Adware From Google Links [RESOLVED] |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
  |
 Nov 30 2007, 11:18 PM
Post
#1
|
|
|
Member  Posts: 62 OS: Windows XP  |
I suspect that I have some adware on my machine, because whenever I try to click a link after a Google search, I am redirected to an advertising website. I ran all of the steps from the "You Must Read This Before Posting A Hijackthis Log, Malware Cleaning Guide" post, and the relevant logs are posted below. Thanks! --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 2:28:28 AM 11/21/2007 + Scan result: Nothing found. ::Report end ----------------------------------------------------------------------------------------------------------------------- SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/25/2007 at 11:24 PM Application Version : 3.9.1008 Core Rules Database Version : 3350 Trace Rules Database Version: 1349 Scan type : Complete Scan Total Scan Time : 05:55:49 Memory items scanned : 411 Memory threats detected : 0 Registry items scanned : 6382 Registry threats detected : 62 File items scanned : 70953 File threats detected : 21 Worm.Forbot-CE [WMDM PMSP Service] C:\WINDOWS\SYSTEM32\CSSRSS.EXE C:\WINDOWS\SYSTEM32\CSSRSS.EXE Adware.AdSponsor/ISM HKLM\Software\Classes\CLSID\{12DA1BC4-5384-42fd-A119-3C99D2D146A2} HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2} HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2} HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}#AppID HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32 HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32#ThreadingModel HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\ProgID HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\TypeLib HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\VersionIndependentProgID C:\PROGRAM FILES\ISM\BNDDRIVE3.DLL HKLM\Software\Classes\CLSID\{1ED6A320-8AF3-4f06-868A-9BA95585712E} HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E} HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E} HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}#AppID HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32 HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32#ThreadingModel HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\ProgID HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\TypeLib HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\VersionIndependentProgID C:\PROGRAM FILES\ISM\BNDDRIVE7.DLL HKLM\Software\Classes\CLSID\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573} HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573} HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}#AppID HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\InprocServer32 HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\InprocServer32#ThreadingModel HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\ProgID HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\TypeLib HKCR\CLSID\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}\VersionIndependentProgID HKLM\Software\Classes\CLSID\{8C6D5A56-791E-4fe8-9D64-81781FA15D68} HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68} HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68} HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}#AppID HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\InprocServer32 HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\InprocServer32#ThreadingModel HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\ProgID HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\TypeLib HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\VersionIndependentProgID C:\PROGRAM FILES\ISM\BNDDRIVE6.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{12DA1BC4-5384-42fd-A119-3C99D2D146A2} HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1ED6A320-8AF3-4f06-868A-9BA95585712E} HKU\S-1-5-21-2937236725-636055825-2309335-1005\Software\antica HKU\S-1-5-21-2937236725-636055825-2309335-1005\Software\BndDrive C:\PROGRAM FILES\ISM2\ISMPACK6.EXE C:\PROGRAM FILES\ISM2\ISMPACK7.EXE C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM\BNDDRIVE3.DLL.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM\ISM.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM\ISMMODULE4.EXE.VIR Adware.ClickSpring HKLM\Software\Classes\CLSID\{ECCD197A-82ED-D040-EE5C-FA8A458529CC} HKCR\CLSID\{ECCD197A-82ED-D040-EE5C-FA8A458529CC} HKCR\CLSID\{ECCD197A-82ED-D040-EE5C-FA8A458529CC}\InprocServer32 HKCR\CLSID\{ECCD197A-82ED-D040-EE5C-FA8A458529CC}\InprocServer32#ThreadingModel HKCR\CLSID\{ECCD197A-82ED-D040-EE5C-FA8A458529CC}\Programmable HKCR\CLSID\{ECCD197A-82ED-D040-EE5C-FA8A458529CC}\TypeLib C:\WINDOWS\SYSTEM32\YGMHPBK.DLL C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EROLC.DLL.VIR Adware.Tracking Cookie C:\Documents and Settings\Jessica Pendleton\Cookies\jessica_pendleton@msnportal.112.2o7[1].txt C:\Documents and Settings\Jessica Pendleton\Cookies\jessica_pendleton@advertising[2].txt C:\Documents and Settings\Jessica Pendleton\Cookies\jessica_pendleton@adopt.euroclick[2].txt C:\Documents and Settings\Jessica Pendleton\Cookies\jessica_pendleton@ad.yieldmanager[1].txt C:\Documents and Settings\Jessica Pendleton\Cookies\jessica_pendleton@mediaplex[2].txt C:\Documents and Settings\Jessica Pendleton\Cookies\jessica_pendleton@realmedia[1].txt Trojan.Net-MSV/VPS-H HKCR\BndDrive2.Band HKCR\BndDrive2.Band\CLSID HKCR\BndDrive2.Band\CurVer HKCR\BndDrive2.Band.1 HKCR\BndDrive2.Band.1\CLSID HKCR\BndDrive2.BHO HKCR\BndDrive2.BHO\CLSID HKCR\BndDrive2.BHO\CurVer HKCR\BndDrive2.BHO.1 HKCR\BndDrive2.BHO.1\CLSID Trojan.Agent-Deinstall C:\41.TMP Trojan.Downloader-Gen/Installer C:\QOOBOX\QUARANTINE\C\WINDOWS\B122.EXE.VIR Adware.Vundo Variant/Rel C:\WINDOWS\SYSTEM32\MCRH.TMP Trojan.Downloader-Gen/TSITRA C:\WINDOWS\TSITRA72.EXE ----------------------------------------------------------------------------------------------------------------------- Incident Status Location Virus:Trj/Inject.K Disinfected Operating system Adware:adware/wintools Not disinfected Windows Registry Spyware:spyware/virtumonde Not disinfected Windows Registry Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Virus:Trj/ConHook.AH Disinfected C:\13352830 Virus:Trj/ConHook.AH Disinfected C:\16954359 Virus:Trj/ConHook.AH Disinfected C:\20556208 Virus:Trj/ConHook.AH Disinfected C:\2534003 Adware:Adware/Adband Not disinfected C:\27.tmp[BndDrive3.dll] Adware:Adware/Yazzle Not disinfected C:\3B.tmp Virus:Generic Malware Not disinfected C:\3E.tmp[BndDrive6.dll] Virus:Trj/Downloader.MDW Not disinfected C:\3E.tmp[ISMModule6.exe] Virus:Trj/ConHook.AH Disinfected C:\6137625 Virus:Trj/ConHook.AH Disinfected C:\9748687 Virus:Trj/Inject.K Disinfected C:\Documents and Settings\All Users\Documents\Settings\abc32.dll Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jessica Pendleton\Cookies\jessica_pendleton@ad.yieldmanager[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jessica Pendleton\Cookies\jessica_pendleton@advertising[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jessica Pendleton\Cookies\jessica_pendleton@atwola[1].txt Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Jessica Pendleton\Cookies\jessica_pendleton@enhance[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jessica Pendleton\Cookies\jessica_pendleton@mediaplex[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jessica Pendleton\Cookies\jessica_pendleton@questionmarket[2].txt Possible Virus. Not disinfected C:\Documents and Settings\Jessica Pendleton\Local Settings\Temporary Internet Files\Content.IE5\NEGSAVMB\flash_[1].exe Possible Virus. Not disinfected C:\Documents and Settings\Jessica Pendleton\Local Settings\Temporary Internet Files\Content.IE5\Y6T5QPGM\flashs[1].exe Virus:Trj/Downloader.RGR Disinfected C:\info.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\HaxFix\Process.exe Virus:Trj/Downloader.REF Disinfected C:\Program Files\ISM2\cringupd.exe Adware:Adware/Amera Not disinfected C:\Program Files\ISM2\hydramedupd.exe[QdrPack9.exe] Virus:Trj/Downloader.MDW Disinfected C:\Program Files\ISM2\ISMPack8.exe Virus:Trj/Downloader.QLX Not disinfected C:\qoobox\Quarantine\C\Program Files\ISM\syncupd.exe.vir[ISMModule4.exe] Adware:Adware/Winpopup Not disinfected C:\qoobox\Quarantine\C\Program Files\WinPop\winpop.exe.vir Adware:Adware/WebSearch Not disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\l3acdb2.dll.vir Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CV0LATGN\flash2[1].exe Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CV0LATGN\flash2[2].exe Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CV0LATGN\flash2[3].exe Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CV0LATGN\flashs[1].exe Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CV0LATGN\sk[1].exe Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\SYSTEM32\nso12k.sys Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\process.exe Possible Virus. Not disinfected C:\WINDOWS\TEMP\8609295.exe Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\TEMP\abc7A9D.tmp Possible Virus. Not disinfected C:\WINDOWS\TEMP\wscnfy32.exe ----------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 9:15:21 PM, on 11/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\HJT\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\FilmLoop Player\FilmLoop.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\HJT\AVG AntiSpyware\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\HJT\ZoneAlarm\zlclient.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\HJT\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: shutdown - {CCBC349C-6870-4A5B-9B1E-7127E6E46B09} - C:\WINDOWS\system32\shutdown.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\HJT\AVG AntiSpyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\HJT\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174869198854 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0543315C-A29C-42FB-A2AF-66B3AD4F8761}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\..\{1725A1AE-7C70-4863-AEB9-76DD940FF06E}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\..\{0543315C-A29C-42FB-A2AF-66B3AD4F8761}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O17 - HKLM\System\CS3\Services\Tcpip\..\{0543315C-A29C-42FB-A2AF-66B3AD4F8761}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O20 - Winlogon Notify: !SASWinLogon - C:\HJT\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: abc32reg - C:\Documents and Settings\All Users\Documents\Settings\abc32.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\HJT\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe |
 |
 
|
|
Dec 4 2007, 01:10 PM
Post
#2
|
|
 Global Moderator  Posts: 9,584 From: Darkest Cornwall OS: Vista Ultimate |
Hi there and sorry for the delay. First thing I noticed is that you have some items disabled under MSConfig, these will all need to be re-enabled so that I can see everything that may be a problem. I will try to kill as much as possible on the first pass, so this is a long post I would recommend copying it to a text file for reference. Please save all logs and post them on completion of this part of the fix
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: shutdown - {CCBC349C-6870-4A5B-9B1E-7127E6E46B09} - C:\WINDOWS\system32\shutdown.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{0543315C-A29C-42FB-A2AF-66B3AD4F8761}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\..\{1725A1AE-7C70-4863-AEB9-76DD940FF06E}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\..\{0543315C-A29C-42FB-A2AF-66B3AD4F8761}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O17 - HKLM\System\CS3\Services\Tcpip\..\{0543315C-A29C-42FB-A2AF-66B3AD4F8761}: NameServer = 85.255.114.110,85.255.112.229 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.110 85.255.112.229 O20 - Winlogon Notify: abc32reg - C:\Documents and Settings\All Users\Documents\Settings\abc32.dll (file missing) Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. NEXT Please download FixWareout from here: http://downloads.subratam.org/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead. Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log THEN Please download the OTMoveIt by OldTimer.
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes. **If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at : C:\_OTMoveIt\MovedFiles\********_******.log (where "********_******" is the "date_time") Click "Exit" to close OTMoveIt. FINALLY Download ComboFix from Here or Here to your Desktop.
I will also need an uninstall list Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post Logs required : Report.txt, OTMoveit, Combofix, Hijackthis and an Uninstall list |
|
|
|
|
Dec 6 2007, 12:18 AM
Post
#3
|
|
|
Member Posts: 62 OS: Windows XP |
Thanks for your response! I ran all of your steps. Here are the logs: --------------------------------------------------------------------------------------------------------------------------------- Username "Jessica Pendleton" - 12/05/2007 21:30:07 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdfev.exe" Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Other C:\WINDOWS\TEMP\kdfev.ren 75796 06/13/2007 ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\\Program Files\\Apoint\\Apoint.exe" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe" "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "FilmLoop"="\"C:\\Program Files\\FilmLoop Player\\FilmLoop.exe\" -hide" "EPSON Stylus C88 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIABA.EXE /P23 \"EPSON Stylus C88 Series\" /O6 \"USB002\" /M \"Stylus C88\"" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "!AVG Anti-Spyware"="\"C:\\HJT\\AVG AntiSpyware\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\"" "ZoneAlarm Client"="\"C:\\HJT\\ZoneAlarm\\zlclient.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "BCWipeTM Startup"="\"C:\\Program Files\\Jetico\\BCWipe\\BCWipeTM.exe\" startup" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup" "MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\"" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ --------------------------------------------------------------------------------------------------------------------------------- C:\WINDOWS\TEMP\wscnfy32.exe moved successfully. C:\WINDOWS\TEMP\8609295.exe moved successfully. C:\Program Files\ISM2 moved successfully. C:\3E.tmp moved successfully. C:\3B.tmp moved successfully. C:\27.tmp moved successfully. File/Folder C:\WINDOWS\system32\shutdown.dll not found. File/Folder C:\Documents and Settings\All Users\Documents\Settings\abc32.dll not found. Created on 12/05/2007 21:43:59 --------------------------------------------------------------------------------------------------------------------------------- ComboFix 07-12-02.7 - Jessica Pendleton 2007-12-05 21:50:52.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.180 [GMT -8:00] Running from: C:\HJT\Combofix\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.\documents\settings C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\Documents and Settings\Jessica Pendleton\My Documents\STEM~1 C:\Documents and Settings\Jessica Pendleton\My Documents\STEM~1\??stem\ C:\Program Files\Common Files\ecurit~1 C:\WINDOWS\system32\appatc~1 C:\WINDOWS\system32\rasqervy.dll C:\WINDOWS\system32\sdfinacs.dll C:\WINDOWS\system32\shdocvs.dll C:\WINDOWS\system32\wuasirvy.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Driver ((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 ))))))))))))))))))))))))))))))) . 2007-12-01 15:28 . 2007-12-01 15:28 <DIR> d-------- C:\Program Files\Opera 2007-11-21 20:47 . 2007-12-05 21:09 5 --a------ C:\WINDOWS\SYSTEM32\sdfixwcs.dll 2007-11-21 18:32 . 2007-11-21 18:32 25,600 --a------ C:\WINDOWS\msacm32.drv 2007-11-20 20:41 . 2007-12-05 21:57 1,230,880 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat 2007-11-20 20:41 . 2007-12-05 21:55 15,452 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx 2007-11-20 20:39 . 2007-11-20 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-11-20 20:38 . 2007-09-06 16:14 1,086,952 --a------ C:\WINDOWS\SYSTEM32\zpeng24.dll 2007-11-20 20:38 . 2007-09-06 16:14 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-11-20 20:38 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll 2007-11-20 20:13 . 2007-11-30 04:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\ZoneLabs 2007-11-20 20:13 . 2007-12-05 21:56 353,246 --ah----- C:\WINDOWS\SYSTEM32\vsconfig.xml 2007-11-20 20:13 . 2007-11-20 20:40 4,212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat 2007-11-20 20:05 . 2007-12-05 21:52 <DIR> d-------- C:\WINDOWS\Internet Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-06 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-01 05:29 44,968 ----a-w C:\Documents and Settings\Jessica Pendleton\Application Data\wklnhst.dat 2007-11-30 11:18 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-30 11:18 --------- d-----w C:\Program Files\Windows Desktop Search 2007-11-30 10:57 --------- d-----w C:\Program Files\SpywareGuard 2007-11-30 10:01 --------- d-----w C:\Program Files\iTunes 2007-11-30 09:59 --------- d-----w C:\Program Files\FilmLoop Player 2007-11-30 09:58 --------- d-----w C:\Program Files\Digital Line Detect 2007-11-30 09:58 --------- d-----w C:\Program Files\DellSupport 2007-11-30 09:56 --------- d-----w C:\Program Files\Apoint 2007-11-30 06:21 --------- d-----w C:\Program Files\Google 2007-11-27 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2007-11-21 03:21 --------- d-----w C:\Program Files\Common Files\Adobe 2006-01-31 07:45 56 ----a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat 2005-12-08 02:00 2,830 ----a-w C:\Documents and Settings\Beth Pendleton\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09] "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 10:00] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-28 21:19] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-08-21 16:04] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 20:05] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 09:43] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-10-07 17:44] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-14 23:01] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 23:01] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-12 23:05] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 20:32] "FilmLoop"="C:\Program Files\FilmLoop Player\FilmLoop.exe" [2006-03-22 12:14] "EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [2005-01-27 04:00] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 14:45] "!AVG Anti-Spyware"="C:\HJT\AVG AntiSpyware\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09] "ZoneAlarm Client"="C:\HJT\ZoneAlarm\zlclient.exe" [2007-09-06 16:14] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-27 22:20] "BCWipeTM Startup"="C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" [2005-12-20 03:15] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] C:\Documents and Settings\Jessica Pendleton\Start Menu\Programs\Startup\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 18:05:35] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-02-03 05:39:00] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-28 21:19:05] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\HJT\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\HJT\SUPERAntiSpyware\SASWINLO.DLL 2007-09-12 21:42 294912 C:\HJT\SUPERAntiSpyware\SASWINLO.DLL R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys S4 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e4b10c0-bafd-11da-a4a1-000e35d3be92}] \Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaabf890-bafe-11da-a4a2-000e35d3be92}] \Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe . Contents of the 'Scheduled Tasks' folder "2007-12-06 05:48:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 21:58:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-05 21:59:30 - machine was rebooted . --- E O F --- --------------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:16:06 PM, on 12/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\HJT\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\FilmLoop Player\FilmLoop.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\HJT\AVG AntiSpyware\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\HJT\ZoneAlarm\zlclient.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\HJT\AVG AntiSpyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\HJT\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174869198854 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: !SASWinLogon - C:\HJT\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\HJT\AVG AntiSpyware\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe --------------------------------------------------------------------------------------------------------------------------------- ABBYY FineReader 5.0 Sprint Adobe Acrobat 5.0 Adobe Flash Player ActiveX Adobe Photoshop Elements 2.0 Adobe Reader 8.1.0 Adobe® Photoshop® Album Starter Edition 3.2 ALPS Touch Pad Driver ArcSoft PhotoImpression ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver AVG Anti-Spyware 7.5 BCWipe 3.0 Broadcom Advanced Control Suite BUM CCleaner (remove only) Conexant D480 MDC V.9x Modem Dell Driver Reset Tool Dell Media Experience Dell Media Experience Update Dell Picture Studio v3.0 DellSupport Digital Line Detect EarthLink setup files EPSON Copy Utility EPSON PERF 1670 Guide EPSON Photo Print EPSON Printer Software EPSON Scan EPSON Smart Panel FilmLoop Player FinePixViewer Ver.3.2 Form Fill (Windows Live Toolbar) FUJIFILM USB Driver Get High Speed Internet! Goleads Marketing CRM Google Updater H&R Block Tax Offer HaxFix 4.53 HijackThis 1.99.1 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB906569) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Deskjet 5400 series HP Image Zone Express HP Imaging Device Functions 5.0 HP Software Update HP Solution Center & Imaging Support Tools 5.0 ImageMixer VCD for FinePix Internet Explorer Default Page iPod for Windows 2005-03-23 iPod for Windows 2006-03-23 ItsDeductible Express iTunes Jasc Paint Shop Photo Album 5 Jasc Paint Shop Pro Studio, Dell Editon Java™ 6 Update 2 Learn2 Player (Uninstall Only) LG PC Sync LG USB Modem driver LGUsbConverterDriver Map Button (Windows Live Toolbar) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Encarta Encyclopedia Standard 2004 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2004 Microsoft Money 2004 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office 2000 SR-1 Disc 2 Microsoft Office 2000 SR-1 Professional Microsoft Picture It! Photo Premium 9 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Streets and Trips 2004 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Word 2002 Microsoft Works Microsoft Works 2004 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word Modem Helper Mozilla Firefox (2.0.0.11) MSN Connection Center MSN Messenger 6.2 MSN Music Assistant MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Musicmatch for Windows Media Player NetWaiting OneCare Advisor (Windows Live Toolbar) Opera 9.24 Panda ActiveScan Photo Click Picasa 2 Popup Blocker (Windows Live Toolbar) PowerDVD 5.1 Presto! BizCard 4.0 Component for Windows CE Presto! BizCard 4.1 Eng Qualxserve Service Agreement QuickLink Mobile QuickSet QuickTime RealPlayer ScanToWeb Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Upd |