Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
17 Posts
Discussion Starter #1
When I search from my IE6 address bar, I always get results from "wwo.notfounditem.net"... here's my guts:

-----------------
Deckard's System Scanner v20070426.43
Run by Mike on 2007-05-02 at 14:33:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2007-05-02 21:33:30 UTC - RP755 - Deckard's System Scanner Restore Point
16: 2007-05-01 22:26:26 UTC - RP754 - Software Distribution Service 2.0
15: 2007-05-01 20:43:39 UTC - RP753 - System Checkpoint
14: 2007-04-29 23:09:55 UTC - RP752 - System Checkpoint
13: 2007-04-27 21:50:06 UTC - RP751 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-04-20 18:21:05 UTC - RP739 - Removed Adobe Acrobat 7.0 - Tryout Professional - English, Français, Deutsch


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Mike.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:35:13 PM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mike\Desktop\dss.exe
C:\HJT\Mike.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 133.1.16.172:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: https*.pslnet.com
O15 - Trusted Zone: *.pslnet.com
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - http://download1.answers.com/pub/AnswersSetup.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126220177658
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.5\rthlpsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20051018-155753-896 O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe
backup-20051018-155754-822 O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 NDISProtILN (Interlink Networks Wireless IO Driver) - c:\windows\system32\drivers\ndisprotiln.sys <Not Verified; Interlink Networks Inc.; LucidLink>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - e:\instal~e\core\bvrpmpr5.sys (file missing)
S3 firewall - c:\program files\foxie suite\firewall.sys (file missing)
S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 srrrtf - c:\documents and settings\mike\desktop\glider\srrrtf.sys (file missing)
S3 w22n51 (Intel(R) PRO/Wireless 2200 Adapter Driver) - c:\windows\system32\drivers\w22n51.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 RetroLauncher (Retrospect Launcher) - c:\progra~1\retros~1\retros~1.5\retrorun.exe <Not Verified; EMC Corporation; Retrospect>
R2 SoundMAX Agent Service (default) (SoundMAX Agent Service) - c:\program files\analog devices\soundmax\smagent.exe <Not Verified; Analog Devices, Inc.; SoundMAX service agent>

S2 Retrospect Helper - "c:\progra~1\retros~1\retros~1.5\rthlpsvc.exe" <Not Verified; EMC Corporation; Retrospect>


-- Scheduled Tasks -------------------------------------------------------------

2007-05-02 12:40:46 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-04-30 14:40:00 258 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job


-- Files created between 2007-04-02 and 2007-05-02 -----------------------------

2007-05-02 14:25:23 0 d-------- C:\ie-spyad
2007-05-02 14:19:03 0 d-------- C:\Program Files\SpywareBlaster
2007-04-20 11:43:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-04-17 12:18:22 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-04-17 11:55:48 0 d-------- C:\Program Files\DIFX
2007-04-17 11:53:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-04-17 00:21:52 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-04-17 00:21:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Retrospect
2007-04-17 00:15:30 0 d-------- C:\Program Files\Retrospect
2007-04-17 00:14:17 339968 --a------ C:\WINDOWS\system32\WDBtnMgr.exe <Not Verified; Western Digital Technologies, Inc.; WD Button Manager>
2007-04-13 01:16:42 0 d-------- C:\Program Files\Common Files\AOL
2007-04-13 01:16:31 0 d-------- C:\Program Files\AIM6
2007-04-11 21:00:44 0 d-------- C:\Documents and Settings\Mike\Application Data\acccore
2007-04-11 21:00:06 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-04-11 21:00:01 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-04-11 20:37:29 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-04-05 22:25:18 0 dr-h----- C:\Documents and Settings\Mike\Recent
2007-04-05 22:14:22 0 d-------- C:\Program Files\CCleaner


-- Find3M Report ---------------------------------------------------------------

2007-05-02 13:39:08 0 d-------- C:\Program Files\Windows Defender
2007-05-02 13:29:45 0 d-------- C:\Program Files\Apoint
2007-05-02 13:24:01 2761 --ahs---- C:\WINDOWS\system32\mmf.sys
2007-05-02 11:58:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-01 18:55:39 0 d-------- C:\Documents and Settings\Mike\Application Data\Azureus
2007-05-01 18:25:33 0 d-------- C:\Program Files\Azureus
2007-04-26 11:33:23 0 d-------- C:\Program Files\Citrix
2007-04-26 11:28:06 0 d-------- C:\Program Files\Hewlett-Packard
2007-04-26 11:20:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-25 11:27:18 0 d-------- C:\Documents and Settings\Mike\Application Data\AVG7
2007-04-25 11:19:11 122 --a------ C:\ss_udp2.dat
2007-04-25 11:19:11 122 --a------ C:\ss_udp.dat
2007-04-25 11:19:10 122 --a------ C:\ss_nb.dat
2007-04-25 11:14:16 0 d-------- C:\Program Files\NETGEAR Print Server
2007-04-20 11:44:48 0 d-------- C:\Documents and Settings\Mike\Application Data\Adobe
2007-04-20 11:44:19 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-20 11:41:26 64 --a------ C:\Documents and Settings\Mike\Application Data\dm.ini
2007-04-20 11:25:35 0 d-------- C:\Program Files\Google
2007-04-20 11:11:05 0 d-------- C:\Program Files\Yahoo!
2007-04-11 21:36:45 0 d-------- C:\Program Files\AIM
2007-04-11 21:36:37 0 d-------- C:\Documents and Settings\Mike\Application Data\Aim
2007-04-11 20:41:17 335 --a----c- C:\WINDOWS\nsreg.dat
2007-04-06 12:27:32 0 d-------- C:\Program Files\World of Warcraft
2007-04-05 22:39:45 0 d-------- C:\Program Files\Collectorz.com
2007-03-29 13:55:03 0 d-------- C:\Program Files\Handspring


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HKSERV.EXE"="C:\\Program Files\\Sony\\HotKey Utility\\HKserv.exe"
"VAIO Recovery"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe"
"Switcher.exe"="C:\\Program Files\\Sony\\Wireless Switch Setting Utility\\Switcher.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"Aim6"=""
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=hex:01,00,00,00
"NoSMMyDocs"=hex:01,00,00,00
"NoSMMyPictures"=hex:01,00,00,00

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LucidLinkClient]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LucidLinkClient"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\InterlinkNetworks\\LucidLinkClient\\bin\\LucidLinkClient.exe\" -autolaunch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SPMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74699577-d03f-11db-9a1a-00014a06224b}]
Shell\AutoRun\command F:\setupSNK.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81708cf0-2db4-11d9-9eeb-806d6172696f}]
shell\AutoRun\command P:\Autorun.exe


-- End of Deckard's System Scanner: finished at 2007-05-02 at 14:36:05 ---------

ACTIVESCAN Results:

------------------

Incident Status Location

Adware:adware/sidestep Not disinfected c:\windows\downloaded program files\SbCIe02a.dll
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mike\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mike\Cookies\[email protected][1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Mike\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mike\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mike\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mike\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mike\Cookies\[email protected][1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Mike\Cookies\[email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mike\Cookies\[email protected][2].txt
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\Mike\Documents\Downloads\WarezP2P_DLC.exe[NNWARZ3_88.exe]

---------------------------------
THE END!!!!!!!!!!!!!!!!
 

Attachments

·
Registered
Joined
·
1,702 Posts
Welcome snarkymikey

wwo.notfounditem. appears to be a remnant of yahoo search

Close all browsers
Start Hijackthis Scan and place a check next to these items If there.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Do you use proxy settings >
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 133.1.16.172:3128
If not fix that item also
====================================
Hit fix checked and close Hijackthis.

Your Java is out of date, in the windows control panel Java find and use the option to update
afterwards for security reasons the old versions should be uninstalled

C:\Documents and Settings\Mike\Documents\Downloads\WarezP2P_DLC.exe << delete that file

Any problems now ?
 

·
Registered
Joined
·
1,702 Posts
Due to lack of responses this thread is closed
If you still need assistance a new log will be needed, send me a PM (personal message) and I will re-open it.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top