Tech Support Forum banner
Cancel

Popups

1242 Views 1 Reply 2 Participants Last post by  chemist
N
I'm still getting popups from jump2(i think?) after removing a few viruses and spyware, namely WebHance malware. It doesnt matter what browser is used, it'll popup advertisements in new windows every so often.

Can someone please tell me how to fix this?

HijackThis Log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Outlook Express\msimn.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115563806965
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1213494899515
O21 - SSODL: sxevebcn - {b66e3b75-e1bc-4307-9a3a-ad54d8f0c4d1} - C:\Documents and Settings\All Users\Application Data\sxevebcn.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Josh%20Dalin/Desktop/Drawings%20stuff/[email protected]
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Josh%20Dalin/Desktop/dirtyboys.jpg




DSS Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:07 PM, on 6/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Josh Dalin\Local Settings\Temporary Internet Files\Content.IE5\W93ER5F9\dss[1].exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\PROGRA~1\TRENDM~1\HIJACK~1\Josh Dalin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115563806965
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1213494899515
O21 - SSODL: sxevebcn - {b66e3b75-e1bc-4307-9a3a-ad54d8f0c4d1} - C:\Documents and Settings\All Users\Application Data\sxevebcn.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Josh%20Dalin/Desktop/Drawings%20stuff/[email protected]
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Josh%20Dalin/Desktop/dirtyboys.jpg

--
End of file - 5606 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080615-095847-381 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 dmboott - c:\windows\system32\drivers\dmboott.sys
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>

S3 basic2 - c:\windows\system32\drivers\basic2.sys (file missing)
S3 IPFilter (Microsoft IntelliPoint Features driver) - c:\windows\system32\drivers\ipfilter.sys <Not Verified; Microsoft Corporation; Microsoft IntelliPoint>
S3 Rksample - c:\windows\system32\drivers\rksample.sys (file missing)
S3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Speed Disk service - c:\progra~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: CNet PRO200WL PCI Fast Ethernet Adapter
Device ID: PCI\VEN_1282&DEV_9102&SUBSYS_434E4554&REV_31\4&1351887D&0&58F0
Manufacturer: CNet Technology, Inc.
Name: CNet PRO200WL PCI Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1282&DEV_9102&SUBSYS_434E4554&REV_31\4&1351887D&0&58F0
Service: DM9102


-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 13:45:57 0 d------c- C:\Program Files\adult
2008-06-15 09:32:12 0 d------c- C:\Program Files\Trend Micro
2008-06-14 23:04:49 0 d------c- C:\Program Files\Microsoft Silverlight
2008-06-14 22:54:33 0 d------c- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-14 21:47:22 0 d------c- C:\WINDOWS\Prefetch
2008-06-14 21:39:52 0 d------c- C:\WINDOWS\system32\scripting
2008-06-14 21:39:45 0 d------c- C:\WINDOWS\l2schemas
2008-06-14 21:39:44 0 d------c- C:\WINDOWS\system32\en
2008-06-14 21:33:13 0 d------c- C:\WINDOWS\network diagnostic
2008-06-14 14:19:59 691545 --a----c- C:\WINDOWS\unins001.exe
2008-06-14 14:19:59 2544 --a----c- C:\WINDOWS\unins001.dat
2008-06-14 13:58:52 0 --a----c- C:\WINDOWS\system32\MSVolume.dll
2008-06-14 13:58:20 0 d------c- C:\Program Files\Search And Destroy
2008-06-14 13:48:03 0 d------c- C:\WINDOWS\system32\2363
2008-06-14 13:02:15 30976 --a----c- C:\WINDOWS\time.exe
2008-06-14 13:02:14 19968 --a----c- C:\WINDOWS\svcinit.exe
2008-06-14 13:02:13 15872 --a----c- C:\WINDOWS\svchost32.exe
2008-06-14 13:02:13 26112 --a----c- C:\WINDOWS\sistem.exe
2008-06-14 13:02:12 11776 --a----c- C:\WINDOWS\searchword.dll
2008-06-14 13:02:12 17920 --a----c- C:\WINDOWS\rundll16.exe
2008-06-14 13:02:12 10752 --a----c- C:\WINDOWS\quicken.exe
2008-06-14 13:02:12 14848 --a----c- C:\WINDOWS\qttasks.exe
2008-06-14 13:02:10 30208 --a----c- C:\WINDOWS\mswsc20.dll
2008-06-14 13:02:09 10240 --a----c- C:\WINDOWS\mswsc10.dll
2008-06-14 13:02:09 16384 --a----c- C:\WINDOWS\msspi.dll
2008-06-14 13:02:09 16128 --a----c- C:\WINDOWS\msconfd.dll
2008-06-14 13:02:08 22272 --a----c- C:\WINDOWS\internet.exe
2008-06-14 13:02:08 15872 --a----c- C:\WINDOWS\inetinf.exe
2008-06-14 13:02:07 18432 --a----c- C:\WINDOWS\helpcvs.exe
2008-06-14 13:02:06 14592 --a----c- C:\WINDOWS\gfmnaaa.dll
2008-06-14 13:02:06 29440 --a----c- C:\WINDOWS\funny.exe
2008-06-14 13:02:06 16384 --a----c- C:\WINDOWS\funniest.exe
2008-06-14 13:02:05 27648 --a----c- C:\WINDOWS\explorer32.exe
2008-06-14 13:02:05 29184 --a----c- C:\WINDOWS\explore.exe
2008-06-14 13:02:04 26624 --a----c- C:\WINDOWS\editpad.exe
2008-06-14 13:02:04 20736 --a----c- C:\WINDOWS\dnsrelay.dll
2008-06-14 13:02:03 20992 --a----c- C:\WINDOWS\directx32.exe
2008-06-14 13:02:03 26880 --a----c- C:\WINDOWS\ctrlpan.dll
2008-06-14 13:02:02 14336 --a----c- C:\WINDOWS\ctfmon32.exe
2008-06-14 13:02:02 18176 --a----c- C:\WINDOWS\cpan.dll
2008-06-14 12:59:19 0 dr-----c- C:\Documents and Settings\LocalService\Favorites
2008-06-14 12:48:50 0 d------c- C:\Program Files\GetPack
2008-06-14 12:48:45 0 d------c- C:\Program Files\QdrPack
2008-06-14 12:48:44 0 d------c- C:\Program Files\ISM
2008-06-14 12:48:31 0 d------c- C:\Program Files\iCheck
2008-06-14 12:48:31 0 d------c- C:\Program Files\GetModule
2008-06-14 12:48:19 0 d------c- C:\Program Files\M?crosoft.NET
2008-06-14 12:48:10 0 d------c- C:\WINDOWS\?racle
2008-06-14 12:47:52 90073 --a----c- C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-06-14 12:47:50 0 d--hs--c- C:\WINDOWS\Sm9zaA
2008-06-14 12:47:44 86144 --a----c- C:\WINDOWS\system32\drivers\dmboott.sys
2008-06-14 12:47:42 0 d------c- C:\WINDOWS\system32\stk
2008-06-14 12:47:42 0 d------c- C:\WINDOWS\system32\mgi
2008-06-14 12:47:42 0 d------c- C:\WINDOWS\system32\1039a
2008-06-14 12:47:38 0 d------c- C:\WINDOWS\system32\netrax06
2008-06-14 12:47:35 106496 --a----c- C:\Documents and Settings\All Users\Application Data\sxevebcn.dll
2008-06-14 12:46:58 4 --a----c- C:\WINDOWS\system32\hljwugsf.bin
2008-06-13 23:44:23 229516 --a----c- C:\WINDOWS\system32\000070.exe
2008-06-13 23:42:40 209496 --a----c- C:\WINDOWS\system32\000080.exe
2008-06-13 14:10:41 0 d------c- C:\Program Files\USPS


-- Find3M Report ---------------------------------------------------------------

2008-06-15 13:15:53 0 d------c- C:\Program Files\Paint Shop Pro 6
2008-06-14 21:40:33 0 d-a----c- C:\Program Files\Messenger
2008-06-14 21:39:41 0 d-a----c- C:\Program Files\Movie Maker
2008-06-14 21:35:26 0 d-a----c- C:\Program Files\Windows NT
2008-06-14 17:04:28 0 d------c- C:\Program Files\M?crosoft.NET
2008-06-14 15:18:22 0 d------c- C:\Documents and Settings\Josh Dalin\Application Data\WinPatrol
2008-06-14 15:12:48 0 d-a----c- C:\Program Files\Common Files
2008-05-27 13:18:48 0 d------c- C:\Documents and Settings\Josh Dalin\Application Data\SolidWorks
2008-05-08 14:03:12 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-05-06 17:53:11 0 d------c- C:\Program Files\SolidWorks
2008-04-17 15:29:27 0 d------c- C:\Documents and Settings\Josh Dalin\Application Data\InstallShield
2008-04-17 15:28:49 0 d------c- C:\Program Files\Common Files\SolidWorks Shared
2008-04-17 15:24:08 0 d------c- C:\Program Files\Common Files\eDrawings2007
2008-04-17 14:28:26 0 d------c- C:\Program Files\Common Files\xing shared
2008-04-17 14:28:15 0 d------c- C:\Program Files\Common Files\Real
2008-04-17 14:17:03 0 d------c- C:\Program Files\Common Files\Predator Software
2008-04-17 14:16:56 0 d------c- C:\Program Files\Predator Software
2008-04-17 14:13:14 0 d------c- C:\Program Files\BobCAD-CAM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/28/2003 02:19 PM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [04/25/2008 01:31 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]
"nwiz"="nwiz.exe" [07/28/2003 02:19 PM C:\WINDOWS\system32\nwiz.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoSMMyDocs"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"sxevebcn"= {b66e3b75-e1bc-4307-9a3a-ad54d8f0c4d1} - C:\Documents and Settings\All Users\Application Data\sxevebcn.dll [06/14/2008 12:47 PM 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922]
"C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc





EXTRA Log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 1.60GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 767.3 MiB / 339.22 MiB
Pagefile Memory (total/avail): 1874.5 MiB / 1475.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1812.12 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 37.25 GiB total, 8.4 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 14.31 GiB total, 4.68 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 91531U3 - 14.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 14.31 GiB - E:

\\.\PHYSICALDRIVE0 - WDC WD400BB-75CAA0 - 37.25 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Josh Dalin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Josh Dalin
LOGONSERVER=\\MAIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\Ahead\Lib\;C:\Program Files\Common Files\Ahead\Lib\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOSHDA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOSHDA~1\LOCALS~1\Temp
USERDOMAIN=MAIN
USERNAME=Josh Dalin
USERPROFILE=C:\Documents and Settings\Josh Dalin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Josh Dalin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> MsiExec.exe /I{922907C8-B9A7-45A8-98B8-A2D3280756D2}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BobCAD-CAM 2007 --> "C:\Program Files\InstallShield Installation Information\{B103188A-6D09-4573-A59B-69E6F92FEBAD}\setup.exe" -runfromtemp -l0x0009 -removeonly
BobCAD-CAM V20 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FE673B2-140E-4B46-ADBA-6FECFAC509A5}\setup.exe" -l0x9 -removeonly
Business PlanMaker Professional --> MsiExec.exe /X{5E38083F-E894-406C-A86B-BA211BC0348D}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CNCZone Toolbar 1.0 --> C:\WINDOWS\unins000.exe
COSMOSWorks 2007 SP0 --> MsiExec.exe /I{AF2D85EE-D6F9-4E7B-B9FA-BBB9BCA9A01E}
Dell Photo AIO Printer 922 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
eDrawings 2008 --> MsiExec.exe /I{1F40F8F1-B4BC-4A5B-B1A6-363FBDD30F0C}
ExpressPCB --> MsiExec.exe /X{C59B4A4D-90E0-4143-8784-FA0093121231}
FormTool 6 --> MsiExec.exe /I{E5C521D8-1577-469E-B6F6-BFD09645E8AC}
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.0.0.43 --> "C:\Program Files\HLSW\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Internet Speed Monitor --> C:\Program Files\iCheck\Uninstall.exe
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Larson VizEx Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37C01E1C-5982-44A8-933F-C8AC223EF33D}\setup.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials --> MsiExec.exe /I{779C40FF-9211-427B-A5C4-2026B85A1033}
Nero 7 Essentials --> MsiExec.exe /X{DB4C031D-B2F8-47F1-A274-59A8F3B61033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton SystemWorks 2002 --> MsiExec.exe /I{43C3D832-AC96-463A-8FE4-1B8D1BFA2FA3}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Paint Shop Pro 6.0 (CD-ROM) --> C:\PROGRA~1\PAINTS~1\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG
PLT for Windows V7.1 --> C:\PROGRA~1\winPLT32\UNWISE.EXE C:\PROGRA~1\winPLT32\INSTALL.LOG
Predator CNC Editor 2005 for BobCAD --> MsiExec.exe /I{65F427F7-1326-4B4D-B71F-28A0B7DA3D50}
Predator Virtual CNC 2005 for BobCAD --> MsiExec.exe /I{C4072B39-2889-4D6F-9108-4E5A894B2FC1}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shipping Assistant 3.4 --> MsiExec.exe /X{15C77FC3-8137-4A5E-8F81-F559045DD6B0}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins001.exe"
Steam --> C:\PROGRA~1\Valve\Steam\UNWISE.EXE C:\PROGRA~1\Valve\Steam\INSTALL.LOG
TurboProject Professional v.4 --> MsiExec.exe /I{B7C31C63-8ADA-11D4-A3B5-008048EE5CCD}
VideoMach 2.7.2 --> "C:\Program Files\VideoMach-2.7.2\unins000.exe"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2008 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type4152 / Error
Event Submitted/Written: 06/14/2008 11:14:35 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Excel Viewer 2003 - Update 'Security Update for Office 2003 (KB947355): MSO' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type4151 / Error
Event Submitted/Written: 06/14/2008 11:14:35 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Microsoft Office Excel Viewer 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023838. Please open and look for "Office Source Engine" for information on how to resolve this problem.

Event Record #/Type4149 / Error
Event Submitted/Written: 06/14/2008 11:13:26 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Excel Viewer 2003 - Update 'Excel Viewer 2003 Service Pack 3 (SP3): XLVIEWSP3' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type4148 / Error
Event Submitted/Written: 06/14/2008 11:13:26 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Microsoft Office Excel Viewer 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023838. Please open and look for "Office Source Engine" for information on how to resolve this problem.

Event Record #/Type4146 / Error
Event Submitted/Written: 06/14/2008 11:13:22 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Excel Viewer 2003 - Update 'Security Update for Excel Viewer 2003 (KB943889): XLVIEW' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25879 / Warning
Event Submitted/Written: 06/15/2008 11:30:59 AM
Event ID/Source: 8 / Print
Event Description:
Printer Dell Photo AIO Printer 922 was purged.

Event Record #/Type25876 / Warning
Event Submitted/Written: 06/15/2008 11:30:35 AM
Event ID/Source: 8 / Print
Event Description:
Printer Dell Photo AIO Printer 922 was purged.

Event Record #/Type25830 / Error
Event Submitted/Written: 06/15/2008 09:41:29 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The avast! Web Scanner service terminated with the following error:
%%10106

Event Record #/Type25819 / Error
Event Submitted/Written: 06/15/2008 09:40:47 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Simple TCP/IP Services service terminated with the following error:
%%10106

Event Record #/Type25818 / Error
Event Submitted/Written: 06/15/2008 09:40:47 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%10106



-- End of Deckard's System Scanner: finished at 2008-06-15 13:57:08 --


-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8724 more entries in hosts file.

PandaSecurity Log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-15 17:36:41
PROTECTIONS: 2
MALWARE: 25
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1201 [VPS 080615-0] 4.8.1201 No Yes
Norton AntiVirus 2002 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00013512 adware/searchaid Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}
00013512 adware/searchaid Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{587DBF2D-9145-4C9E-92C2-1F953DA73773}
00029036 adware/superspider Adware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E}
00039204 adware/cws Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc97b254-b2b9-4d40-971d-78e0978f5f26}
00039754 adware/browseraid Adware No 0 Yes No c:\windows\rundll16.exe
00040007 adware/cws.yexe Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5321E378-FFAD-4999-8C62-03CA8155F0B3}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Josh Dalin\Cookies\[email protected][1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165424.MOZ[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Josh Dalin\Cookies\[email protected][1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165427.MOZ[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165432.MOZ[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165439.MOZ[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Josh Dalin\Application Data\Mozilla\Firefox\Profiles\neiayoro.default\cookies.txt[.tribalfusion.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Josh Dalin\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165432.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165432.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Josh Dalin\Application Data\Mozilla\Firefox\Profiles\neiayoro.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Josh Dalin\Application Data\Mozilla\Firefox\Profiles\neiayoro.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165439.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Josh Dalin\Application Data\Mozilla\Firefox\Profiles\neiayoro.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165427.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165419.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165427.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165427.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165439.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165439.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165432.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165427.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165419.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165419.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165419.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165439.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165424.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165424.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165424.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165424.MOZ[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Josh Dalin\Application Data\Mozilla\Firefox\Profiles\neiayoro.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\NPROTECT\00165432.MOZ[.advertising.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Josh Dalin\Cookies\[email protected][2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Josh Dalin\Cookies\[email protected][2].txt
00177226 spyware/lefeat Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B847676D-72AC-4393-BFFF-43A1EB979352}
00192311 Adware/IST.ISTBar Adware No 1 Yes No C:\Documents and Settings\Josh Dalin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-6f5a0e56.zip[javainstaller/InstallerApplet.class]
00219327 adware/conspy Adware No 0 Yes No c:\windows\editpad.exe
00226936 adware/cws.payfortraffic Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98DBBF16-CA43-4c33-BE80-99E6694468A4}
00293079 Spyware/7r7t Spyware No 1 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\JOSHDA~1\LOCALS~1\Temp\snpp.exe
00331070 Application/MotherboardMonitor.A HackTools No 0 Yes No C:\Program Files\NoNameScript\script\dlls\moo.dll
00399312 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\WINDOWS\system32\Ldresb\setup.dat[²èÇ]
02748433 Adware/WebHancer Adware No 0 No No C:\Deckard\System Scanner\backup\DOCUME~1\JOSHDA~1\LOCALS~1\Temp\syswcc32.exe[whInstaller.exe]
02812088 Adware/WebHancer Adware No 0 No No C:\Deckard\System Scanner\backup\DOCUME~1\JOSHDA~1\LOCALS~1\Temp\syswcc32.exe[whAgent.exe]
02913301 Adware/WebHancer Adware No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\JOSHDA~1\LOCALS~1\Temp\syswcc32.exe
02918606 Adware/WebHancer Adware No 0 No No C:\Deckard\System Scanner\backup\DOCUME~1\JOSHDA~1\LOCALS~1\Temp\syswcc32.exe[whiehlpr.dll]
02930075 Adware/WebHancer Adware No 0 No No C:\Deckard\System Scanner\backup\DOCUME~1\JOSHDA~1\LOCALS~1\Temp\syswcc32.exe[webhdll.dll]
02938563 Adware/PurityScan Adware No 0 No No C:\WINDOWS\system32\000070.exe[■ó1\Yazzle1552OinAdmin.exe]
02966012 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\system32\drivers\dmboott.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location -
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description -
;===================================================================================================================================================================================
;===================================================================================================================================================================================



Can anyone help please?
See less See more
Save
Like
Status
Not open for further replies.
1 - 2 of 2 Posts
chemist
2
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please let us know if you use dial-up for the internet. Thanks.

------------------------------------------------------

You have two antivirus programs installed and running. They may conflict with each other and cause system instability or even system 'hangs'. I suggest keeping Avast and uninstalling Norton(Symantec).

Please uninstall the following via the Add or Remove Programs section of your Control Panel:

LiveReg
LiveUpdate 2.6
Norton SystemWorks 2002
Norton WMI Update

Next, please download the Norton Removal Tool and Save it to your Desktop.
  • Close all programs and double-click the Norton_Removal_Tool.exe then click Run
  • Follow the on-screen instructions.
  • Restart the computer if asked.
  • Then delete Norton_Removal_Tool.exe from your desktop.
------------------------------------------------------

C:\Documents and Settings\Josh Dalin\Local Settings\Temporary Internet Files\Content.IE5\W93ER5F9\dss[1].exe
Click to expand...
Please note that tools are best Run from the Desktop. Easier to find and perform specialized functions which may be required.

Save to the Desktop and then Run from the Desktop. Thanks.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if they still exist:

Viewpoint Manager
Viewpoint Media Player

The above are considered foistware instead of malware since they are installed without users approval, but don't spy or do anything "bad". Please read here and here

If you decide to uninstall them, also delete the following Folder if it still exists:

C:\Program Files\Viewpoint

------------------------------------------------------

Please uninstall both instances of the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if they still exist:

InternetSpeedMonitor<<Please read this

Also delete the following Folders if they still exist:

C:\Program Files\ISM
C:\Program Files\iCheck

------------------------------------------------------

Download Combofix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

http://www.microsoft.com/downloads/...07-99F7-4A2D-983D-81C2137FF464&displaylang=en

Do not be concerned that this file is for SP2 and you have SP3. It will work just fine on your system.

Save it as it is originally named, to the desktop, next to ComboFix.exe

Now close all open windows and programs, including all antivirus and antimalware programs. Get help here



Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:


Please click Yes to continue scanning for malware.

When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt along with a new HijackThis log so we may continue cleansing the system.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.
------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

C:\ComboFix.txt
new HijackThis log

If you have any questions along the way...STOP and ask them before proceeding.
See less See more
Save
Like
1 - 2 of 2 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support

Top Contributors this Month

View All
spunk.funk
Gary R
wolfen1086
Recommended Communities
Community avatar for SkyscraperCity
SkyscraperCity
1M+ members
Community avatar for AVS Forum
AVS Forum
1M+ members
Community avatar for Climbing
Climbing
NEW!
30+ members
Top