ad07.focalink.com
HOSTS: 127.0.0.1 ph-ad16.focalink.com
HOSTS: 127.0.0.1 ph-ad17.focalink.com
HOSTS: 127.0.0.1 ph-ad18.focalink.com
HOSTS: 127.0.0.1 realads.realmedia.com
HOSTS: 127.0.0.1 redherring.ngadcenter.net
HOSTS: 127.0.0.1 redirect.click2net.com
HOSTS: 127.0.0.1 retaildirect.realmedia.com
HOSTS: 127.0.0.1 s2.focalink.com
HOSTS: 127.0.0.1 sh4sure-images.adbureau.net
HOSTS: 127.0.0.1 spin.spinbox.net
HOSTS: 127.0.0.1 static.admaximize.com
HOSTS: 127.0.0.1 stats.superstats.com
HOSTS: 127.0.0.1 sview.avenuea.com
HOSTS: 127.0.0.1 thinknyc.eu-adcenter.net
HOSTS: 127.0.0.1 tracker.clicktrade.com
HOSTS: 127.0.0.1 tsms-ad.tsms.com
HOSTS: 127.0.0.1 v0.extreme-dm.com
HOSTS: 127.0.0.1 v1.extreme-dm.com
HOSTS: 127.0.0.1 van.ads.link4ads.com
HOSTS: 127.0.0.1 view.accendo.com
HOSTS: 127.0.0.1 view.avenuea.com
HOSTS: 127.0.0.1 w113.hitbox.com
HOSTS: 127.0.0.1 w25.hitbox.com
HOSTS: 127.0.0.1 web2.deja.com
HOSTS: 127.0.0.1 webads.bizservers.com
HOSTS: 127.0.0.1 www.postmasterbannernet.com
HOSTS: 127.0.0.1 www.ad-up.com
HOSTS: 127.0.0.1 www.admex.com
HOSTS: 127.0.0.1 www.alladvantage.com
HOSTS: 127.0.0.1 www.burstnet.com
HOSTS: 127.0.0.1 www.commission-junction.com
HOSTS: 127.0.0.1 www.eads.com
HOSTS: 127.0.0.1 www.freestats.com
HOSTS: 127.0.0.1 www.imaginemedia.com
HOSTS: 127.0.0.1 www.netdirect.nl
HOSTS: 127.0.0.1 www.oneandonlynetwork.com
HOSTS: 127.0.0.1 www.targetshop.com
HOSTS: 127.0.0.1 www.teknosurf2.com
HOSTS: 127.0.0.1 www.teknosurf3.com
HOSTS: 127.0.0.1 www.valueclick.com
HOSTS: 127.0.0.1 www.websitefinancing.com
HOSTS: 127.0.0.1 www2.burstnet.com
HOSTS: 127.0.0.1 www4.trix.net
HOSTS: 127.0.0.1 www80.valueclick.com
HOSTS: 127.0.0.1 z.extreme-dm.com
HOSTS: 127.0.0.1 z0.extreme-dm.com
HOSTS: 127.0.0.1 z1.extreme-dm.com
HOSTS: 127.0.0.1 ads.forbes.net
HOSTS: 127.0.0.1 ads.newcity.com
HOSTS: 127.0.0.1 ads.ign.com
HOSTS: 127.0.0.1 adserver.ign.com
HOSTS: 127.0.0.1 ads.scifi.com
HOSTS: 127.0.0.1 adengine.theglobe.com
HOSTS: 127.0.0.1 ads.tucows.com
HOSTS: 127.0.0.1 adcontent.gamespy.com
HOSTS: 127.0.0.1 ads4.advance.net
HOSTS: 127.0.0.1 ads1.advance.net
HOSTS: 127.0.0.1 eur.yimg.com
HOSTS: 127.0.0.1 us.a1.yimg.com
HOSTS: 127.0.0.1 ad.harmony-central.com
HOSTS: 127.0.0.1 sg.yimg.com
HOSTS: 127.0.0.1 adverity.adverity.com
HOSTS: 127.0.0.1 ads.bloomberg.com
HOSTS: 127.0.0.1 mojofarm.mediaplex.com
HOSTS: 127.0.0.1 ads.mysimon.com
HOSTS: 127.0.0.1 ad.img.yahoo.co.kr
HOSTS: 127.0.0.1 adimages.go.com
HOSTS: 127.0.0.1 kr-adimage.lycos.co.kr
HOSTS: 127.0.0.1 ad.kimo.com.tw
HOSTS: 127.0.0.1 ads.paxnet.co.kr
HOSTS: 127.0.0.1 ads.paxnet.com
HOSTS: 127.0.0.1 ads.eu.msn.com
HOSTS: 127.0.0.1 ads.admonitor.net
HOSTS: 127.0.0.1 wwa.hitbox.com
HOSTS: 127.0.0.1 ads.nytimes.com
HOSTS: 127.0.0.1 ads.erotism.com
HOSTS: 127.0.0.1 banner.rootsweb.com
HOSTS: 127.0.0.1 ads.ole.com
HOSTS: 127.0.0.1 adimg1.chosun.com
HOSTS: 127.0.0.1 ss.mtree.com
HOSTS: 127.0.0.1 adpulse.ads.targetnet.com
HOSTS: 127.0.0.1 adserver.ugo.com
HOSTS: 127.0.0.1 ad.sales.olympics.com
HOSTS: 127.0.0.1 ph-ad21.focalink.com
HOSTS: 127.0.0.1 www.datais.com
HOSTS: 127.0.0.1 oas.mmd.ch
HOSTS: 127.0.0.1 pub-g.ifrance.com
HOSTS: 127.0.0.1 ads.bianca.com
HOSTS: 127.0.0.1 wap.adlink.de
HOSTS: 127.0.0.1 click.adlink.de
HOSTS: 127.0.0.1 banner.adlink.de
HOSTS: 127.0.0.1 hurricane.adlink.de
HOSTS: 127.0.0.1 west.adlink.de
HOSTS: 127.0.0.1 scand.adlink.de
HOSTS: 127.0.0.1 regio.adlink.de
HOSTS: 127.0.0.1 direct.adlink.de
HOSTS: 127.0.0.1 classic.adlink.de
HOSTS: 127.0.0.1 adlui001.adlink.de
HOSTS: 127.0.0.1 banner1.adlink.de
HOSTS: 127.0.0.1 click.mp3.com
HOSTS: 127.0.0.1 adcodes.bla-bla.com
HOSTS: 127.0.0.1 icover.realmedia.com
HOSTS: 127.0.0.1 ca.fp.sandpiper.net
HOSTS: 127.0.0.1 adfarm.mediaplex.com
HOSTS: 127.0.0.1 ads.tmcs.net
HOSTS: 127.0.0.1 amedia.techies.com
HOSTS: 127.0.0.1 www.exchange-it.com
HOSTS: 127.0.0.1 www.ad.tomshardware.com
HOSTS: 127.0.0.1 ad.tomshardware.com
HOSTS: 127.0.0.1 ads.currantbun.com
HOSTS: 127.0.0.1 phoenix-adrunner.mycomputer.com
HOSTS: 127.0.0.1 ads15.focalink.com
HOSTS: 127.0.0.1 ads13.focalink.com
HOSTS: 127.0.0.1 adserver.colleges.com
HOSTS: 127.0.0.1 ads.nwsource.com
HOSTS: 127.0.0.1 ads.guardianunlimited.co.uk
HOSTS: 127.0.0.1 ads.newsint.co.uk
HOSTS: 127.0.0.1 ads.starnews.com
HOSTS: 127.0.0.1 www.linksynergy.com
HOSTS: 127.0.0.1 ieee-images.adbureau.net
HOSTS: 127.0.0.1 connect.247media.ads.link4ads.com
HOSTS: 127.0.0.1 ads.newsdigital.net
HOSTS: 127.0.0.1 arc5.msn.com
HOSTS: 127.0.0.1 arc4.msn.com
HOSTS: 127.0.0.1 arc3.msn.com
HOSTS: 127.0.0.1 arc2.msn.com
HOSTS: 127.0.0.1 arc1.msn.com
HOSTS: 127.0.0.1 ads.discovery.com
HOSTS: 127.0.0.1 im.800.com
HOSTS: 127.0.0.1 img.cmpnet.com
HOSTS: 127.0.0.1 ad7.internetadserver.com
HOSTS: 127.0.0.1 ads.dai.net
HOSTS: 127.0.0.1 ads.cbc.ca
HOSTS: 127.0.0.1 www75.valueclick.com
HOSTS: 127.0.0.1 ads.clearbluemedia.com
HOSTS: 127.0.0.1 ti.click2net.com
HOSTS: 127.0.0.1 www.onresponse.com
HOSTS: 127.0.0.1 ads.list-universe.com
HOSTS: 127.0.0.1 advert.bayarea.com
HOSTS: 127.0.0.1 www3.pagecount.com
HOSTS: 127.0.0.1 www.netsponsors.com
HOSTS: 127.0.0.1 adthru.com
HOSTS: 127.0.0.1 ads.newtimes.com
HOSTS: 127.0.0.1 ads.ugo.com
HOSTS: 127.0.0.1 ads.belointeractive.com
HOSTS: 127.0.0.1 wwb.hitbox.com
HOSTS: 127.0.0.1 comtrack.comclick.com
HOSTS: 127.0.0.1 www.24pm-affiliation.com
HOSTS: 127.0.0.1 www.click-fr.com
HOSTS: 127.0.0.1 www.cibleclick.com
HOSTS: 127.0.0.1 reply.mediatris.net
HOSTS: 127.0.0.1 cgi.declicnet.com
HOSTS: 127.0.0.1 pubs.mgn.net
HOSTS: 127.0.0.1 ads.mcafee.com
HOSTS: 127.0.0.1 ads1.ad-flow.com
HOSTS: 127.0.0.1 ad.be.doubleclick.net
HOSTS: 127.0.0.1 ad.adtraq.com
HOSTS: 127.0.0.1 ad.sg.doubleclick.net
HOSTS: 127.0.0.1 adpop.theglobe.com
HOSTS: 127.0.0.1 ads.adflight.com
HOSTS: 127.0.0.1 ads.detelefoongids.nl
HOSTS: 127.0.0.1 ads.ecircles.com
HOSTS: 127.0.0.1 ads.god.co.uk
HOSTS: 127.0.0.1 ads.hyperbanner.net
HOSTS: 127.0.0.1 ads.jpost.com
HOSTS: 127.0.0.1 ads.netmechanic.com
HOSTS: 127.0.0.1 ads.webcash.nl
HOSTS: 127.0.0.1 adserver.netcast.nl
HOSTS: 127.0.0.1 adserver.webads.com
HOSTS: 127.0.0.1 adserver.webads.nl
HOSTS: 127.0.0.1 adserver1.realtracker.com
HOSTS: 127.0.0.1 adserver2.realtracker.com
HOSTS: 127.0.0.1 adserver3.realtracker.com
HOSTS: 127.0.0.1 delivery1.ads.telegraaf.nl
HOSTS: 127.0.0.1 holland.hyperbanner.net
HOSTS: 127.0.0.1 images.webads.nl
HOSTS: 127.0.0.1 sc.clicksupply.com
HOSTS: 127.0.0.1 service.bfast.com
HOSTS: 127.0.0.1 www.ad4ex.com
HOSTS: 127.0.0.1 www.bannercampaign.com
HOSTS: 127.0.0.1 www.cyberbounty.com
HOSTS: 127.0.0.1 www.netvertising.be
HOSTS: 127.0.0.1 www.speedyclick.com
HOSTS: 127.0.0.1 www.webads.nl
HOSTS: 127.0.0.1 ads.snowball.com
HOSTS: 127.0.0.1 ads.amazingmedia.com
HOSTS: 127.0.0.1 www10.valueclick.com
HOSTS: 127.0.0.1 js1.hitbox.com
HOSTS: 127.0.0.1 rd1.hitbox.com
HOSTS: 127.0.0.1 mt37.mtree.com
HOSTS: 127.0.0.1 ads.gameanswers.com
HOSTS: 127.0.0.1 ads7.udc.advance.net
HOSTS: 127.0.0.1 www23.valueclick.com
HOSTS: 127.0.0.1 banners.nextcard.com
HOSTS: 127.0.0.1 ads.iwon.com
HOSTS: 127.0.0.1 www.qksrv.net
HOSTS: 127.0.0.1 clickserve.cc-dt.com
HOSTS: 127.0.0.1 ads-b.focalink.com
HOSTS: 127.0.0.1 ad2.peel.com
HOSTS: 127.0.0.1 ads.floridatoday.com
HOSTS: 127.0.0.1 stats.adultrevenueservice.com
HOSTS: 127.0.0.1 ads18.bpath.com
HOSTS: 127.0.0.1 ph-ad06.focalink.com
HOSTS: 127.0.0.1 global.msads.net
HOSTS: 127.0.0.1 pluto1.iserver.net
HOSTS: 127.0.0.1 ads1.intelliads.com
HOSTS: 127.0.0.1 primetime.ad.asap-asp.net
HOSTS: 127.0.0.1 ads.stileproject.com
HOSTS: 127.0.0.1 di.image.eshop.msn.com
HOSTS: 127.0.0.1 www.blissnet.net
HOSTS: 127.0.0.1 www.consumerinfo.com
HOSTS: 127.0.0.1 ads.rottentomatoes.com
HOSTS: 127.0.0.1 k5ads.osdn.com
HOSTS: 127.0.0.1 actionsplash.com
HOSTS: 127.0.0.1 campaigns.f2.com.au
HOSTS: 127.0.0.1 adserver.news.com.au
HOSTS: 127.0.0.1 servedby.advertising.com
HOSTS: 127.0.0.1 java.yahoo.com
HOSTS: 127.0.0.1 ad.howstuffworks.com
HOSTS: 127.0.0.1 ads.1for1.com
HOSTS: 127.0.0.1 images.ads.fairfax.com.au
HOSTS: 127.0.0.1 ads.devx.com
HOSTS: 127.0.0.1 utils.mediageneral.com
HOSTS: 127.0.0.1 banners.friendfinder.com
HOSTS: 127.0.0.1 adserver.matchcraft.com
HOSTS: 127.0.0.1 www.dnps.com
HOSTS: 127.0.0.1 creative.whi.co.nz
HOSTS: 127.0.0.1 rmedia.boston.com
HOSTS: 127.0.0.1 webaffiliate.covad.com
HOSTS: 127.0.0.1 ad.iwin.com
HOSTS: 127.0.0.1 www.nailitonline2.com
HOSTS: 127.0.0.1 mds.centrport.net
HOSTS: 127.0.0.1 oas.dispatch.com
HOSTS: 127.0.0.1 adserver.ads360.com
HOSTS: 127.0.0.1 banners.adultfriendfinder.com
HOSTS: 127.0.0.1 ads.as4x.tmcs.net
HOSTS: 127.0.0.1 ads.clickagents.com
HOSTS: 127.0.0.1 banners.chek.com
HOSTS: 127.0.0.1 zi.r.tv.com
HOSTS: 127.0.0.1 ph-ad19.focalink.com
HOSTS: 127.0.0.1 ads.greensboro.com
HOSTS: 127.0.0.1 ad2.adcept.net
HOSTS: 127.0.0.1 ads.colo.kiva.net
HOSTS: 127.0.0.1 adsrv.iol.co.za
HOSTS: 127.0.0.1 mjxads.internet.com
HOSTS: 127.0.0.1 adimage.asiaone.com.sg
HOSTS: 127.0.0.1 ads.vnuemedia.com
HOSTS: 127.0.0.1 affiliate.doteasy.com
HOSTS: 127.0.0.1 m.tribalfusion.com
HOSTS: 127.0.0.1 oas.lee.net
HOSTS: 127.0.0.1 www.banneroverdrive.com
HOSTS: 127.0.0.1 ad3.peel.com
HOSTS: 127.0.0.1 ad1.peel.comwww.xbn.ru
HOSTS: 127.0.0.1 adserver.snowball.com
HOSTS: 127.0.0.1 media15.fastclick.net
HOSTS: 127.0.0.1 ads5.advance.net
HOSTS: 127.0.0.1 ads3.advance.net
HOSTS: 127.0.0.1 ads2.advance.net
HOSTS: 127.0.0.1 ads.advance.net
HOSTS: 127.0.0.1 usbytecom.orbitcycle.com
HOSTS: 127.0.0.1 adbanner.sweepsclub.com
HOSTS: 127.0.0.1 oas.villagevoice.com
HOSTS: 127.0.0.1 www.ad-flow.com
HOSTS: 127.0.0.1 ads.guardian.co.uk
HOSTS: 127.0.0.1 ads.hitcents.com
HOSTS: 127.0.0.1 ads.nypost.com
HOSTS: 127.0.0.1 ads.premiumnetwork.com
HOSTS: 127.0.0.1 ads.ad-flow.com
HOSTS: 127.0.0.1 adserver.hispavista.com
HOSTS: 127.0.0.1 ads.musiccity.com
HOSTS: 127.0.0.1 banners.revenuelink.com
HOSTS: 127.0.0.1 ads1.sptimes.com
HOSTS: 127.0.0.1 adserver.bizland-inc.net
HOSTS: 127.0.0.1 ads.adtegrity.net
HOSTS: 127.0.0.1 media13.fastclick.net
HOSTS: 127.0.0.1 adserver.ukplus.co.uk
HOSTS: 127.0.0.1 ads.live365.com
HOSTS: 127.0.0.1 ads.fredericksburg.com
HOSTS: 127.0.0.1 banners.affiliatefuel.com
HOSTS: 127.0.0.1 ar.atwola.com
HOSTS: 127.0.0.1 ads.bigcitytools.com
HOSTS: 127.0.0.1 netshelter.adtrix.com
HOSTS: 127.0.0.1 y.ibsys.com
HOSTS: 127.0.0.1 adserver.nydailynews.com
HOSTS: 127.0.0.1 s0b.bluestreak.com
HOSTS: 127.0.0.1 images.scripps.com
HOSTS: 127.0.0.1 images.cybereps.com
HOSTS: 127.0.0.1 altfarm.mediaplex.com
HOSTS: 127.0.0.1 krd.realcities.com
HOSTS: 127.0.0.1 www3.bannerspace.com
HOSTS: 127.0.0.1 view.atdmt.com
HOSTS: 127.0.0.1 ads7.advance.net
HOSTS: 127.0.0.1 ad.abcnews.com
HOSTS: 127.0.0.1 ads.newsquest.co.uk
HOSTS: 127.0.0.1 secure.webconnect.net
HOSTS: 127.0.0.1 ads.nandomedia.com
HOSTS: 127.0.0.1 banners.babylon-x.com
HOSTS: 127.0.0.1 media17.fastclick.net
HOSTS: 127.0.0.1 techreview-images.adbureau.net
HOSTS: 127.0.0.1 ads.exhedra.com
HOSTS: 127.0.0.1 ad.trafficmp.com
HOSTS: 127.0.0.1 realmedia-a800.d4p.net
HOSTS: 127.0.0.1 banner.northsky.com
HOSTS: 127.0.0.1 ftp.nacorp.com
HOSTS: 127.0.0.1 www.digitalbettingcasinos.com
HOSTS: 127.0.0.1 c1.zedo.com
HOSTS: 127.0.0.1 ads4.condenet.com
HOSTS: 127.0.0.1 www.brilliantdigital.com
HOSTS: 127.0.0.1 desktop.kazaa.com
HOSTS: 127.0.0.1 shop.kazaa.com
HOSTS: 127.0.0.1 www.bonzi.com
HOSTS: 127.0.0.1 www.b3d.com
HOSTS: 127.0.0.1 neighborhood.standard.net
HOSTS: 127.0.0.1 ads.telegraph.co.uk
HOSTS: 127.0.0.1 spinbox.techtracker.com
HOSTS: 127.0.0.1 toads.osdn.com
HOSTS: 127.0.0.1 ads.themes.org
HOSTS: 127.0.0.1 adserver.trb.com
HOSTS: 127.0.0.1 banner.easyspace.com
HOSTS: 127.0.0.1 www.banner2u.com
HOSTS: 127.0.0.1 ads.thestar.com
HOSTS: 127.0.0.1 ads.digitalmedianet.com
HOSTS: 127.0.0.1 www.fineclicks.com
HOSTS: 127.0.0.1 ads.mdchoice.com
HOSTS: 127.0.0.1 ad.horvitznewspapers.net
HOSTS: 127.0.0.1 adtegrity.thruport.com
HOSTS: 127.0.0.1 a.mktw.net
HOSTS: 127.0.0.1 ads.pennyweb.com
HOSTS: 127.0.0.1 www3.ad.tomshardware.com
HOSTS: 127.0.0.1 www4.ad.tomshardware.com
HOSTS: 127.0.0.1 www6.ad.tomshardware.com
HOSTS: 127.0.0.1 www8.ad.tomshardware.com
HOSTS: 127.0.0.1 www15.ad.tomshardware.com
HOSTS: 127.0.0.1 ads.forbes.com
HOSTS: 127.0.0.1 ads.desmoinesregister.com
HOSTS: 127.0.0.1 adserver.tribuneinteractive.com
HOSTS: 127.0.0.1 bannerads.anytimenews.com
HOSTS: 127.0.0.1 ads1.condenet.com
HOSTS: 127.0.0.1 adserver.anm.co.uk
HOSTS: 127.0.0.1 zrap.zdnet.com.com
HOSTS: 127.0.0.1 bidclix.net
HOSTS: 127.0.0.1 coreg.flashtrack.net
HOSTS: 127.0.0.1 rmads.msn.com
HOSTS: 127.0.0.1 ads.icq.com
HOSTS: 127.0.0.1 cb.icq.com
HOSTS: 127.0.0.1 cf.icq.com
HOSTS: 127.0.0.1 www2.newtopsites.com
HOSTS: 127.0.0.1 images.fastclick.net
HOSTS: 127.0.0.1 adserver.securityfocus.com
HOSTS: 127.0.0.1 www.avsads.com
HOSTS: 127.0.0.1 banners.moviegoods.com
HOSTS: 127.0.0.1 ads.bitsonthewire.com
HOSTS: 127.0.0.1 ads.iambic.com
HOSTS: 127.0.0.1 sfads.osdn.com
HOSTS: 127.0.0.1 fl01.ct2.comclick.com
HOSTS: 127.0.0.1 adserver.phillyburbs.com
HOSTS: 127.0.0.1 marketing.nyi.net
HOSTS: 127.0.0.1 www.netflip.com
HOSTS: 127.0.0.1 image.imgfarm.com
HOSTS: 127.0.0.1 ads.viaarena.com
HOSTS: 127.0.0.1 phpads2.cnpapers.com
HOSTS: 127.0.0.1 ads.astalavista.us
HOSTS: 127.0.0.1 banner.coza.com
HOSTS: 127.0.0.1 adcreative.tribuneinteractive.com
HOSTS: 127.0.0.1 ads.democratandchronicle.com
HOSTS: 127.0.0.1 adlog.com.com
HOSTS: 127.0.0.1 adimg.com.com
HOSTS: 127.0.0.1 adimage.bankrate.com
HOSTS: 127.0.0.1 ads.mediadevil.com
HOSTS: 127.0.0.1 imageserv.adtech.de
HOSTS: 127.0.0.1 ad.se.doubleclick.net
HOSTS: 127.0.0.1 ads.cashsurfers.com
HOSTS: 127.0.0.1 z1.adserver.com
HOSTS: 127.0.0.1 images.bizrate.com
HOSTS: 127.0.0.1 q.pni.com
HOSTS: 127.0.0.1 ad01.mediacorpsingapore.com
HOSTS: 127.0.0.1 adimage.asia1.com.sg
HOSTS: 127.0.0.1 images.newsx.cc
HOSTS: 127.0.0.1 www.adireland.com
HOSTS: 127.0.0.1 ads.iafrica.com
HOSTS: 127.0.0.1 ads.nyi.net
HOSTS: 127.0.0.1 geoads.osdn.com
HOSTS: 127.0.0.1 www.crisscross.com
HOSTS: 127.0.0.1 netcomm.spinbox.net
HOSTS: 127.0.0.1 ads.videoaxs.com
HOSTS: 127.0.0.1 mediamgr.ugo.com
HOSTS: 127.0.0.1 adserver.pollstar.com
HOSTS: 127.0.0.1 information.gopher.com
HOSTS: 127.0.0.1 ads.adviva.net
HOSTS: 127.0.0.1 adsrv.bankrate.com
HOSTS: 127.0.0.1 a207.p.f.qz3.net
HOSTS: 127.0.0.1 ehg-bestbuy.hitbox.com
HOSTS: 127.0.0.1 ehg-intel.hitbox.com
HOSTS: 127.0.0.1 ehg-espn.hitbox.com
HOSTS: 127.0.0.1 ehg-macromedia.hitbox.com
HOSTS: 127.0.0.1 ehg-dig.hitbox.com
HOSTS: 127.0.0.1 speed.pointroll.com
HOSTS: 127.0.0.1 amch.questionmarket.com
HOSTS: 127.0.0.1 ads.gamespy.com
HOSTS: 127.0.0.1 spd.atdmt.com
HOSTS: 127.0.0.1 ads.columbian.com
HOSTS: 127.0.0.1 clickit.go2net.com
HOSTS: 127.0.0.1 vpdc.ru4.com
HOSTS: 127.0.0.1 ads.developershed.com
HOSTS: 127.0.0.1 ads.globeandmail.com
HOSTS: 127.0.0.1 ads.nerve.com
HOSTS: 127.0.0.1 ads2.condenet.com
HOSTS: 127.0.0.1 www.burstnet.com
HOSTS: 127.0.0.1 ads5.canoe.ca
HOSTS: 127.0.0.1 askmen.thruport.com
HOSTS: 127.0.0.1 adsrv2.gainesvillesun.com
HOSTS: 127.0.0.1 ads.theolympian.com
HOSTS: 127.0.0.1 ads.courierpostonline.com
HOSTS: 127.0.0.1 i.timeinc.net
HOSTS: 127.0.0.1 oasads.whitepages.com
HOSTS: 127.0.0.1 rad.msn.com
HOSTS: 127.0.0.1 serve.thisbanner.com
HOSTS: 127.0.0.1 images.trafficmp.com
HOSTS: 127.0.0.1 www.kaplanindex.com
HOSTS: 127.0.0.1 kaplanindex.com
HOSTS: 127.0.0.1 1.httpdads.com
HOSTS: 127.0.0.1 spinbox.maccentral.com
HOSTS: 127.0.0.1 akaads-abc.starwave.com
HOSTS: 127.0.0.1 webad.ajeeb.com
HOSTS: 127.0.0.1 ads.granadamedia.com
HOSTS: 127.0.0.1 oas.uniontrib.com
HOSTS: 127.0.0.1 ads.wnd.com
HOSTS: 127.0.0.1 a3.suntimes.com
HOSTS: 127.0.0.1 tmsads.tribune.com
HOSTS: 127.0.0.1 ads.peel.com
HOSTS: 127.0.0.1 ads.mh5.com
HOSTS: 127.0.0.1 ad.usatoday.com
HOSTS: 127.0.0.1 adserver.digitalpartners.com
HOSTS: 127.0.0.1 ads.mediaturf.net
HOSTS: 127.0.0.1 ads4.clearchannel.com
HOSTS: 127.0.0.1 ads.clearchannel.com
HOSTS: 127.0.0.1 ads2.clearchannel.com
HOSTS: 127.0.0.1 ads.jacksonsun.com
HOSTS: 127.0.0.1 servads.aip.org
HOSTS: 127.0.0.1 ad.au.doubleclick.net
HOSTS: 127.0.0.1 adng.ascii24.com
HOSTS: 127.0.0.1 engage.speedera.net
HOSTS: 127.0.0.1 ads.msn-ppe.com
HOSTS: 127.0.0.1 ad.openfind.com.tw
HOSTS: 127.0.0.1 adi.mainichi.co.jp
HOSTS: 127.0.0.1 ads.northjersey.com
HOSTS: 127.0.0.1 ad.moscowtimes.ru
HOSTS: 127.0.0.1 ad1.aaddzz.com
HOSTS: 127.0.0.1 ds.eyeblaster.com
HOSTS: 127.0.0.1 adserver.digitalpartners.com
HOSTS: 127.0.0.1 oas.uniontrib.com
HOSTS: 127.0.0.1 ads.statesmanjournal.com
HOSTS: 127.0.0.1 ads.statesmanjournal.com


**** IE Settings ****

Default Page: http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
Default Search: http://home.microsoft.com/search/search.asp
Local Page: C:\WINDOWS\SYSTEM32\blank.htm
Search Bar: http://home.microsoft.com/search/lobby/search.asp
Search Page: http://www.microsoft.com/isapi/redir...ie&ar=iesearch


**** IE Context Menu (Right click) ****

IEContext: [E&xport to Microsoft Excel] res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3D768A38-4284-4337-A29C-EA9BBE36AA27}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3D768A38-4284-4337-A29C-EA9BBE36AA27}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{80451B42-80D6-4573-B5B7-5A013F89686B}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{80451B42-80D6-4573-B5B7-5A013F89686B}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] DATAGRAM 2


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

{17492023-C23A-453E-A040-C7C580BBF700} [http://go.microsoft.com/fwlink/?linkid=39204] C:\WINDOWS\system32\GWFSPidGen.DLL C:\WINDOWS\Downloaded Program Files\LegitCheckControl.DLL C:\WINDOWS\system32\LegitCheckControl.DLL
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [http://security.symantec.com/sscv6/S...n/AvSniff.cab]
{4B48D5DF-9021-45F7-A240-60304302A215} [http://www.microsoft.com/security/co...ebCleaner.cab]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [http://by104fd.bay104.hotmail.msn.co.../MsnPUpld.cab]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [http://security.symantec.com/sscv6/S...bin/cabsa.cab]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [http://update.microsoft.com/microsof...1128208900160]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/products/plugin/...dows-i586.cab]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [http://messenger.msn.com/download/Ms...ownloader.cab]
{B8BE5E93-A60C-4D26-A2DC-220313175592} [http://zone.msn.com/binFramework/v10....cab32846.cab]
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [http://java.sun.com/products/plugin/...dows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/s...h/swflash.cab]
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [http://ax.phobos.apple.com.edgesuite...TDetector.cab]
{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} [http://scripts.downloadv3.com/binari...046_EN_XP.cab]
{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} [http://pdl.stream.aol.com/downloads/...mpx_en_dl.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\system32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[Ati HotKey Poller] %SystemRoot%\system32\Ati2evxx.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[Avg7Alrt] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
[Avg7UpdSvc] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
[BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
[ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
[ccProxy] "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
[ccPwdSvc] "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
[ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[Fax] %systemroot%\system32\fxssvc.exe
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[IDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
[ImapiService] C:\WINDOWS\system32\imapi.exe
[iPodService] C:\Program Files\iPod\bin\iPodService.exe
[lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs
[LexBceS] C:\WINDOWS\system32\LEXBCES.EXE
[LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\system32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[navapsvc] "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\system32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\system32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\system32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SAVScan] "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"
[SBService] C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SNDSrvc] "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4}
[Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[SymWSC] "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\system32\wdfmgr.exe
[upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WLTRYSVC] %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [CustomizeSearch]
SEARCH: [SearchAssistant]
SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\SYSTEM32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://dell.myway.com/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
IEOPT: [UseHR]
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Use FormSuggest] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [Default_Search_Url] http://home.microsoft.com/search/search.asp
IEOPT: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IEOPT: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IEOPT: [Search Bar] http://home.microsoft.com/search/lobby/search.asp
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [NscSingleExpand]
IEOPT: [NoWebJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [FavIntelliMenus] no
IEOPT: [Enable Browser Extensions] yes
IEOPT: [UseThemes]
IEOPT: [Force Offscreen Composition]
IEOPT: [AllowWindowReuse]
IEOPT: [Friendly http errors] yes
IEOPT: [ShowGoButton] yes
IEOPT: [SmoothScroll]
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Show image placeholders]
IEOPT: [Print_Background] no
IEOPT: [LastCheckedHi]
IEOPT: [StatusBarWeb]
IEOPT: [Check_Associations] yes
IEOPT: [FormSuggest Passwords] no
IEOPT: [FormSuggest PW Ask] yes
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
IEOPT: [Default_Search_URL] http://home.microsoft.com/search/search.asp
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://dell.myway.com/
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: []
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [Search Bar]
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IEOPT: [Check_Associations] yes


ANY AND ALL HELP IS GREATLY APPRECIATED....THANKS!
lyricallawgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 03-05-2006, 05:36 PM   #2 (permalink)
Analyst, Security Team
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,331
OS: Windows 98 & Windows XP Home/Pro

My System

Welcome to TSF.

Where is the HijackThis log?
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-05-2006, 08:02 PM   #3 (permalink)
Registered User
 
lyricallawgirl's Avatar
 
Join Date: Mar 2006
Location: OC, California
Posts: 38
OS: Win XP Home


Send a message via Yahoo to lyricallawgirl
Red Faced ARGH...sorry about that...
I guess I put my CW Shredder Report instead of Hijack this...here is Hijack This Report now:

Logfile of HijackThis v1.98.2
Scan saved at 7:05:44 PM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\TAMRA_~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.avginet.exe
O15 - Trusted Zone: www.blackplanet.com
O15 - Trusted Zone: http://www.blackplanet.com
O15 - Trusted Zone: www.grisoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128208900160
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binari...1046_EN_XP.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Thanks for helping out...
lyricallawgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-05-2006, 08:36 PM   #4 (permalink)
Analyst, Security Team
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,331
OS: Windows 98 & Windows XP Home/Pro

My System

Two things...one don't run HijackThis from a temp folder. Two..you have an outdated HijackThis program. Get the updated version here and run it later on...do the below first.

Download Brute Force Uninstaller http://www.merijn.org/files/bfu.zip and unzip it to it’s own folder (c:\BFU).

Right click on this link http://metallica.geekstogo.com/EGDACCESS.bfu and choose 'Save As' (or 'Save Target As) in order to download EGDACCESS Remover. Save it in the folder you made earlier (c:\BFU).

Start the Brute Force Uninstaller by double clicking BFU.exe

In the scriptline to execute copy and paste c:\bfu\EGDACCESS.bfu
Press execute and let it do its job.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Once that's done, post back a new HijackThis log.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-05-2006, 09:35 PM   #5 (permalink)
Registered User
 
lyricallawgirl's Avatar
 
Join Date: Mar 2006
Location: OC, California
Posts: 38
OS: Win XP Home


Send a message via Yahoo to lyricallawgirl
Okie Dokie...
Ok, did what you said...hope I did it right...hereis the hijack this log #2...

Logfile of HijackThis v1.99.1
Scan saved at 8:39:21 PM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Tamra_Home\Desktop\Spyware Programs Exe\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.avginet.exe
O15 - Trusted Zone: www.blackplanet.com
O15 - Trusted Zone: http://www.blackplanet.com
O15 - Trusted Zone: www.grisoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128208900160
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binari...1046_EN_XP.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
lyricallawgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-06-2006, 08:46 AM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,171
OS: 2000 Pro; XP Pro; XP Home


The BFU script does not appear to have done it's intended job. Let's try again...a slightly different way....



  1. Download and run - bfu.zip
  2. Checkmark the following boxes:
    • Use settings specified in script for the above option
    • Show log after script ends
  3. Click the Web button located on the top right corner
  4. Copy/Paste this url into the address bar of the Download script window:
    http://metallica.geekstogo.com/EGDACCESS.bfu
  5. Execute the script by clicking the Execute button.
  6. When it finishes running, click the Save button for a copy of the log
  7. Post the log created by the script when you have completed the fix

For good measure....

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - http://scripts.downloadv3.com/binari...1046_EN_XP.cab

Also, please perform this online scan:

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner
  1. Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on See report then click Save report
*Turn off the real time scanner of any existing antivirus program while performing the online scan



Then post a new HJT log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-06-2006, 09:08 PM   #7 (permalink)
Registered User
 
lyricallawgirl's Avatar
 
Join Date: Mar 2006
Location: OC, California
Posts: 38
OS: Win XP Home


Send a message via Yahoo to lyricallawgirl
Ok...so did you just want me to post the HJT report or all the reports (i.e. BFU and ActiveScan Reports)? Well, here is the latest HJT report (done after I clicked and cleaned it and after I ran BFU and ActiveScan...Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 8:13:24 PM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Tamra_Home\Desktop\Spyware Programs Exe\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.avginet.exe
O15 - Trusted Zone: www.blackplanet.com
O15 - Trusted Zone: http://www.blackplanet.com
O15 - Trusted Zone: www.grisoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128208900160
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
lyricallawgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-06-2006, 09:09 PM   #8 (permalink)
Registered User
 
lyricallawgirl's Avatar
 
Join Date: Mar 2006
Location: OC, California
Posts: 38
OS: Win XP Home


Send a message via Yahoo to lyricallawgirl
Question ok...latest and greatest HJT scan
Ok...so did you just want me to post the HJT report or all the reports (i.e. BFU and ActiveScan Reports)? Well, here is the latest HJT report (done after I clicked and cleaned it and after I ran BFU and ActiveScan...Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 8:13:24 PM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Tamra_Home\Desktop\Spyware Programs Exe\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.avginet.exe
O15 - Trusted Zone: www.blackplanet.com
O15 - Trusted Zone: http://www.blackplanet.com
O15 - Trusted Zone: www.grisoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128208900160
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
lyricallawgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-06-2006, 09:12 PM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,171
OS: 2000 Pro; XP Pro; XP Home


I guess that wasn't very clear.

Yes, please post the Panda scan results if there were any.

How is your system behaving now, please?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-06-2006, 09:15 PM   #10 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,171
OS: 2000 Pro; XP Pro; XP Home


Also, you have 2 Antivirus programs installed, Norton and AVG. This can cause conflict and slowdowns. I suggest you uninstall one and keep the other. Personally, I'd keep AVG.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-06-2006, 09:23 PM   #11 (permalink)
Registered User
 
lyricallawgirl's Avatar
 
Join Date: Mar 2006
Location: OC, California
Posts: 38
OS: Win XP Home


Send a message via Yahoo to lyricallawgirl
Wow, you are quick, ok here is the BFU Report:

BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 7:33:21 PM, on 3/6/2006

Script completed.


Here is the Panda ActiveScan Report:


Incident Status Location

Adware:adware/magiccontrol Not disinfected C:\WINDOWS\SYSTEM32\sysinetsvc32.dll
Dialer:dialer.b Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\sysnetsvc32.inf
Adware:adware/navipromo Not disinfected Windows Registry
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tamra_Home\Cookies\tamra_home@stats1.reliablestats[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tamra\Cookies\tamra@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tamra\Cookies\tamra@dist.belnk[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tamra\Cookies\tamra@stats1.reliablestats[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tamra_Home\Cookies\tamra_home@stats1.reliablestats[1].txt
Dialer:Dialer.B Not disinfected C:\Documents and Settings\Tamra_Home\Desktop\Spyware Programs Exe\backups\backup-20060306-193737-713.inf
Dialer:Dialer.DII Not disinfected C:\Program Files\Livestream\Livestream.exe
Dialer:Dialer.DII Not disinfected C:\WINDOWS\SYSTEM32\dhtmlexe.exe
Dialer:Dialer.FFQ Not disinfected C:\WINDOWS\SYSTEM32\sysinetsvc32.dll

I'm not sure if I should run all my programs again and see if it comes up again yet....let me know....THANKS! :)
lyricallawgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-06-2006, 09:23 PM   #12 (permalink)
Registered User
 
lyricallawgirl's Avatar
 
Join Date: Mar 2006
Location: OC, California
Posts: 38
OS: Win XP Home


Send a message via Yahoo to lyricallawgirl
Wow, you are quick, ok here is the BFU Report:

BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 7:33:21 PM, on 3/6/2006

Script completed.


Here is the Panda ActiveScan Report:


Incident Status Location

Adware:adware/magiccontrol Not disinfected C:\WINDOWS\SYSTEM32\sysinetsvc32.dll
Dialer:dialer.b Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\sysnetsvc32.inf
Adware:adware/navipromo Not disinfected Windows Registry
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tamra_Home\Cookies\tamra_home@stats1.reliablestats[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tamra\Cookies\tamra@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tamra\Cookies\tamra@dist.belnk[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tamra\Cookies\tamra@stats1.reliablestats[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Tamra_Home\Cookies\tamra_home@stats1.reliablestats[1].txt
Dialer:Dialer.B Not disinfected C:\Documents and Settings\Tamra_Home\Desktop\Spyware Programs Exe\backups\backup-20060306-193737-713.inf
Dialer:Dialer.DII Not disinfected C:\Program Files\Livestream\Livestream.exe
Dialer:Dialer.DII Not disinfected C:\WINDOWS\SYSTEM32\dhtmlexe.exe
Dialer:Dialer.FFQ Not disinfected C:\WINDOWS\SYSTEM32\sysinetsvc32.dll

I'm not sure if I should run all my programs again and see if it comes up again yet....let me know....THANKS! :)
lyricallawgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-06-2006, 10:09 PM   #13 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,171
OS: 2000 Pro; XP Pro; XP Home


OK, now we're seeing some things....let's get after it! You've got a couple of nasty dialers on this system, you may want to check with your phone company, to see that no odd charges have been added to your bill.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

-----------------------------------------------------------

Download Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.

-----------------------------------------------------------


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

-----------------------------------------------------------

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

-----------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Livestream

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

-----------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

-----------------------------------------------------------

Go to Start>Run then copy and paste, or type the following, then press Enter:

regsvr32 /u occache.dll

Delete these files/folders if present:


C:\WINDOWS\SYSTEM32\sysinetsvc32.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\sysnetsvc32.inf
C:\Program Files\Livestream
C:\WINDOWS\SYSTEM32\dhtmlexe.exe
C:\WINDOWS\SYSTEM32\sysinetsvc32.dll


Go to Start>Run then copy and paste, or type the following, then press Enter:

regsvr32 occache.dll

-----------------------------------------------------------

Restart in normal mode.

-----------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

-----------------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

-----------------------------------------------------------

Download IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain



Download SpywareBlaster 3.5.1
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

-----------------------------------------------------------

Please return with logs from:

Ewido
Kaspersky
HJT

-----------------------------------------------------------

Run Spybot, and see if it finds the problem again. If so, please make note of the exact location.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
Last edited by tetonbob; 03-06-2006 at 10:14 PM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-06-2006, 10:28 PM   #14 (permalink)
Registered User
 
lyricallawgirl's Avatar
 
Join Date: Mar 2006
Location: OC, California
Posts: 38
OS: Win XP Home


Send a message via Yahoo to lyricallawgirl
Ok, I have a question before I continue...

How do I know if I have a 64 Bit Operating System...you said "If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility"....I'm not sure if I have this or not...HELP!
lyricallawgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-06-2006, 10:36 PM   #15 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,333
OS: N/A


If you don't already know, you're probably not using XP64.

Download & run this tool to find out for sure..

http://www.kellys-korner-xp.com/regs...p_whichcpu.exe
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-06-2006, 10:39 PM   #16 (permalink)
Registered User
 
lyricallawgirl's Avatar
 
Join Date: Mar 2006
Location: OC, California
Posts: 38
OS: Win XP Home


Send a message via Yahoo to lyricallawgirl
Ok it's saying I have a 32 bit system....thanks for that quick answer. Moving on with the fixes...be back in a bit....
lyricallawgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-07-2006, 09:32 PM   #17 (permalink)
Registered User
 
lyricallawgirl's Avatar
 
Join Date: Mar 2006
Location: OC, California
Posts: 38
OS: Win XP Home


Send a message via Yahoo to lyricallawgirl
EEK! YIKES....3 hours and counting...
Ok, so here are the things you want me to post...but I have to tell you...after running SpyBot...it found it again and here is what it found:

MagicControl.Agent: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1867724695-1873088673-1519062506-1009\Software\LanConfig

MagicControl.Agent: User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1867724695-1873088673-1519062506-1009\Software\mc\SA


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-18 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-03 Includes\Cookies.sbi (*)
2006-03-03 Includes\Dialer.sbi (*)
2006-03-03 Includes\Hijackers.sbi (*)
2006-03-03 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-03-03 Includes\Malware.sbi (*)
2006-03-03 Includes\PUPS.sbi (*)
2006-03-03 Includes\Revision.sbi (*)
2006-03-03 Includes\Security.sbi (*)
2006-03-03 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-03 Includes\Trojans.sbi (*)



Here is My Latest HJT Report:

Logfile of HijackThis v1.99.1
Scan saved at 12:07:40 AM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\ohlyxfprtk.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Tamra_Home\Desktop\Spyware Programs Exe\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ohlyxfprtk] c:\windows\system32\ohlyxfprtk.exe ohlyxfprtk
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.avginet.exe
O15 - Trusted Zone: www.blackplanet.com
O15 - Trusted Zone: http://www.blackplanet.com
O15 - Trusted Zone: www.grisoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128208900160
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



The Ewido Scan is Below:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:51:55 PM, 3/6/2006
+ Report-Checksum: 61EB5494

+ Scan result:

C:\Program Files\Livestream\Livestream.exe -> Trojan.Dialer.eg : Cleaned with backup
C:\WINDOWS\SYSTEM32\dhtmlexe.exe -> Trojan.Dialer.eg : Cleaned with backup
C:\WINDOWS\SYSTEM32\msclock32.dll -> Adware.NaviPromo : Cleaned with backup
C:\WINDOWS\SYSTEM32\msplock32.dll -> Adware.NaviPromo : Cleaned with backup
C:\WINDOWS\SYSTEM32\sysinetsvc32.dll -> Dialer.InstantAccess.e : Cleaned with backup


::Report End

AND HERE IS THE KASPERSKY REPORT:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, March 07, 2006 00:05:45
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/03/2006
Kaspersky Anti-Virus database records: 180584
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 51106
Number of viruses found: 18
Number of infected objects: 99
Number of suspicious objects: 3
Duration of the scan process: 2146 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/winstall.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Suspicious: Password-protected-EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07F129F2.class Infected: Trojan.Java.ClassLoader.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D503609.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1392334E Infected: Trojan-Downloader.Java.OpenConnection.w
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\176261C1 Infected: Trojan.Win32.P2E.ce
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1970013F.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1970013F.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1970013F.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1970013F.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C5D1936 Infected: Trojan.Win32.Dialer.eg
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C614333 Infected: Trojan.Win32.Dialer.eg
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E5E4246.htm Suspicious: Exploit.HTML.CodeBaseExec
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2010312F Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.e
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28470DC4.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28931EC8.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\339968C6.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56DE151E.class Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56E13F1A.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56E13F1A.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56E13F1A.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56E13F1A.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56E13F1A.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56E13F1A.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\572C04C8.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\666209E9.class Infected: Trojan.Java.ClassLoader.v
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\70B302EF Infected: Trojan.Win32.P2E.ce
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\70B62CEC Infected: Trojan.Win32.P2E.ce
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\73F14157.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0019523.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0019558.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP133\A0019584.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0019634.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0019657.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0019702.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0019717.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0019727.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.l
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0019728.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0019751.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0019773.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0019799.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0019826.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\A0019851.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0020041.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP135\A0020057.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP136\A0020078.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP137\A0020131.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP137\A0020155.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP137\A0020171.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP137\A0020181.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP137\A0020182.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP137\A0020230.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP138\A0020309.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP138\A0020322.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP139\A0020388.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP139\A0020426.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP140\A0020615.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP140\A0020625.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP140\A0020626.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP140\A0020655.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP140\A0020669.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP141\A0020885.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP141\A0020931.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP141\A0020951.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP141\A0020966.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP146\A0021020.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP146\A0021041.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP146\A0021061.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP146\A0021068.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP146\A0021078.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP146\A0021121.exe Infected: Trojan.Win32.Dialer.eg
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP146\A0021122.exe Infected: Trojan.Win32.Dialer.eg
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP146\A0021123.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.e
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP147\A0021166.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP147\A0021273.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP147\A0021284.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP148\A0021426.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP148\A0021437.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP148\A0021456.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP148\A0021480.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP148\A0021495.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP148\A0021509.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP148\A0021519.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP149\A0021585.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP149\A0021597.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP149\A0021613.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP149\A0021630.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP149\A0021643.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP150\A0021667.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP150\A0021680.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP150\A0021692.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP150\A0021711.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP150\A0021725.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP150\A0021754.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP151\A0021799.exe Infected: Trojan.Win32.Dialer.eg
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP151\A0021800.exe Infected: Trojan.Win32.Dialer.eg
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP151\A0021801.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP151\A0021802.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP151\A0021803.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.e
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP151\A0021832.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\WINDOWS\SYSTEM32\msclock32.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m
C:\WINDOWS\SYSTEM32\ohlyxfprtk.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m

Scan process completed.


I was trying to delete my Norton and it keeps giving me an error saying the %%UserProfile%% can't be found....I wanted to keep my AVG and get rid of Norton, but I'm not sure how to do it now...
lyricallawgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-07-2006, 10:05 PM   #18 (permalink)
Registered User
 
lyricallawgirl's Avatar
 
Join Date: Mar 2006
Location: OC, California
Posts: 38
OS: Win XP Home


Send a message via Yahoo to lyricallawgirl
Well, I just went onto my other username and was able to delete Norton from that one...that was weird...anyway...any more ideas on magiccontrol???
lyricallawgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-07-2006, 10:15 PM   #19 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,171
OS: 2000 Pro; XP Pro; XP Home


Download and run Blacklight

After you start the program and accept the license, you should see the first step (Figure 1), which lets you scan for hidden items. Note that you must have local administrative privileges to run the program.

Click Scan. BlackLight will use Windows Explorer (the desktop process) to scan for hidden items. Your anti-virus software or personal firewall might display a warning that says Blacklight (blbeta.exe) is trying to manipulate the Windows Explorer process (explorer.exe). If you want to continue the scan, you should allow BlackLight to do this

When it finishes, click Next. You may get a screen similar to the picture below. Click on Close

BlackLight beta would create a log file "fsbl-<date-and-time>.log". By default, the log file is in the same directory as the executable. Please post the log

__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-07-2006, 10:31 PM   #20 (permalink)
Registered User
 
lyricallawgirl's Avatar
 
Join Date: Mar 2006
Location: OC, California
Posts: 38
OS: Win XP Home


Send a message via Yahoo to lyricallawgirl
BlackLight Report Below...
wow...does it always take this many steps and this long to clean stupid computers...ARGH!

03/07/06 21:31:13 [Info]: BlackLight Engine 1.0.33 initialized
03/07/06 21:31:13 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/07/06 21:31:14 [Note]: 7019 4
03/07/06 21:31:14 [Note]: 7005 0
03/07/06 21:31:23 [Note]: 7006 0
03/07/06 21:31:23 [Note]: 7011 364
03/07/06 21:31:23 [Note]: 7024 3
03/07/06 21:31:23 [Info]: Hidden process: C:\windows\system32\ohlyxfprtk.exe
03/07/06 21:31:23 [Note]: FSRAW library version 1.7.1015
03/07/06 21:32:07 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\ohlyxfprtk.dat
03/07/06 21:32:07 [Note]: 10002 1
03/07/06 21:32:08 [Info]: Hidden file: C:\windows\system32\ohlyxfprtk.exe
03/07/06 21:32:08 [Note]: 10002 1
03/07/06 21:32:08 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\ohlyxfprtk_nav.dat
03/07/06 21:32:08 [Note]: 10002 1
03/07/06 21:32:08 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\ohlyxfprtk_navps.dat
03/07/06 21:32:08 [Note]: 10002 1
03/07/06 21:32:11 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\msclock32.dll
03/07/06 21:32:11 [Note]: 10002 1
03/07/06 21:32:12 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\msplock32.dll
03/07/06 21:32:12 [Note]: 10002 1
03/07/06 21:33:14 [Note]: 7007 0


I RAN IT TWICE ON ACCIDENT....HERE IS THE OTHER LOG...

03/07/06 21:34:26 [Info]: BlackLight Engine 1.0.33 initialized
03/07/06 21:34:26 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/07/06 21:34:26 [Note]: 7019 4
03/07/06 21:34:26 [Note]: 7005 0
03/07/06 21:34:28 [Note]: 7006 0
03/07/06 21:34:28 [Note]: 7011 364
03/07/06 21:34:28 [Note]: 7024 3
03/07/06 21:34:28 [Info]: Hidden process: C:\windows\system32\ohlyxfprtk.exe
03/07/06 21:34:28 [Note]: FSRAW library version 1.7.1015
03/07/06 21:34:45 [Error]: 6019 0
03/07/06 21:36:43 [Note]: 7007 0
lyricallawgirl is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:51 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85