I can not get rid of Ad.yieldmanager! [Closed]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

3 Pages

1 2 3 >

I can not get rid of Ad.yieldmanager! [Closed]

Options

EveHallowsAll View Member Profile	Jan 14 2009, 06:48 PM Post #1
Member Posts: 19 OS: Windows XP	Ad.yieldmanager keeps popping up at random times, my computer can't load some internet pages without this coming up. It doesn't seem to matter what site is loading, it just happens randomly. This is my work computer and no one has been able to fix it! Here is the Hijack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:23:06 PM, on 1/14/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\SiteAdvisor\6173\SAService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\SiteAdvisor\6173\SiteAdv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?source=navclient-ff#inbox R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll O2 - BHO: HTML Source Editor - {AF3C5847-AEE4-4B9B-82D3-8E0991EBE4AD} - C:\WINDOWS\system32\Greenway\GMTBRO~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.192.168.0.9 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://192.168.0.9/downloads/setup.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://w1.webex.com/client/T23L/webex/ieatgpc.cab O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Filter hijack: text/html - {c860638c-364e-42cf-a7dd-10f5e5fa8c01} - C:\WINDOWS\system32\mst120.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component 0: (no name) - http://i52.photobucket.com/albums/g3/ksriver80/w/06.jpg -- End of file - 11780 bytes And the uninstall list 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 7.0.8 Adobe Shockwave Player Adobe SVG Viewer 3.0 AOLIcon AudibleManager CA Yahoo! Anti-Spy (remove only) ChartLogic 5.0 Citrix Web Client Compatibility Pack for the 2007 Office system Conexant HDA D110 MDC V.92 Modem Creative MediaSource 5 Creative System Information Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Wireless WLAN Card Digital Content Portal Digital Line Detect Documentation & Support Launcher Dragon NaturallySpeaking Components ELIcon Games, Music, & Photos Launcher Get High Speed Internet! Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB952287) HP Deskjet 8.0 Software HP Imaging Device Functions 8.0 HP Photosmart Essential HP Smart Web Printing 1.0 HP Solution Center 8.0 HP Update HPSSupply Intel® Graphics Media Accelerator Driver for Mobile Internet Service Offers Launcher Java™ 6 Update 3 Java™ 6 Update 7 Malwarebytes' RogueRemover McAfee Browser Protection Service McAfee Firewall Protection Service McAfee Uninstaller McAfee Virus and Spyware Protection Service MCU Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio 2007 Service Pack 1 (SP1) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office XP Professional Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Modem Helper MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) PowerDVD 5.5 PrimeSuite Client Components PrimeSuite Scanning Components 14.0 QuickSet QuickTime RealPlayer SearchAssist Security Update for Excel 2007 (KB946974) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB951808) Security Update for Microsoft Office Word 2007 (KB950113) Security Update for Office 2007 (KB947801) Security Update for Outlook 2007 (KB946983) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Visio 2007 (KB947590) Security Update for Visio 2007 (KB947590) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Sonic DLA Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager UniPrint Client 3.6.0 Update for Office 2007 (KB946691) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb950378) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) URL Assistant WebEx Windows Desktop Search 3.01 Windows Desktop Search 3.01 Windows Media Format Runtime Windows Media Player 10 Windows Media Player 10 Windows Media Player 10 Hotfix - KB895316 Windows XP Service Pack 3 Yahoo! Install Manager Yahoo! Software Update Yahoo! Toolbar Please help!!! I am out of ideas

handhfan View Member Profile	Jan 20 2009, 04:48 PM Post #2
GeekU Moderator Posts: 8,505 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Hello, EveHallowsAll, and welcome to GeeksToGo! Sorry for the delay in reply, the forums have been busy. Download OTListIt2 to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Under the Standard Registry box change it to All. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. The log for OTListIt2 will be very long and may not fit in one post. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply.

handhfan View Member Profile	Jan 27 2009, 10:14 AM Post #3
GeekU Moderator Posts: 8,505 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

handhfan View Member Profile	Jan 27 2009, 01:17 PM Post #4
GeekU Moderator Posts: 8,505 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Reopened at the request of the user.

EveHallowsAll View Member Profile	Jan 27 2009, 01:21 PM Post #5
Member Posts: 19 OS: Windows XP	OTList OTListIt logfile created on: 1/27/2009 11:35:05 AM - Run OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Nolanda Smauldon\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1015.37 Mb Total Physical Memory \| 320.84 Mb Available Physical Memory \| 31.60% Memory free 1.64 Gb Paging File \| 1.13 Gb Available in Paging File \| 69.33% Paging File free Paging file location(s): C:\pagefile.sys 756 1512; %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 34.10 Gb Total Space \| 22.20 Gb Free Space \| 65.11% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DF909VB1 Current User Name: Nolanda Smauldon Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Minimal File Age = 30 Days Company Name Whitelist: On ========== Processes (SafeList) ========== C:\WINDOWS\system32\WLTRYSVC.EXE () C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc.) C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd) C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.) C:\Program Files\SiteAdvisor\6173\SAService.exe () C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) C:\WINDOWS\system32\searchindexer.exe (Microsoft Corporation) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.) C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) C:\Program Files\SiteAdvisor\6173\SiteAdv.exe () C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe () C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe (McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe (McAfee, Inc.) C:\Program Files\McAfee\Managed VirusScan\Agent\HtmlDlg.exe (McAfee, Inc.) C:\WINDOWS\system32\searchprotocolhost.exe (Microsoft Corporation) C:\WINDOWS\system32\searchfilterhost.exe (Microsoft Corporation) C:\Documents and Settings\Nolanda Smauldon\Desktop\OTListIt2.exe (OldTimer Tools) ========== (O23) Win32 Services (SafeList) ========== (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) (Creative Service for CDROM Access [Auto \| Running]) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd) (EngineServer [Auto \| Running]) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.) (gusvc [On_Demand \| Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) (helpsvc [Auto \| Running]) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) (hpqcxs08 [On_Demand \| Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) (hpqddsvc [Auto \| Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) (McAfee HackerWatch Service [Auto \| Running]) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.) (McShield [On_Demand \| Running]) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe (McAfee, Inc.) (MDM [Auto \| Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) (Microsoft Office Groove Audit Service [On_Demand \| Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) (MpfService [Auto \| Running]) -- C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) (myAgtSvc [Auto \| Running]) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.) (NICCONFIGSVC [Auto \| Running]) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.) (odserv [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) (SiteAdvisor Service [Auto \| Running]) -- C:\Program Files\SiteAdvisor\6173\SAService.exe () (UMWdf [Auto \| Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation) (wltrysvc [Auto \| Running]) -- C:\WINDOWS\system32\WLTRYSVC.EXE () (WSearch [Auto \| Running]) -- C:\WINDOWS\system32\searchindexer.exe (Microsoft Corporation) (YahooAUService [Auto \| Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== (AliIde [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.) (amdagp [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\amdagp.sys (Advanced Micro Devices, Inc.) (APPDRV [System \| Running]) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc) (asc [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.) (asc3550 [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.) (BCM43XX [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) (bcm4sbxp [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) (CmdIde [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.) (dac2w2k [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation) (drvmcdb [Boot \| Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) (drvnddm [Auto \| Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) (E100B [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) (HDAudBus [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) (HSFHWAZL [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) (HSF_DPV [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) (ialm [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation) (mdmxsdk [Auto \| Running]) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant) (MfeAVFK [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\MfeAVFK.sys (McAfee, Inc.) (MfeBOPK [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\MfeBOPK.sys (McAfee, Inc.) (mfehidk [System \| Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) (MfeRKDK [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\MfeRKDK.sys (McAfee, Inc.) (mfetdik [System \| Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.) (MPFP [System \| Running]) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.) (mraid35x [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.) (nv [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\system32\drivers\pxhelp20.sys (Sonic Solutions) (ql1080 [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation) (ql12160 [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation) (ql1280 [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation) (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (sisagp [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\sisagp.sys (Silicon Integrated Systems Corporation) (Sparrow [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.) (sscdbhk5 [System \| Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) (ssrtln [System \| Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) (STHDA [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) (symc810 [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.) (symc8xx [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic) (sym_hi [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic) (sym_u3 [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic) (tfsnboio [Auto \| Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) (tfsncofs [Auto \| Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) (tfsndrct [Auto \| Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) (tfsndres [Auto \| Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) (tfsnifs [Auto \| Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) (tfsnopio [Auto \| Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) (tfsnpool [Auto \| Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) (tfsnudf [Auto \| Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) (tfsnudfa [Auto \| Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) (ultra [Disabled \| Stopped]) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.) (winachsf [On_Demand \| Running]) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) (WS2IFSL [System \| Running]) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?source=navclient-ff#inbox HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (208838 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 7343 more lines... O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O2 - BHO: (CPrintEnhancer Object) - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll (Hewlett-Packard Co.) O2 - BHO: (GMTBrowserHelper Class) - {AF3C5847-AEE4-4B9B-82D3-8E0991EBE4AD} - C:\WINDOWS\system32\Greenway\GMTBrowser.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll () O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKCU\..\Toolbar: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.) O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.) O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation) O4 - HKLM..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" (McAfee, Inc.) O4 - HKLM..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" (McAfee, Inc.) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKLM..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe (INGENICA UK Ltd.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" () O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe File not found O4 - HKCU..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s (Creative Technology Ltd) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Nolanda Smauldon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Sites: 32 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Sites: 192.168.0.9 (http in Trusted sites) O15 - HKCU\..Trusted Sites: 192.168.0.9 (https in Trusted sites) O15 - HKCU\..Trusted Sites: 31 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://192.168.0.9/downloads/setup.exe (InstallShield Setup Player 2K2) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://w1.webex.com/client/T23L/webex/ieatgpc.cab (GpcContainer Class) O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab (Quantum Streaming IE VersionManager Class) O18 - Protocol\Handler: - about - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler: - cdl - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler: - dvd - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler: - file - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler: - ftp - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler: - gopher - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler: - grooveLocalGWS - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler: - http - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler: - http\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - http\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - https - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler: - https\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - https\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler: - javascript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler: - local - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler: - mailto - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler: - mhtml - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler: - mk - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler: - ms-its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler: - myrm - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.7.0.538.dll (McAfee, Inc.) O18 - Protocol\Handler: - res - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler: - siteadvisor - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll () O18 - Protocol\Handler: - sysimage - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler: - tv - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler: - vbscript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler: - wia - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153}C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: (Browseui preloader) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) ========== HKLM Winlogon Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell" = Explorer.exe >C:\WINDOWS\explorer.exe (Microsoft Corporation) "UserInit" = C:\WINDOWS\system32\userinit.exe, >C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) "UIHost" = logonui.exe >C:\WINDOWS\system32\logonui.exe (Microsoft Corporation) "VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl" >C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) >C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation) ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation) cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation) cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation) dimsntfy: "DllName" = %SystemRoot%\System32\dimsntfy.dll -- C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation) SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation) wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) ========== IFEO "Debugger" Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\] Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation) ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ========== HKLM SecurityProviders ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders] "SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll >C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation) >C:\WINDOWS\system32\schannel.dll (Microsoft Corporation) >C:\WINDOWS\system32\digest.dll (Microsoft Corporation) >C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation) ========== LSA Authentication Packages ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages" = msv1_0, >C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation) ========== LSA Security Packages ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Security Packages" = kerberos,msv1_0,schannel,wdigest, >C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation) >C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation) >C:\WINDOWS\system32\schannel.dll (Microsoft Corporation) >C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation) ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] C:\AUTOEXEC.BAT () -- [ NTFS ] ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\.tmp files] File not found -- C:\Documents and Settings\Nolanda Smauldon\My Documents\CAPCADDN. File not found -- C:\Documents and Settings\Nolanda Smauldon\My Documents\CA4R232K. [2009/01/27 11:33:37 \| 00,419,328 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Nolanda Smauldon\Desktop\OTListIt2.exe [2009/01/16 14:18:30 \| 10,647,63392 \| -HS- \| C] () -- C:\hiberfil.sys [2009/01/16 13:11:49 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/01/16 13:10:31 \| 00,000,767 \| ---- \| C] () -- C:\Documents and Settings\Nolanda Smauldon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/01/16 13:10:12 \| 00,000,611 \| ---- \| C] () -- C:\Documents and Settings\Nolanda Smauldon\Desktop\NTREGOPT.lnk [2009/01/16 13:10:12 \| 00,000,592 \| ---- \| C] () -- C:\Documents and Settings\Nolanda Smauldon\Desktop\ERUNT.lnk [2009/01/16 13:10:11 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/01/15 13:00:35 \| 00,000,665 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Photoviewer.lnk [2009/01/15 13:00:32 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Photo Viewer [2009/01/14 17:22:54 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Nolanda Smauldon\My Documents\Scan [2009/01/14 17:19:46 \| 00,001,734 \| ---- \| C] () -- C:\Documents and Settings\Nolanda Smauldon\Desktop\HijackThis.lnk [2009/01/14 17:19:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009/01/13 16:16:57 \| 00,036,660 \| ---- \| C] () -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Comma Separated Values (Windows).ADR [2009/01/13 16:12:27 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Nolanda Smauldon\My Documents\contacts [2009/01/06 17:06:02 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Nolanda Smauldon\My Documents\aproposfix [2009/01/06 16:55:25 \| 00,000,000 \| ---D \| C] -- C:\Program Files\RogueRemover FREE [2009/01/05 12:03:36 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Image Zone Express [2009/01/02 15:29:02 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Scanner [2009/01/02 15:25:16 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! [2009/01/02 15:25:04 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Yahoo! [2009/01/02 15:25:04 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion [2009/01/02 15:23:26 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Yahoo! ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\.tmp files] [1 C:\WINDOWS\*.tmp files] File not found -- C:\Documents and Settings\Nolanda Smauldon\My Documents\CAPCADDN. File not found -- C:\Documents and Settings\Nolanda Smauldon\My Documents\CA4R232K. [2009/01/27 11:33:43 \| 00,419,328 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Nolanda Smauldon\Desktop\OTListIt2.exe [2009/01/27 10:09:00 \| 00,002,507 \| ---- \| M] () -- C:\Documents and Settings\Nolanda Smauldon\Desktop\Microsoft Outlook.lnk [2009/01/27 08:58:40 \| 00,518,480 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/01/27 08:58:40 \| 00,435,572 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/01/27 08:58:40 \| 00,074,288 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/01/27 08:56:04 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/01/27 08:55:44 \| 00,007,995 \| ---- \| M] () -- C:\WINDOWS\System32\Config.MPF [2009/01/27 08:54:12 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/01/27 08:54:06 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/01/27 08:54:05 \| 10,647,63392 \| -HS- \| M] () -- C:\hiberfil.sys [2009/01/26 17:31:13 \| 03,766,794 \| -H-- \| M] () -- C:\Documents and Settings\Nolanda Smauldon\Local Settings\Application Data\IconCache.db [2009/01/23 16:33:47 \| 00,000,426 \| ---- \| M] () -- C:\WINDOWS\BRWMARK.INI [2009/01/23 14:03:35 \| 00,054,156 \| -H-- \| M] () -- C:\WINDOWS\QTFont.qfn [2009/01/16 17:53:55 \| 01,510,400 \| ---- \| M] () -- C:\Documents and Settings\Nolanda Smauldon\Desktop\Mint visit window.xls [2009/01/16 13:10:31 \| 00,000,767 \| ---- \| M] () -- C:\Documents and Settings\Nolanda Smauldon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/01/16 13:10:12 \| 00,000,611 \| ---- \| M] () -- C:\Documents and Settings\Nolanda Smauldon\Desktop\NTREGOPT.lnk [2009/01/16 13:10:12 \| 00,000,592 \| ---- \| M] () -- C:\Documents and Settings\Nolanda Smauldon\Desktop\ERUNT.lnk [2009/01/15 14:05:38 \| 00,001,917 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/01/15 13:00:35 \| 00,000,665 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Photoviewer.lnk [2009/01/14 17:19:46 \| 00,001,734 \| ---- \| M] () -- C:\Documents and Settings\Nolanda Smauldon\Desktop\HijackThis.lnk [2009/01/13 16:16:57 \| 00,036,660 \| ---- \| M] () -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Comma Separated Values (Windows).ADR [2009/01/09 18:35:28 \| 20,853,704 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe ========== LOP Check ========== [2009/01/02 15:25:16 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2006/09/21 21:22:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2006/10/19 12:18:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AOL [2008/01/28 10:32:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Avg7 [2007/12/06 10:31:26 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Creative [2007/12/06 10:42:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Google [2007/09/03 07:56:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard [2007/09/03 08:00:47 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\HP [2007/09/03 08:01:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY [2006/09/21 21:12:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2008/07/25 15:13:05 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2007/03/04 18:42:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com [2009/01/07 14:10:31 \| 00,000,000 \| --SD \| M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2008/08/28 02:01:40 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2007/11/01 21:02:18 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\Move Networks [2008/02/12 00:15:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage [2008/06/18 16:24:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2004/08/10 11:13:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008/07/25 15:13:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor [2008/07/25 11:18:56 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2007/11/07 14:41:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007/09/03 08:02:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\WEBREG [2007/02/28 13:10:13 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2007/02/23 13:41:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\YAHOO [2009/01/02 15:25:16 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! [2009/01/02 15:26:07 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion [2009/01/14 16:35:12 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data [2008/02/17 17:33:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Adobe [2007/04/18 19:27:19 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\AdobeUM [2008/08/22 11:56:41 \| 00,000,000 \| R--D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Brother [2007/03/25 19:53:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Creative [2006/10/23 18:32:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\CyberLink [2007/02/27 19:22:56 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Error Safe Free [2006/10/17 15:21:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Google [2007/12/06 10:26:09 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Gtek [2007/09/07 21:21:21 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\HP [2006/10/19 13:05:19 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\ICAClient [2004/08/10 11:08:32 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Identities [2009/01/05 12:36:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Image Zone Express [2007/11/05 16:40:39 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Leadertech [2008/01/26 23:30:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Macromedia [2008/09/05 15:13:06 \| 00,000,000 \| --SD \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Microsoft [2008/06/23 11:20:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Mozilla [2007/12/06 10:28:41 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\MSNInstaller [2008/05/12 23:33:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\MySpace [2009/01/05 12:03:40 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Printer Info Cache [2008/11/04 15:17:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Real [2009/01/26 11:13:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\SiteAdvisor [2007/11/05 16:40:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Sonic [2006/10/19 12:23:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Sun [2008/06/23 11:28:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Talkback [2007/02/07 13:04:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Viewpoint [2007/10/13 18:42:09 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Wal-Mart Digital Photo Manager [2008/01/06 16:59:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Wal-Mart Digital Photo Viewer [2008/03/13 12:31:56 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\webex [2008/03/31 13:23:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Windows Desktop Search [2009/01/02 15:25:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Nolanda Smauldon\Application Data\Yahoo! [2004/08/04 03:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\desktop.ini [2008/12/26 18:30:00 \| 00,000,380 \| ---- \| M] () -- C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DF909VB1-Pharmaceutical Resea).job [2009/01/27 08:54:12 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 894 bytes -> %UserProfile%\Desktop\Pharmaceutical Research.url:favicon @Alternate Data Stream - 22486 bytes -> %UserProfile%\Desktop\Clinical Conductor CTMS - Clinical Conductor Home (2).url:favicon @Alternate Data Stream - 1406 bytes -> %UserProfile%\Desktop\Time Tracking Software - TimeclockOnline.com an Online Tool to Record Work Time.url:favicon @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable < End of report >

handhfan View Member Profile	Jan 27 2009, 01:36 PM Post #7
GeekU Moderator Posts: 8,505 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. Please download the OTMoveIt3 by OldTimer. Save it to your desktop. Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Processes explorer.exe :Files C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\Nolanda Smauldon\Application Data\Viewpoint C:\Program Files\Viewpoint :Commands [emptytemp] [start explorer] [Reboot] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Please do an online scan with Kaspersky WebScanner Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Please post this log in your next reply, along with the OTMoveIt3 log, and a new HijackThis log.

EveHallowsAll View Member Profile	Jan 27 2009, 02:33 PM Post #8
Member Posts: 19 OS: Windows XP	OTMoveIt3 log ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully. C:\Documents and Settings\Nolanda Smauldon\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 moved successfully. C:\Documents and Settings\Nolanda Smauldon\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 moved successfully. C:\Documents and Settings\Nolanda Smauldon\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 moved successfully. C:\Documents and Settings\Nolanda Smauldon\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 moved successfully. C:\Documents and Settings\Nolanda Smauldon\Application Data\Viewpoint\Viewpoint Experience Technology\Resources moved successfully. C:\Documents and Settings\Nolanda Smauldon\Application Data\Viewpoint\Viewpoint Experience Technology moved successfully. C:\Documents and Settings\Nolanda Smauldon\Application Data\Viewpoint moved successfully. File/Folder C:\Program Files\Viewpoint not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\NOLAND~1\LOCALS~1\Temp\JETC346.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\NOLAND~1\LOCALS~1\Temp\~DF9999.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\NOLAND~1\LOCALS~1\Temp\~DFB2D3.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\CIO62.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcafee_1dQfXBYpL89XYgQ scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcafee_xvo0zzBZVpfltFT scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01272009_131500 Files moved on Reboot... File C:\DOCUME~1\NOLAND~1\LOCALS~1\Temp\JETC346.tmp not found! C:\DOCUME~1\NOLAND~1\LOCALS~1\Temp\~DF9999.tmp moved successfully. C:\DOCUME~1\NOLAND~1\LOCALS~1\Temp\~DFB2D3.tmp moved successfully. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. C:\WINDOWS\temp\CIO62.tmp moved successfully. File C:\WINDOWS\temp\mcafee_1dQfXBYpL89XYgQ not found! File C:\WINDOWS\temp\mcafee_xvo0zzBZVpfltFT not found!

EveHallowsAll View Member Profile	Jan 27 2009, 04:53 PM Post #9
Member Posts: 19 OS: Windows XP	Current HijackThis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:46:11 PM, on 1/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\SiteAdvisor\6173\SAService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe C:\Program Files\SiteAdvisor\6173\SiteAdv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?source=navclient-ff#inbox R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll O2 - BHO: HTML Source Editor - {AF3C5847-AEE4-4B9B-82D3-8E0991EBE4AD} - C:\WINDOWS\system32\Greenway\GMTBRO~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.192.168.0.9 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://192.168.0.9/downloads/setup.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://w1.webex.com/client/T23L/webex/ieatgpc.cab O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Filter hijack: text/html - {c860638c-364e-42cf-a7dd-10f5e5fa8c01} - C:\WINDOWS\system32\mst120.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component 0: (no name) - http://i52.photobucket.com/albums/g3/ksriver80/w/06.jpg -- End of file - 11887 bytes

EveHallowsAll View Member Profile	Jan 27 2009, 04:57 PM Post #10
Member Posts: 19 OS: Windows XP	-Kaspersky Scan *This concerns me, the only thing "infected" is a program I have to use for work ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, January 27, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, January 27, 2009 19:28:31 Records in database: 1711107 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 46436 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 01:28:53 File name / Threat name / Threats count C:\ChartLogic\vnc-3.3.3r9_x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 1 The selected area was scanned.

handhfan View Member Profile	Jan 27 2009, 05:05 PM Post #11
GeekU Moderator Posts: 8,505 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	It's not a virus. It's a tool that has been caught due to heuristics. It's legitimate, and is perfectly safe. Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. Make sure you have an Internet Connection. Download OTCleanIt to your desktop and run it A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so. Click Yes to beging the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. Please update Adobe Reader, by downloading and installing Adobe Reader 9. Next, let's clean your restore points and set a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard gives you realtime protection from spyware. Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask. To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit. Have a safe and happy computing day!

EveHallowsAll View Member Profile	Jan 27 2009, 06:50 PM Post #12
Member Posts: 19 OS: Windows XP	Thank you!!!! If this works you will be my hero! I will let you know if I have any issues, thank you so much!

EveHallowsAll View Member Profile	Jan 28 2009, 01:01 PM Post #13
Member Posts: 19 OS: Windows XP	The Ad.yieldmanager hasn't come up but I have a bunch of new ones now. I ran the SUPERantiSpyware this morning after I couldn't even open up my email without being redirected to a search page. The program found 16 spyware cookies and I deleted those. Now I can't pull up most websites without being redirected to a search page. This is the most recent one that keeps showing up " http://ad.doubleclick.net/adi/amzn.us.gw.atf%3Bsz" The Ad.yieldmanager only came up every now and then, whatever I have now is stopping me from practically every website! What do I do now?? Plus, my computer is running slower than ever. I'm losing it!

handhfan View Member Profile	Jan 28 2009, 08:49 PM Post #14
GeekU Moderator Posts: 8,505 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Please post another HijackThis log, and a new ComboFix log. You may need to redownload ComboFix: Please download ComboFix from Here or Here to your Desktop. Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop Please, never rename Combofix unless instructed. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.* ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall This post has been edited by handhfan: Jan 28 2009, 08:50 PM

EveHallowsAll View Member Profile	Jan 29 2009, 12:25 PM Post #15
Member Posts: 19 OS: Windows XP	Here are the logs.... I seem to have deleted my McAfee virus protection, I still have the firewall but when I pull up Windows Security I am missing a Virus Protection applictaion. I am really really bad with computers. ComboFix 09-01-21.04 - Nolanda Smauldon 2009-01-29 10:55:49.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.535 [GMT -7:00] Running from: c:\documents and settings\Nolanda Smauldon\Desktop\ComboFix.exe FW: Total Protection Service disabled * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Nolanda Smauldon\err.log c:\program files\Common\helper.sig c:\windows\Downloaded Program Files\setup.dll c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 ))))))))))))))))))))))))))))))) . 2009-01-28 16:56 . 2009-01-28 16:56 <DIR> d-------- c:\documents and settings\Nolanda Smauldon\Application Data\Malwarebytes 2009-01-28 16:56 . 2009-01-28 16:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-27 17:20 . 2009-01-27 17:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-01-27 17:19 . 2009-01-27 17:20 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-01-27 17:19 . 2009-01-27 17:19 <DIR> d-------- c:\documents and settings\Nolanda Smauldon\Application Data\SUPERAntiSpyware.com 2009-01-27 17:18 . 2009-01-27 17:18 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-27 17:16 . 2009-01-28 10:07 <DIR> d-------- c:\program files\SpywareGuard 2009-01-27 17:12 . 2009-01-27 17:12 <DIR> d-------- c:\program files\SpywareBlaster 2009-01-27 17:12 . 2009-01-29 10:18 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-27 16:51 . 2009-01-27 16:51 <DIR> d-------- c:\documents and settings\Nolanda Smauldon\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-01-27 16:49 . 2009-01-27 16:49 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-01-27 16:38 . 2009-01-27 16:38 <DIR> d-------- c:\program files\NOS 2009-01-27 16:38 . 2009-01-27 16:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2009-01-27 13:11 . 2009-01-27 13:12 <DIR> d-------- c:\documents and settings\Nolanda Smauldon\.SunDownloadManager 2009-01-16 13:10 . 2009-01-16 13:10 <DIR> d-------- c:\program files\ERUNT 2009-01-14 17:19 . 2009-01-14 17:19 <DIR> d-------- c:\program files\Trend Micro 2009-01-07 15:55 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll 2009-01-07 15:55 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll 2009-01-07 15:55 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll 2009-01-07 15:55 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll 2009-01-07 15:55 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll 2009-01-07 15:55 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll 2009-01-07 15:55 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll 2009-01-07 15:55 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll 2009-01-06 16:55 . 2009-01-15 14:03 <DIR> d-------- c:\program files\RogueRemover FREE 2009-01-05 12:03 . 2009-01-05 12:36 <DIR> d-------- c:\documents and settings\Nolanda Smauldon\Application Data\Image Zone Express 2009-01-02 15:29 . 2009-01-02 15:29 <DIR> d-------- c:\program files\Common Files\Scanner 2009-01-02 15:25 . 2009-01-02 15:25 <DIR> d-------- c:\documents and settings\Nolanda Smauldon\Application Data\Yahoo! 2009-01-02 15:25 . 2009-01-02 15:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-01-02 15:25 . 2009-01-02 15:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! 2009-01-02 15:23 . 2009-01-02 15:25 <DIR> d-------- c:\program files\Yahoo! . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-29 17:56 --------- d-----w c:\program files\Common 2009-01-28 17:13 --------- d-----w c:\documents and settings\Nolanda Smauldon\Application Data\SiteAdvisor 2009-01-28 16:19 --------- d-----w c:\documents and settings\LocalService\Application Data\SiteAdvisor 2009-01-27 23:48 --------- d-----w c:\program files\Common Files\Adobe 2009-01-16 20:02 --------- d-----w c:\program files\Java 2009-01-15 21:08 --------- d-----w c:\program files\HP 2009-01-15 21:08 --------- d-----w c:\program files\Common Files\HP 2009-01-05 19:03 --------- d-----w c:\documents and settings\Nolanda Smauldon\Application Data\Printer Info Cache 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-09-05 16:25 70,000 ----a-w c:\documents and settings\Nolanda Smauldon\Application Data\GDIPFONTCACHEV1.DAT 2007-11-07 03:52 374 -c--a-w c:\documents and settings\Nolanda Smauldon\Application Data\internaldb6334.dat 2007-05-28 21:26 88 --sh--r c:\windows\system32\740ECF10C1.sys 2007-05-28 21:26 3,766 -csha-w c:\windows\system32\KGyGaAvL.sys 2008-07-09 22:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070920080710\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416] "MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-21 98304] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "UniPrint"="c:\progra~1\UniPrint\Client\SetDfltSettings.exe" [2005-07-20 131072] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-23 185896] "MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2008-01-22 468288] "McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [2008-01-22 87360] "SiteAdvisor"="c:\program files\SiteAdvisor\6173\SiteAdv.exe" [2007-08-28 36640] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe] c:\documents and settings\Nolanda Smauldon\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-09-21 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] R4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2008-07-25 169280] R4 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-27 33752] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2008-12-27 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (DF909VB1-Pharmaceutical Resea).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe [] . - - - - ORPHANS REMOVED - - - - HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://mail.google.com/mail/?source=navclient-ff#inbox uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: 192.168.0.9 DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://192.168.0.9/downloads/setup.exe DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-29 10:59:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(792) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\windows\system32\CTSVCCDA.EXE c:\program files\Common Files\McAfee\HackerWatch\HWAPI.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\program files\SiteAdvisor\6173\SAService.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\searchindexer.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\program files\McAfee\Managed VirusScan\Agent\myAgtTry.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************ . Completion time: 2009-01-29 11:03:20 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-29 18:03:17 Pre-Run: 24,934,137,856 bytes free Post-Run: 24,900,210,688 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 190 --- E O F --- 2009-01-14 01:05:36 New Hijack log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:22 AM, on 1/29/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\SiteAdvisor\6173\SAService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\SiteAdvisor\6173\SiteAdv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?source=navclient-ff#inbox R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060921 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll O2 - BHO: HTML Source Editor - {AF3C5847-AEE4-4B9B-82D3-8E0991EBE4AD} - C:\WINDOWS\system32\Greenway\GMTBRO~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [UniPrint] C:\PROGRA~1\UniPrint\Client\SetDfltSettings.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.192.168.0.9 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://192.168.0.9/downloads/setup.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://w1.webex.com/client/T23L/webex/ieatgpc.cab O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sdk/late...2ie06041001.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component 0: (no name) - http://i52.photobucket.com/albums/g3/ksriver80/w/06.jpg -- End of file - 11609 bytes

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Please let me get rid of ad.yieldmanager.com... [CLOSED]	2 / 892	1st October 2005 - 04:44 PM Teme started - last by greyknight17
Virus, Spyware and Trojan Removal Please help! I can't get rid of my Spyware! [CLOSED]	6 / 839	4th December 2005 - 09:18 PM redghst1203 started - last by OwNt
Virus, Spyware and Trojan Removal Can NOT get rid of ALL Malware! [CLOSED]	2 / 219	23rd February 2006 - 08:35 AM xdeeliciouzx started - last by Buckeye_Sam
Virus, Spyware and Trojan Removal Can't get rid of ad.yieldmanager	0 / 166	11th April 2009 - 09:47 AM Sargantana started - last by Sargantana