Newbie to internet - adware problems [RESOLVED]

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

2 Pages

1 2 >

Newbie to internet - adware problems [RESOLVED], Totally lost as to what to do

Options

Grumpy Surfer View Member Profile	May 31 2008, 07:05 PM Post #1
Member Posts: 13 OS: XP	Having for years resisted the temptation to get an internet connection I now have one and now find that I have an infection of some sort. The main issues are:- When I go to certain sites or do a search in Google I get adverts that are related to the site I just accessed/searched for. I believe this is called targeted adware. The ad appears in a new instance of the browser. It happens in IE 7 and Firefox 3.0 but not in Safari (I am a PC user). Also, I keep getting an advert saying that my system is under threat. The URL is fp.pc-on-internet.com. Please can someone guide me as to the procedures I should follow to get rid of this. I have scanned my system using AVG (full version) & Spyware detector V 2.0. Neither report anything amiss. I am at a compete loss of what I should do. Any help would be most appreciated. I am a complete novice to all this so please treat me as a newbie idiot and give advice accordingly. I do not really want to have to use Safari as my web browser.

IndiGenus View Member Profile	Jun 2 2008, 01:29 PM Post #2
Trusted Helper Posts: 1,036 From: Massachusetts OS: XP Pro SP2 ~ Vista Ultimate ~ Ubuntu	Hi and welcome to the forums. Sorry for the delay in getting to your post here. We need a HijackThis log to get some information on your PC. Please read through and follow the steps in the following link below. If the steps do not work then post a HijackThis log as advised at the end of the post. Post the HijackThis log back here by using the Add Reply button, do not start a new topic. You Must Read This Before Posting A Hijackthis Log, Malware Cleaning Guide

Grumpy Surfer View Member Profile	Jun 3 2008, 07:18 PM Post #3
Member Posts: 13 OS: XP	Hi there, Thanks for responding. I have done the following as requested. Preparation: Did as told. Step one: I ran the two programs to test for spyware/malware. Neither found anything. Step Two: Ran Panda Activescan. This seems to have found something (it ran for about 5 hours !). Report produced is as follows:- ANALYSIS: 2008-06-03 00:22:19 PROTECTIONS: 1 MALWARE: 4 SUSPECTS: 0 ;***************************************************************************** ****************************************************************************** * ***************** PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== AVG Internet Security 8.0 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Mick Holden\Application Data\Mozilla\Firefox\Profiles\7l2yp4v9.default\cookies.txt[.apmebf.com/] 00224391 adware/startpage.amb Adware No 0 Yes No c:\documents and settings\mick holden\favorites\online games 01077299 Generic Malware Virus/Trojan No 0 Yes No C:\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\win2log.exe 02889322 Adware/SpywareDetect Adware No 0 No No P:\spywaredetector.exe 02889322 Adware/SpywareDetect Adware No 0 Yes No C:\Downloads\Spyware\spywaredetector.exe ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location 7 ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description 7 ;=============================================================================== ================================================================================ = =================== 170907 HIGH MS07-046 7 170904 HIGH MS07-043 7 ;=============================================================================== ================================================================================ = =================== Steps three and four: System already updated with service pack 2 and later critical updates. Step 5: Hijack This Log- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:41:03, on 03/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\AVG\AVG8\avgwdsvc.exe C:\AVG\AVG8\avgfws8.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\AVG\AVG8\avgam.exe C:\AVG\AVG8\avgrsx.exe C:\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\SpywareDetector\SDService.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\WINDOWS\system32\RTDCPL.EXE C:\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\AVG\AVG8\avgtray.exe C:\Program Files\QuickTime\QTTask.exe C:\iTunes\iTunesHelper.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\CardDetector\ICON225\CardDetector.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\SpywareDetector\SDSystemTray.exe C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe C:\Logitech\Profiler\lwemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\NetMeter\NetMeter.exe C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\documents and settings\mick holden\local settings\application data\xoizedm.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Microsoft Office 97\Office\OSA.EXE C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Office 03\Office10\EXCEL.EXE C:\Program Files\Windows Live\Mail\wlmail.exe E:\PhoneConnectorVMC.exe C:\Program Files\vodafone\vmclite\vmc.exe C:\Safari\Safari.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Spyware Doctor\pctsGui.exe C:\Spyware Doctor\pctsAuxs.exe C:\Spyware Doctor\pctsSvc.exe C:\Spyware Doctor\pctsTray.exe C:\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0seenus/saos01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\AVG\AVG8\avgtoolbar.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\AVG\AVG8\avgtoolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RTDCPL] RTDCPL.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [BEWINTERNET-UK-IEWSessionManager] C:\Program Files\OrangeBS\IEWInternetUK\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [AVG8_TRAY] C:\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe O4 - HKLM\..\Run: [ISTray] "C:\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [C:\NetMeter\NetMeter.exe] C:\NetMeter\NetMeter.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [xoizedm] c:\documents and settings\mick holden\local settings\application data\xoizedm.exe xoizedm O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Microsoft Office 97\Office\FINDFAST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Office 03\Office10\OSA.EXE O4 - Global Startup: Office Startup.lnk = C:\Microsoft Office 97\Office\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\OFFICE~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208101504375 O17 - HKLM\System\CCS\Services\Tcpip\..\{684BA69D-8E68-41F5-8657-511831C1F9CE}: NameServer = 10.203.129.68 10.203.129.68 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\AVG\AVG8\avgfws8.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Spyware Doctor\pctsSvc.exe O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe -- End of file - 12176 bytes The uninstall list- Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 7.1.0 AGEIA PhysX v7.05.06 AnyDVD AOL Coach Version 1.0(Build:20040229.1 uk) AOL Connectivity Services AOL Spyware Protection AOL UK (Choose which version to remove) AOL You've Got Pictures Screensaver Apple Mobile Device Support Apple Software Update ARTEuro Audacity 1.2.6 AVG 8.0 BackgammonMasters Client Belarc Advisor 7.0 BitComet 1.01 Black & White® 2 Bonjour Canon LBP2900 Card Detector for Option Icon 225 CinepPlayer 30 Update Cool MP3 Splitter 2.0 Cool Mp3 Splitter Joiner 2.15 Corel Paint Shop Pro X Corel Photo Album 6 Creative MediaSource DEC Dell CinePlayer Dell Driver Reset Tool Dell Media Experience Dell Support 5.0.0 (630) DivX DivX Player DVD Decrypter (Remove Only) DVD Ripper Platinum 4 DVD Shrink 3.1.7 EAX4 Unified Redist eMule Favorit FixTunes (remove only) Gothic III Release Update GTA San Andreas Guild Wars Hauppauge English Help Files and Resources Hauppauge TvTv Sync Hauppauge WinTV Scheduler Hauppauge WinTV Soft PVR Hauppauge WinTV2000 Heroes of Might & Magic V: Hammers of Fate Heroes of Might and Magic V Heroes of Might and Magic® IV Highlight Viewer (Windows Live Toolbar) HijackThis 2.0.2 Hollywood FX 5.5 Additional Effects Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB935448) HP Deskjet 5900 series HP Extended Capabilities 5.0 HP Image Zone 5.0 HP Imaging Device Functions 5.0 HP Software Update HP Solution Center & Imaging Support Tools 5.0 Indeo® software Internet Everywhere uninstall InterVideo FilterSDK for Hauppauge InterVideo WinDVD 4 iTunes Jade Empire Java 2 Runtime Environment, SE v1.4.2_03 Java™ 6 Update 5 Java™ 6 Update 6 Learn2 Player (Uninstall Only) Lemmings Revolution LimeWire 4.16.7 Logitech Gaming Software Logitech SetPoint Malwarebytes' Anti-Malware Map Button (Windows Live Toolbar) Max Registry Cleaner MCU MediaLife Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Excel 97 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional with FrontPage Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Word 97 Microsoft Works 7.0 Mozilla Firefox (2.0.0.14) MSN MSXML 4.0 SP2 (KB936181) MUSICMATCH® Jukebox Nero 7 Premium Nero Sipps NetMeter 1.1.3 Neverwinter Nights Neverwinter Nights 2 NVIDIA Drivers NVIDIA ForceWare Network Access Manager Online Manuals for WinTV (English) Overlord Panda ActiveScan 2.0 PCFriendly Pinnacle Hollywood FX for Studio Play65 proDAD Heroglyph 1.0 Psychonauts Puzzler Sudoku QuickTime RealArcade RealPlayer Basic RipIt4Me Roxio DVDMAX Player Safari Scrabble® 2003 Edition Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) SexyGirlStripSaver Shareaza 2.3.1.0 Smart Menus (Windows Live Toolbar) SmartSound Quicktracks Plugin Sonic Activation Module Sonic Update Manager Sound Blaster X-Fi SpyHunter Spyware Doctor 5.5 SpywareBlaster 4.0 SpyZooka Studio 9 Studio 9 Content CD/DVD Studio 9.4 Patch SUPERAntiSpyware Free Edition Texas Hold'em 3D XP Championship THE SETTLERS - Rise of an Empire The Witcher Tiscali Internet Titan Quest Titan Quest Immortal Throne Tom Clancy's Splinter Cell Double Agent Tomb Raider: Anniversary 1.0 Two Worlds Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Viewpoint Media Player Vodafone Mobile Connect Lite Wanadoo Europe Installer What's Running 2.2 Windows Imaging Component Windows Internet Explorer 7 Windows Live Favorites for Windows Live Toolbar Windows Live installer Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Writer Windows Media Format Runtime Windows Media Video 9 Advanced Profile Codec Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB896626 WinRAR archiver World Series Of Poker WWTBAM 2nd Edition Other scans performed:- Spyzooka report-[/color Have attached the report. It finds some suspicious things: [color="#FF0000"]Spyware Doctor- Have attached the report. It also finds some nasties. I hope you can help me out here as it looks as if I have more than just adware problems. This post has been edited by Grumpy Surfer: Jun 3 2008, 07:33 PM Attached File(s)** Spyzooka_Report.txt ( 132K ) Number of downloads: 2 Spyware_Doctor.htm ( 29.27K ) Number of downloads: 2

IndiGenus View Member Profile	Jun 3 2008, 07:33 PM Post #4
Trusted Helper Posts: 1,036 From: Massachusetts OS: XP Pro SP2 ~ Vista Ultimate ~ Ubuntu	Run HijackThis. Click Do a System Scan Only. Put a Check in the box on the left side on this: O4 - HKCU\..\Run: [xoizedm] c:\documents and settings\mick holden\local settings\application data\xoizedm.exe xoizedm Then close all windows except HijackThis and press Fix checked. Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): c:\documents and settings\mick holden\local settings\application data\xoizedm.exe Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply. Close OTMoveIt If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes. If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at : C:\_OTMoveIt\MovedFiles\*****_**.log (where "******_**" is the "date_time") Click "Exit"** to close OTMoveIt.

Grumpy Surfer View Member Profile	Jun 3 2008, 07:43 PM Post #5
Member Posts: 13 OS: XP	OK. That all went fine. Results:- c:\documents and settings\mick holden\local settings\application data\xoizedm.exe moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06042008_024243

IndiGenus View Member Profile	Jun 3 2008, 07:47 PM Post #6
Trusted Helper Posts: 1,036 From: Massachusetts OS: XP Pro SP2 ~ Vista Ultimate ~ Ubuntu	Sorry forgot to ask....can you please post a new HijackThis log too.

Grumpy Surfer View Member Profile	Jun 3 2008, 07:49 PM Post #7
Member Posts: 13 OS: XP	New hijack log:- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:50:08, on 04/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\AVG\AVG8\avgwdsvc.exe C:\AVG\AVG8\avgfws8.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\AVG\AVG8\avgam.exe C:\AVG\AVG8\avgrsx.exe C:\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\SpywareDetector\SDService.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\WINDOWS\system32\RTDCPL.EXE C:\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\AVG\AVG8\avgtray.exe C:\Program Files\QuickTime\QTTask.exe C:\iTunes\iTunesHelper.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\CardDetector\ICON225\CardDetector.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\SpywareDetector\SDSystemTray.exe C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe C:\Logitech\Profiler\lwemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\NetMeter\NetMeter.exe C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Microsoft Office 97\Office\OSA.EXE C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\SUPERAntiSpyware\SUPERAntiSpyware.exe E:\PhoneConnectorVMC.exe C:\Program Files\vodafone\vmclite\vmc.exe C:\Spyware Doctor\pctsGui.exe C:\Spyware Doctor\pctsAuxs.exe C:\Spyware Doctor\pctsSvc.exe C:\Spyware Doctor\pctsTray.exe C:\Safari\Safari.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0seenus/saos01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\AVG\AVG8\avgtoolbar.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\AVG\AVG8\avgtoolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RTDCPL] RTDCPL.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [BEWINTERNET-UK-IEWSessionManager] C:\Program Files\OrangeBS\IEWInternetUK\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [AVG8_TRAY] C:\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe O4 - HKLM\..\Run: [ISTray] "C:\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [C:\NetMeter\NetMeter.exe] C:\NetMeter\NetMeter.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-21-466003701-440341560-2136042160-500\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Administrator') O4 - HKUS\S-1-5-21-466003701-440341560-2136042160-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Microsoft Office 97\Office\FINDFAST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Office 03\Office10\OSA.EXE O4 - Global Startup: Office Startup.lnk = C:\Microsoft Office 97\Office\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\OFFICE~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208101504375 O17 - HKLM\System\CCS\Services\Tcpip\..\{684BA69D-8E68-41F5-8657-511831C1F9CE}: NameServer = 10.203.129.68 10.203.129.68 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\AVG\AVG8\avgfws8.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Spyware Doctor\pctsSvc.exe O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe -- End of file - 12290 bytes

IndiGenus View Member Profile	Jun 3 2008, 07:55 PM Post #8
Trusted Helper Posts: 1,036 From: Massachusetts OS: XP Pro SP2 ~ Vista Ultimate ~ Ubuntu	Use ATF Cleaner to remove temp files, cookies, cache, ect... Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and Paste the entire report in your next reply. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please do an online scan with Kaspersky WebScanner You need to use Internet Explorer for this scan. Click on Kaspersky Online Scanner and click Accept You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Also post a new HJT log and let me know how it's running.

Grumpy Surfer View Member Profile	Jun 3 2008, 07:59 PM Post #9
Member Posts: 13 OS: XP	OK, doing that now. I am very impressed with you guys already !!!!

Grumpy Surfer View Member Profile	Jun 3 2008, 08:47 PM Post #10
Member Posts: 13 OS: XP	Got to go to bed now as it is 3.45 am here in England. The scan is going to take a long time to run. It only 2% complete and had been running for 15 minutes. I will post the results later on today (or Tomorrow as it will be for you guys). Many Thanks (Less) Grumpy Surfer

IndiGenus View Member Profile	Jun 4 2008, 04:19 AM Post #11
Trusted Helper Posts: 1,036 From: Massachusetts OS: XP Pro SP2 ~ Vista Ultimate ~ Ubuntu	Hi, When those scans are done there is something else I would like you to check for. Please download Navilog1 by IL-MAFIOSO: http://pagesperso-orange.fr/il.mafioso/Navifix/Navilog1.exe (Alternate download location Here) Save it to your Desktop. * Double-click on Navilog1.exe to install the program. * When the installation is complete, the tool will start automatically. * If it doesn't start automatically, please double-click on the Navilog1 shortcut on your Desktop to run it. * Press E for English from the language Menu. * Type 1 in the next Menu to select Search and press Enter. * Wait for the Scan to finish (It may take a reasonable amount of time). * Press any key as requested . * A new document will be produced: fixnavi.txt. * Please copy/paste the contents of this report in your next reply. The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

Grumpy Surfer

Jun 4 2008,