Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help! Random pop ups.

Started by Compnoobie , Feb 08 2007 08:50 PM

This topic is locked

#16
Compnoobie

Posted 17 February 2007 - 09:30 PM

Member

Topic Starter
Member
139 posts

Thank you so much for the help. You've been very helpful. I don't want to be selfish, but I have another PC thats running really slow and i'm suspicious that there is a virus of some sort on it, too. I understand if you're preoccupied with other work, and can't help me with this issue. You've already done so much. Anyway, heres the hijack log of my other PC if you do have time.
Logfile of HijackThis v1.99.1
Scan saved at 5:19:47 PM, on 2/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\myWIFIzone\myWIFIZone.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\11g USB adapter\Wifiusb.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.CHANCOMPUTER\Desktop\hijackthis\GOTCHA.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [myWIFIzone] C:\Program Files\myWIFIzone\myWIFIZone.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: 802.11g USB adapter.lnk = C:\Program Files\11g USB adapter\Wifiusb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalci...m/video/kdx.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

#17
Essexboy

Posted 18 February 2007 - 02:59 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi Compnoobie as this look relatively easy I will continue

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalci...m/video/kdx.cab

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Then download Superantispyware to this system and run a scan as per the previous post, after updating.

And if you can then post the Superantispyware log and a new HJT log

#18
Compnoobie

Posted 18 February 2007 - 06:36 PM

Member

Topic Starter
Member
139 posts

SUPERAntiSpyware Scan Log
Generated 02/18/2007 at 06:27 PM

Application Version : 3.5.1016

Core Rules Database Version : 3184
Trace Rules Database Version: 1194

Scan type : Complete Scan
Total Scan Time : 01:17:29

Memory items scanned : 569
Memory threats detected : 0
Registry items scanned : 6844
Registry threats detected : 20
File items scanned : 60306
File threats detected : 180

Adware.Tracking Cookie
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\owner@valueclick[1].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.CHANCOMPUTER\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@247realmedia[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@2o7[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@adknowledge[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@adrevolver[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@adrevolver[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@adrevolver[3].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@adtech[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@advertising[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@apmebf[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@asexuality[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@atdmt[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@atwola[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@azjmp[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@belnk[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@bluestreak[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@burstnet[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@casalemedia[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@clickability[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@clickbank[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@doubleclick[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@exitexchange[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@fastclick[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@fastclick[3].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@focalex[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@fortunecity[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@hitbox[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@hurricanedigitalmedia[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@indextools[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@linksynergy[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@linksynergy[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@maxserving[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@mediaplex[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@nextag[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@offeroptimizer[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@overture[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@partner2profit[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@pro-market[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@prstats[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@qksrv[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@qnsr[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@questionmarket[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@realmedia[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@revenue[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@revsci[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@roiservice[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@serving-sys[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@spylog[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@starware[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@statcounter[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@stats24[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@tacoda[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@targetnet[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@tradedoubler[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@trafficmp[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@tribalfusion[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@tripod[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@valueclick[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@valueclick[3].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@versiontracker[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@warlog[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@yadro[2].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@yieldmanager[1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan [email protected][1].txt
C:\Documents and Settings\Chan Computer\Cookies\chan computer@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Adware.WhenU
HKCR\WUSN.1
HKCR\WUSN.1#WUSN_Id
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version
HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKCR\AppId\ACM.DLL
HKCR\AppId\ACM.DLL#AppID
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version
C:\Documents and Settings\Owner.CHANCOMPUTER\Start Menu\Programs\WhenU

Adware.Ezula
C:\Documents and Settings\Owner.CHANCOMPUTER\Start Menu\Programs\TopText iLookup

Trojan.Malware
C:\asdf.txt

Spyware.E2G
C:\Program Files\E2G\data19
C:\Program Files\E2G

n-CASE (SongSpy)
C:\PROGRAM FILES\STC\MSBB.EXE

Adware.Viewpoint Toolbar
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL

#19
Compnoobie

Posted 18 February 2007 - 06:37 PM

Member

Topic Starter
Member
139 posts

Logfile of HijackThis v1.99.1
Scan saved at 7:37:41 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\RaMaint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\myWIFIzone\myWIFIZone.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\11g USB adapter\Wifiusb.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.CHANCOMPUTER\Desktop\hijackthis\GOTCHA.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [myWIFIzone] C:\Program Files\myWIFIzone\myWIFIZone.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: 802.11g USB adapter.lnk = C:\Program Files\11g USB adapter\Wifiusb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

#20
Essexboy

Posted 19 February 2007 - 12:46 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi again Compnoobie, could you please run a Panda scan for me to check a little deeper

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

#21
Compnoobie

Posted 19 February 2007 - 02:29 PM

Member

Topic Starter
Member
139 posts

I've been trying to do the Panda Scan, but it keeps telling me "Error on downloading ActiveScan. An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again" I followed all the steps and even downloaded and installed the active x stuff. I tried removing the temp. files and removing the activescan folder form system32, but it still doesn't work. Do you have any suggestions?

#22
Essexboy

Posted 19 February 2007 - 05:07 PM

GeekU Moderator

Retired Staff
69,964 posts

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

Follow the Instruction Here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

#23
Compnoobie

Posted 19 February 2007 - 10:05 PM

Member

Topic Starter
Member
139 posts

Scanning Report
Monday, February 19, 2007 19:53:43 - 23:04:23

Computer name: CHANCOMPUTER
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 4 malware found
JS/Istbar.P (virus)

* C:\DOCUMENTS AND SETTINGS\CHAN COMPUTER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PV83WLCL\POPULAR[1].HTML (Submitted)
* C:\DOCUMENTS AND SETTINGS\CHAN COMPUTER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\K96VSL2F\64975[1].HTML (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)

Trojan-Proxy.Win32.Agent.lu (virus)

* C:\SYSTEM VOLUME INFORMATION\_RESTORE{4B856937-9459-4BE2-A2F2-46671B7B9B76}\RP351\A0052103.EXE (Renamed & Submitted)

Statistics
Scanned:

* Files: 59225
* System: 4953
* Not scanned: 13

Actions:

* Disinfected: 1
* Renamed: 1
* Deleted: 0
* None: 2
* Submitted: 3

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\SQLITE_6B4P2ODMACE9ORG
* C:\WINDOWS\TEMP\SQLITE_DDPH36TWG7DIL8V
* C:\WINDOWS\TEMP\SQLITE_GEWNOIUQOJOX65Y
* C:\WINDOWS\TEMP\SQLITE_MP1KQYIIKYHX9I2
* C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{1D2232BB-AD50-4941-A931-CD08B278693E}.BIN
* C:\PROGRAM FILES\COMMON FILES\VERIZON ONLINE\CONNMGR\VZLOG
* C:\DOCUMENTS AND SETTINGS\OWNER.CHANCOMPUTER\LOCAL SETTINGS\TEMP\SQLITE_HW4QTKXEGXKLXGG
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\0000\0012\VALUES
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3173291A2F9B6678F56F2EB8CA957036_1DCE0E75-1303-433A-BFC1-6B582BD25551

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-02-19
* F-Secure AVP: 7.0.171, 2007-02-19
* F-Secure Orion: 1.2.37, 2007-02-19
* F-Secure Blacklight: 1.0.53, 0000-00-00
* F-Secure Draco: 1.0.35, 0260-02-44
* F-Secure Pegasus: 1.19.0, 2007-01-12

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

#24
Essexboy

Posted 20 February 2007 - 03:18 PM

GeekU Moderator

Retired Staff
69,964 posts

Hmm OK a little deeper look now to find any waifs and strays

Download WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.

Open the folder and double-click on winpfind2.exe to start the program.
Click on the Services tab.
From the two drop down boxes next to Filter list:, on the left one choose List all type of services and on the right one choose List all services.
Click on the Configuration tab.
Keep the standard settings and then in the AddOn-Options box click the checkboxes for
- HKCU_IEDesktop.def
- Policies.def
- SID_Run_Policies.def
to select them.
Under File Options click Select All
Under Other Options put a check to both Show All boxes
Please maximize the window in order to be able to view the Status Bar where you can see the progress of the scan.
Now click the Run All Scans button on the toolbar.
When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.

Please include another HJT log along with winpfind :whistling:

Plus an update on how the system is running

#25
Compnoobie

Posted 20 February 2007 - 04:18 PM

Member

Topic Starter
Member
139 posts

When I click "Run all Scans" it says, access is denied. So I'm not sure what to do next. It's able to scan everything I think until it gets to the services. Here is the simple report anyway.

Edited by Compnoobie, 20 February 2007 - 10:04 PM.

#26
Compnoobie

Posted 20 February 2007 - 04:22 PM

Member

Topic Starter
Member
139 posts

Logfile created on: 2/20/2007 11:04:55 PM
WinPFind2 by OldTimer - Version 1.0.15 Folder = C:\Documents and Settings\Owner.CHANCOMPUTER\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

< All Processes >
\systemroot\system32\smss.exe - (Microsoft Corporation )
\??\c:\windows\system32\csrss.exe - (Microsoft Corporation )
\??\c:\windows\system32\winlogon.exe - (Microsoft Corporation )
c:\windows\system32\services.exe - (Microsoft Corporation )
c:\windows\system32\lsass.exe - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] - (Microsoft Corporation )
(DcomLaunch) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(Wmi) - (File not found))
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] - (Microsoft Corporation )
(RpcSs) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation )
(Wmi) - (File not found))
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] - (Microsoft Corporation )
(6to4) C:\WINDOWS\System32\6to4svc.dll - (Microsoft Corporation )
(AppMgmt) C:\WINDOWS\System32\appmgmts.dll - (File not found))
(AudioSrv) C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation )
(BITS) C:\WINDOWS\System32\qmgr.dll - (Microsoft Corporation )
(Browser) C:\WINDOWS\System32\browser.dll - (Microsoft Corporation )
(CryptSvc) C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation )
(Dhcp) C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation )
(dmserver) C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp. )
(ERSvc) C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation )
(EventSystem) C:\WINDOWS\System32\es.dll - (Microsoft Corporation )
(FastUserSwitchingCompatibility) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(helpsvc) %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (File not found))
(HidServ) C:\WINDOWS\System32\hidserv.dll - (File not found))
(lanmanserver) C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation )
(lanmanworkstation) C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation )
(Messenger) C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation )
(Netman) C:\WINDOWS\System32\netman.dll - (Microsoft Corporation )
(Nla) C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation )
(NtmsSvc) C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation )
(RasAuto) C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation )
(RasMan) C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation )
(RemoteAccess) C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation )
(Schedule) C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation )
(seclogon) C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation )
(SENS) C:\WINDOWS\system32\sens.dll - (Microsoft Corporation )
(SharedAccess) C:\WINDOWS\System32\ipnathlp.dll - (Microsoft Corporation )
(ShellHWDetection) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(srservice) C:\WINDOWS\System32\srsvc.dll - (Microsoft Corporation )
(TapiSrv) C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation )
(Themes) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(TrkWks) C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation )
(W32Time) C:\WINDOWS\System32\w32time.dll - (Microsoft Corporation )
(winmgmt) C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation )
(WmdmPmSN) C:\WINDOWS\system32\MsPMSNSv.dll - (Microsoft Corporation )
(wscsvc) C:\WINDOWS\system32\wscsvc.dll - (Microsoft Corporation )
(wuauserv) C:\WINDOWS\system32\wuauserv.dll - (Microsoft Corporation )
(WZCSVC) C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation )
(xmlprov) C:\WINDOWS\System32\xmlprov.dll - (Microsoft Corporation )
(Wmi) - (File not found))
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] - (Microsoft Corporation )
(Dnscache) C:\WINDOWS\System32\dnsrslvr.dll - (Microsoft Corporation )
(Wmi) - (File not found))
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] - (Microsoft Corporation )
(Alerter) C:\WINDOWS\system32\alrsvc.dll - (Microsoft Corporation )
(LmHosts) C:\WINDOWS\System32\lmhsvc.dll - (Microsoft Corporation )
(SSDPSRV) C:\WINDOWS\System32\ssdpsrv.dll - (Microsoft Corporation )
(upnphost) C:\WINDOWS\System32\upnphost.dll - (Microsoft Corporation )
(WebClient) C:\WINDOWS\System32\webclnt.dll - (Microsoft Corporation )
(Wmi) - (File not found))
c:\windows\explorer.exe - (Microsoft Corporation )
c:\windows\system32\spoolsv.exe - (Microsoft Corporation )
c:\windows\system32\hkcmd.exe - (Intel Corporation )
c:\program files\common files\real\update_ob\realsched.exe - (RealNetworks, Inc. )
c:\windows\system32\dla\tfswctrl.exe - (Sonic Solutions )
c:\progra~1\verizo~1\helpsu~1\verizo~1.exe - (Verizon Internet Solutions )
c:\progra~1\verizo~1\helpsu~1\smartb~1\motivesb.exe - (Motive Communications, Inc. )
c:\program files\java\jre1.5.0_10\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\program files\logmein\logmeinsystray.exe - (LogMeIn, Inc. )
c:\program files\mywifizone\mywifizone.exe - (myWIFIzone.com )
c:\program files\itunes\ituneshelper.exe - (Apple Computer, Inc. )
c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
c:\program files\siteadvisor\6028\siteadv.exe - (McAfee, Inc. )
c:\program files\microsoft office\office12\groovemonitor.exe - (Microsoft Corporation )
c:\program files\aws\weatherbug\weather.exe - (AWS Convergence Technologies, Inc. )
c:\program files\common files\verizon online\connmgr\cmisrv.exe - (Verizon Internet Solutions )
c:\windows\system32\ctfmon.exe - (Microsoft Corporation )
c:\windows\kdx\khost.exe - (Kontiki Inc. )
c:\program files\superantispyware\superantispyware.exe - (SUPERAntiSpyware.com )
c:\program files\logmein\ramaint.exe - (LogMeIn, Inc. )
c:\program files\11g usb adapter\wifiusb.exe - (TECOM )
c:\program files\logmein\logmein.exe - (LogMeIn, Inc. )
c:\program files\common files\mcafee\hackerwatch\hwapi.exe - (McAfee, Inc. )
c:\progra~1\mcafee\msc\mclogsrv.exe - (McAfee, Inc. )
c:\progra~1\mcafee\msc\mcupdmgr.exe - (McAfee, Inc. )
c:\program files\common files\mcafee\mna\mcnasvc.exe - (McAfee, Inc. )
c:\progra~1\mcafee\viruss~1\mcods.exe - (McAfee, Inc. )
c:\progra~1\mcafee\msc\mcpromgr.exe - (McAfee, Inc. )
c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe - (McAfee, Inc. )
c:\progra~1\mcafee\viruss~1\mcshield.exe - (McAfee, Inc. )
c:\progra~1\mcafee\viruss~1\mcsysmon.exe - (McAfee, Inc. )
c:\progra~1\mcafee\msc\mctskshd.exe - (McAfee, Inc. )
c:\progra~1\mcafee\msc\mcusrmgr.exe - (McAfee, Inc. )
c:\program files\common files\microsoft shared\vs7debug\mdm.exe - (Microsoft Corporation )
c:\progra~1\mcafee.com\agent\mcagent.exe - (McAfee, Inc. )
c:\program files\siteadvisor\6028\saservice.exe - (McAfee, Inc. )
c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe - (Rocket Division Software )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] - (Microsoft Corporation )
(stisvc) C:\WINDOWS\system32\wiaservc.dll - (Microsoft Corporation )
(Wmi) - (File not found))
c:\program files\viewpoint\common\viewpointservice.exe - (Viewpoint Corporation )
c:\program files\ipod\bin\ipodservice.exe - (Apple Computer, Inc. )
c:\windows\system32\alg.exe - (Microsoft Corporation )
c:\windows\system32\wbem\wmiprvse.exe - (Microsoft Corporation )
c:\program files\viewpoint\viewpoint manager\viewmgr.exe - (Viewpoint Corporation )
c:\program files\common files\verizon online\appmgr\vzopenuiserver.exe - (Verizon Internet Solutions )
c:\program files\java\jre1.5.0_10\bin\jucheck.exe - (Sun Microsystems, Inc. )
c:\program files\mozilla firefox\firefox.exe - (Mozilla Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER] - (Microsoft Corporation )
(HTTPFilter) C:\WINDOWS\System32\w3ssl.dll - (Microsoft Corporation )
(Wmi) - (File not found))
c:\documents and settings\owner.chancomputer\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://go.microsoft....k/?LinkId=69157
HKLM->Main\\Search Page - http://go.microsoft....k/?LinkId=54896
HKLM->Main\\Default_Page_URL - http://go.microsoft....k/?LinkId=69157
HKLM->Main\\Default_Search_URL - http://go.microsoft....k/?LinkId=54896
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://www.google.com/webhp?hl=en
HKCU->Main\\Search Page - http://www.microsoft...amp;ar=iesearch
HKCU->Main\\Local Page - C:\WINDOWS\system32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
HKLM->Search\\SearchAssistant - http://ie.search.msn...st/srchasst.htm
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride - 127.0.0.1

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{089FD14D-132B-48FC-8861-0048AE113215} - Reg Data - Value does not exist = C:\Program Files\SiteAdvisor\6028\SiteAdv.dll (McAfee, Inc. )
{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions )
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} - Groove GFS Browser Helper = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc. )
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - scriptproxy = c:\program files\mcafee\virusscan\scriptcl.dll (McAfee, Inc. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{32683183-48a0-441b-a342-7c2a440a9478} - Reg Data - Key not found = Reg Data - Key not found (File not found)
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor = C:\Program Files\SiteAdvisor\6028\SiteAdv.dll (McAfee, Inc. )

[HKCU-> Internet Explorer ToolBars]
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8195 - Sun Java Console
{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8194 - Reg Data - Value does not exist
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 - Reg Data - Key not found
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 - Windows Messenger
NextId - 8197

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc. )
{2670000A-7350-4f3c-8081-5663EE0C6C49} - ButtonText: Send to OneNote = Reg Data - Value does not exist (File not found)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research = Reg Data - Value does not exist (File not found)
{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = Reg Data - Key not found (File not found)
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[HKCU-> Internet Explorer Menu Extensions]
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data - Key not found (File not found)
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} - dBpowerAMP Music Converter = Reg Data - Key not found (File not found)
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = Reg Data - Key not found (File not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found)
{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data - Key not found (File not found)
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data - Key not found (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data - Key not found (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. )
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.6b1 (beta test) Context Menu Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH )
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.6b1 (beta test) Property Sheet Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH )
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.6b1 (beta test) DragDrop Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH )
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.6b1 (beta test) Context Menu Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc. )
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = C:\Program Files\Sonic\RecordNow!\shlext.dll (Sonic Solutions )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )
{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Music Converter 1 = Reg Data - Key not found (File not found)

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - {CA8ACAFA-5FBB-467B-B348-90DD488DE003} - SUPERAntiSpyware Context Menu = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com )
* - MCVSRIGHTCLICKSCANNER - {162EFDC5-2957-465D-887B-590AF4A7E84D} = c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll (McAfee, Inc. )
* - ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll (e-merge GmbH )
Directory - {CA8ACAFA-5FBB-467B-B348-90DD488DE003} - SUPERAntiSpyware Context Menu = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com )
Directory - ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll (e-merge GmbH )
Directory\Background - igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation )
Folder - MCVSRIGHTCLICKSCANNER - {162EFDC5-2957-465D-887B-590AF4A7E84D} = c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll (McAfee, Inc. )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\system32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\A Verizon App - C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE (Verizon Internet Solutions )
HKLM->Run\\dla - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions )
HKLM->Run\\GrooveMonitor - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation )
HKLM->Run\\HotKeysCmds - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation )
HKLM->Run\\IgfxTray - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation )
HKLM->Run\\IMJPMIG8.1 - "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation )
HKLM->Run\\iTunesHelper - "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc. )
HKLM->Run\\LogMeIn GUI - "C:\Program Files\LogMeIn\LogMeInSystray.exe" (LogMeIn, Inc. )
HKLM->Run\\Motive SmartBridge - C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe (Motive Communications, Inc. )
HKLM->Run\\MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe (McAfee Security )
HKLM->Run\\MSPY2002 - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ( )
HKLM->Run\\myWIFIzone - C:\Program Files\myWIFIzone\myWIFIZone.exe (myWIFIzone.com )
HKLM->Run\\PHIME2002A - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation )
HKLM->Run\\PHIME2002ASync - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\SiteAdvisor - C:\Program Files\SiteAdvisor\6028\SiteAdv.exe (McAfee, Inc. )
HKLM->Run\\SunJavaUpdateSched - "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" (Sun Microsystems, Inc. )
HKLM->Run\\TkBellExe - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation )
HKCU->Run\\kdx - C:\WINDOWS\kdx\KHost.exe -all (Kontiki Inc. )
HKCU->Run\\SUPERAntiSpyware - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com )
HKCU->Run\\Weather - C:\Program Files\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc. )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - (File not found)

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation )
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation )

[Shell Execute Hooks]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - SABShellExecuteHook Class = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Groove GFS Stub Execution Hook = C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]
StartUpReg\AIM - aim = C:\Program Files\AIM\aim.exe -cnetwait.odl (File not found)
StartUpReg\DAEMON Tools - daemon = "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd. )

[>> User Agent Post Platform <<]

[>> Winlogon <<]
HMLM->AltDefaultDomainName - CHANCOMPUTER
HMLM->AltDefaultUserName - Owner
HMLM->AutoAdminLogon - 1
HMLM->DefaultDomainName - CHANCOMPUTER
HMLM->DefaultUserName - Chan Computer
HKLM->Shell - explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\!SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com )
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\igfxcui - igfxsrvc.dll (Intel Corporation )
Notify\LMIinit - LMIinit.dll (LogMeIn, Inc. )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{1B880A33-4A1C-4DD6-B0D6-A505678AB52D} - (802.11g USB Adapter)
{D2DE502F-9067-425A-988E-8DCEA5EFEC2B} - ()
{E69A00A2-44A9-4056-BBCD-550AB4F2F102} - (Broadcom 440x 10/100 Integrated Controller)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 (Network Location Awareness (NLA) Namespace) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000004 (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - %SystemRoot%\System32\nwprovau.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)
siteadvisor - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll (McAfee, Inc. )

[>> Protocol Filters (Non-Microsoft only) <<]

< All Services >
() - [ - - ]
IPv6 Helper Service (6to4) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Microsoft ACPI Driver (ACPI) - \SystemRoot\System32\DRIVERS\ACPI.sys (Microsoft Corporation ) [ - Running - Kernel driver]
aeaudio (aeaudio) - system32\drivers\aeaudio.sys (Andrea Electronics Corporation ) [On Demand - Running - Kernel driver]
AFD Networking Support Environment (AFD) - \SystemRoot\System32\drivers\afd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Application Layer Gateway Service (ALG) - C:\WINDOWS\System32\alg.exe (Microsoft Corporation ) [On Demand - Running - Win32, running in it's own process]
Standard IDE/ESDI Hard Disk Controller (atapi) - \SystemRoot\System32\DRIVERS\atapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Audio Stub Driver (audstub) - System32\DRIVERS\audstub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Broadcom 440x 10/100 Integrated Controller XP Driver (bcm4sbxp) - System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation ) [On Demand - Running - Kernel driver]
Beep (Beep) - (File not found)) [ - Running - Kernel driver]
Background Intelligent Transfer Service (BITS) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Computer Browser (Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Cdfs (Cdfs) - (File not found)) [Disabled - Running - Filesystem driver]
CD-ROM Driver (Cdrom) - System32\DRIVERS\cdrom.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Cryptographic Services (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
DCOM Server Process Launcher (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
DHCP Client (Dhcp) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Disk Driver (Disk) - \SystemRoot\System32\DRIVERS\disk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
DNS Client (Dnscache) - C:\WINDOWS\System32\svchost.exe -k NetworkService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
drvmcdb (drvmcdb) - \SystemRoot\system32\drivers\drvmcdb.sys (Sonic Solutions ) [ - Running - Kernel driver]
drvnddm (drvnddm) - system32\drivers\drvnddm.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
dtscsi (dtscsi) - \SystemRoot\System32\Drivers\dtscsi.sys ( ) [On Demand - Running - Kernel driver]
Error Reporting Service (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Event Log (Eventlog) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
COM+ Event System (EventSystem) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Fastfat (Fastfat) - (File not found)) [Disabled - Running - Filesystem driver]
Floppy Disk Controller Driver (Fdc) - System32\DRIVERS\fdc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Fips (Fips) - (File not found)) [ - Running - Kernel driver]
Floppy Disk Driver (Flpydisk) - System32\DRIVERS\flpydisk.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
FltMgr (FltMgr) - \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Volume Manager Driver (Ftdisk) - \SystemRoot\System32\DRIVERS\ftdisk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
GEARAspiWDM (GEARAspiWDM) - System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc. ) [On Demand - Running - Kernel driver]
Generic Packet Classifier (Gpc) - System32\DRIVERS\msgpc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Help and Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
HTTP (HTTP) - System32\Drivers\HTTP.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
i8042 Keyboard and PS/2 Mouse Port Driver (i8042prt) - System32\DRIVERS\i8042prt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
ialm (ialm) - System32\DRIVERS\ialmnt5.sys (Intel Corporation ) [On Demand - Running - Kernel driver]
CD-Burning Filter Driver (Imapi) - System32\DRIVERS\imapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IntelC51 (IntelC51) - system32\DRIVERS\IntelC51.sys (Intel Corporation ) [On Demand - Running - Kernel driver]
IntelC52 (IntelC52) - system32\DRIVERS\IntelC52.sys (Intel Corporation ) [On Demand - Running - Kernel driver]
IntelC53 (IntelC53) - system32\DRIVERS\IntelC53.sys (Intel Corporation ) [On Demand - Running - Kernel driver]
IntelIde (IntelIde) - \SystemRoot\System32\DRIVERS\intelide.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Intel Processor Driver (intelppm) - System32\DRIVERS\intelppm.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IPv6 Windows Firewall Driver (ip6fw) - system32\drivers\ip6fw.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
IP Traffic Filter Driver (IpFilterDriver) - System32\DRIVERS\ipfltdrv.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
IP Network Address Translator (IpNat) - System32\DRIVERS\ipnat.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
iPodService (iPodService) - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc. ) [On Demand - Running - Win32, running in it's own process]
IPSEC driver (IPSec) - System32\DRIVERS\ipsec.sys (Microsoft Corporation ) [ - Running - Kernel driver]
PnP ISA/EISA Bus Driver (isapnp) - \SystemRoot\System32\DRIVERS\isapnp.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Keyboard Class Driver (Kbdclass) - System32\DRIVERS\kbdclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Microsoft Kernel Wave Audio Mixer (kmixer) - system32\drivers\kmixer.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
KSecDD (KSecDD) - (File not found)) [ - Running - Kernel driver]
Server (lanmanserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Workstation (lanmanworkstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
LogMeIn Kernel Information Provider (LMIInfo) - \??\C:\Program Files\LogMeIn\RaInfo.sys (3am Labs Ltd. ) [Automatic - Running - Kernel driver]
LogMeIn Maintenance Service (LMIMaint) - "C:\Program Files\LogMeIn\RaMaint.exe" (LogMeIn, Inc. ) [Automatic - Running - Win32, running in it's own process]
LMImirr (LMImirr) - system32\DRIVERS\LMImirr.sys (LogMeIn, Inc. ) [On Demand - Running - Kernel driver]
LogMeIn (LogMeIn) - "C:\Program Files\LogMeIn\LogMeIn.exe" (LogMeIn, Inc. ) [Automatic - Running - Win32, running in it's own process]
McAfee HackerWatch Service (McAfee HackerWatch Service) - "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process]
McAfee Log Manager (McLogManagerService) - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process]
McAfee Update Manager (mcmispupdmgr) - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process]
McAfee Network Agent (McNASvc) - "c:\program files\common files\mcafee\mna\mcnasvc.exe" (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process]
McAfee Scanner (McODS) - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process]
McAfee Protection Manager (mcpromgr) - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process]
McAfee Redirector Service (McRedirector) - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process]

< End of report >

Edited by Compnoobie, 20 February 2007 - 10:05 PM.

#27
Compnoobie

Posted 20 February 2007 - 10:07 PM

Member

Topic Starter
Member
139 posts

Logfile of HijackThis v1.99.1
Scan saved at 11:07:44 PM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\myWIFIzone\myWIFIZone.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\11g USB adapter\Wifiusb.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner.CHANCOMPUTER\Desktop\hijackthis\GOTCHA.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [myWIFIzone] C:\Program Files\myWIFIzone\myWIFIZone.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: 802.11g USB adapter.lnk = C:\Program Files\11g USB adapter\Wifiusb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

#28
Compnoobie

Posted 20 February 2007 - 10:09 PM

Member

Topic Starter
Member
139 posts

The computer is a little bit faster, but still slow. I'm not sure if this is due to any viruses or spyware, maybe it's just old hardware. However, yesterday when I tried to turn off the computer, it gave me an error message about explorer.exe which hasn't happened before. I think this was a one time thing though, since the second time I shut down, it was normal.

Edited by Compnoobie, 20 February 2007 - 10:12 PM.

#29
Essexboy

Posted 21 February 2007 - 04:10 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi Compnoobie your log now appears clean.

To speed up your system you could remove the following non-essential start-up items from MSconfig

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

To do this go START > RUN and type in MSCONFIG
On the window that opens select the STARTUP tab and remove the checkmarks from the above programmes
Select OK and reboot after doing the following.

On start up you will get a warning about being in selective start place a tick in the box that says do not show this again and close by using the X

To ensure that Realplayer does not restart itself (and it will try to) do the following:
Locate C:\Program Files\Common Files\Real\Update_OB\realsched.exe and rename the file to realsched.old

To ensure that Quicktime does not restart itself do the following:
Go to Control Panel and select the Quicktime icon
Select the update tab and deselect check for updates automatically

To ensure that Itunes does not start each time Start Itunes
Go to EDIT > PREFERENCES and on the GENERAL tab deselect Check for updates automatically

If you do not use Adobe PDF to create files but just use it for reading then there is a smaller, faster programme that is available as a substitute (free) FOXIT READER this does not require a start up entry or an update checker

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.

To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Any further problems and I will be monitoring this thread for a while :whistling: