Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Amaena Virus

Started by CanadianWinter , Feb 18 2007 11:47 AM

  • Please log in to reply

#1
CanadianWinter
Posted 18 February 2007 - 11:47 AM

CanadianWinter

    Member

  • Member
  • PipPip
  • 55 posts
Every so often a popup comes up that tells me that I need to get winantivirus pro 2007, and it also states that my computer has a virus and whatnot, I am scared that when I'm not around my dad will download this winantivirus by accident. Here is my HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 12:38:57 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\WINDOWS\system32\v6.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\{D43484E8-095F-1033-1008-020511060001}\Update.exe
C:\WINDOWS\system32\nfomon\nfomon.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\SMANTE~1\svchost.exe
C:\Documents and Settings\Eric\Application Data\M?crosoft.NET\??xplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\PeDevice\PeDev.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\3JFE7R3P\VundoFix[1].exe
C:\Documents and Settings\Eric\Desktop\HJT\HijackThis.exe
C:\Program Files\Yahoo!\Antivirus\autodown.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.client...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.client...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.client...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...rzyJT0qahLVcrci
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = NEWSERVER:8080
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [mknsnln.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Eric\Local Settings\Application Data\mknsnln.dll",rruzkwe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvah.dll,startup
O4 - HKLM\..\Run: [{D43484E8-095F-1033-1008-020511060001}] "C:\Program Files\Common Files\{D43484E8-095F-1033-1008-020511060001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Reoe] "C:\WINDOWS\SMANTE~1\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [Xkl] "C:\Documents and Settings\Eric\Application Data\M?crosoft.NET\??xplore.exe" 99001122
O4 - Startup: Neverwinter Nights_ Platinum Edition Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: Spam Sleuth.lnk = G:\Program Files\Blue Squirrel\Spam Sleuth\SpamSleuth.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm238YYCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\nphcd32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: Yahoo! Bridge - http://download.game...nts/y/bt1_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qps.peel.edu.on.ca/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {94B6A838-7EA3-4C3C-B768-D260DDD685B6} (GetFQDN.ctlTrace) - http://www.rogershel...ork/getfqdn.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...1.10/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...410/mcfscan.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Thanks in advance.
  • 0

Advertisements

#2
didom
Posted 19 February 2007 - 09:53 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Can you rename HijackThis.exe to Analyse.exe ?
Rightclick Hijackthis.exe and choose rename.
Then reboot and after reboot, doubleclick Analyse.exe and post the log it creates in your next reply (this will be a hijackthislog ofcourse).

Download ComboScan to your Desktop.
  • Close all applications and windows.
  • Double-click on comboscan.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt
Extra Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the Comboscan.txt from the Comboscan into your next reply.
  • 0

#3
CanadianWinter
Posted 19 February 2007 - 03:21 PM

CanadianWinter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ok, here is the renamed hijackthis log, may I ask why I had to rename it? Here is the Comboscan log as well.

Logfile of HijackThis v1.99.1
Scan saved at 4:13:55 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Common Files\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\WINDOWS\system32\v6.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\{D43484E8-095F-1033-1008-020511060001}\Update.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\SMANTE~1\svchost.exe
C:\Documents and Settings\Eric\Application Data\M?crosoft.NET\??xplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Eric\Desktop\HJT\Analyse.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.client...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.client...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.client...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...rzyJT0qahLVcrci
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = NEWSERVER:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: (no name) - {42AE91F8-7736-6C55-402A-0662DB471F4D} - C:\WINDOWS\system32\xpqjije.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\ssqonom.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8064FC6A-CE44-4B88-BFF3-88A176F87D4F} - C:\WINDOWS\system32\gebcc.dll
O2 - BHO: (no name) - {854FC26C-03AF-087A-883C-29909DA239C7} - C:\WINDOWS\system32\llgh.dll
O2 - BHO: IYBookmarkHO Class - {8B11A219-80C8-4B42-B558-B8C14D1AA8C4} - blank (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\rmyltsgp.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [mknsnln.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Eric\Local Settings\Application Data\mknsnln.dll",rruzkwe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvah.dll,startup
O4 - HKLM\..\Run: [{D43484E8-095F-1033-1008-020511060001}] "C:\Program Files\Common Files\{D43484E8-095F-1033-1008-020511060001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\irnrmrbe.dll",setvm
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Reoe] "C:\WINDOWS\SMANTE~1\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [Xkl] "C:\Documents and Settings\Eric\Application Data\M?crosoft.NET\??xplore.exe" 99001122
O4 - Startup: Neverwinter Nights_ Platinum Edition Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: Spam Sleuth.lnk = G:\Program Files\Blue Squirrel\Spam Sleuth\SpamSleuth.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm238YYCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\nphcd32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: Yahoo! Bridge - http://download.game...nts/y/bt1_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qps.peel.edu.on.ca/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {94B6A838-7EA3-4C3C-B768-D260DDD685B6} (GetFQDN.ctlTrace) - http://www.rogershel...ork/getfqdn.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...1.10/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...410/mcfscan.cab
O20 - Winlogon Notify: gebcc - C:\WINDOWS\system32\gebcc.dll
O20 - Winlogon Notify: ssqonom - C:\WINDOWS\SYSTEM32\ssqonom.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE



Now is the Comboscan.



ComboScan v20070212.14 run by Eric on 2007-02-19 at 16:16:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Eric.com) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:17:04 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Common Files\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\WINDOWS\system32\v6.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\{D43484E8-095F-1033-1008-020511060001}\Update.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\SMANTE~1\svchost.exe
C:\Documents and Settings\Eric\Application Data\M?crosoft.NET\??xplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Eric\Desktop\comboscan.exe
C:\DOCUME~1\Eric\LOCALS~1\Temp\~inohjkz.tmp\Eric.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.client...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.client...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.client...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...rzyJT0qahLVcrci
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = NEWSERVER:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: (no name) - {42AE91F8-7736-6C55-402A-0662DB471F4D} - C:\WINDOWS\system32\xpqjije.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\ssqonom.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8064FC6A-CE44-4B88-BFF3-88A176F87D4F} - C:\WINDOWS\system32\gebcc.dll
O2 - BHO: (no name) - {854FC26C-03AF-087A-883C-29909DA239C7} - C:\WINDOWS\system32\llgh.dll
O2 - BHO: IYBookmarkHO Class - {8B11A219-80C8-4B42-B558-B8C14D1AA8C4} - blank (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\rmyltsgp.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [mknsnln.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Eric\Local Settings\Application Data\mknsnln.dll",rruzkwe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvah.dll,startup
O4 - HKLM\..\Run: [{D43484E8-095F-1033-1008-020511060001}] "C:\Program Files\Common Files\{D43484E8-095F-1033-1008-020511060001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\irnrmrbe.dll",setvm
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Reoe] "C:\WINDOWS\SMANTE~1\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [Xkl] "C:\Documents and Settings\Eric\Application Data\M?crosoft.NET\??xplore.exe" 99001122
O4 - Startup: Neverwinter Nights_ Platinum Edition Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: Spam Sleuth.lnk = G:\Program Files\Blue Squirrel\Spam Sleuth\SpamSleuth.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm238YYCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\nphcd32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: Yahoo! Bridge - http://download.game...nts/y/bt1_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qps.peel.edu.on.ca/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {94B6A838-7EA3-4C3C-B768-D260DDD685B6} (GetFQDN.ctlTrace) - http://www.rogershel...ork/getfqdn.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...1.10/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...410/mcfscan.cab
O20 - Winlogon Notify: gebcc - C:\WINDOWS\system32\gebcc.dll
O20 - Winlogon Notify: ssqonom - C:\WINDOWS\SYSTEM32\ssqonom.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - AutoCADScriptFile - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 aeaudio - system32\drivers\aeaudio.sys
3 Afc (PPdus ASPI Shell) - system32\drivers\Afc.sys
3 Arp1394 (1394 ARP Client Protocol) - System32\DRIVERS\arp1394.sys
3 BrScnUsb (Brother USB Still Image driver) - system32\DRIVERS\BrScnUsb.sys
3 BrSerIf (Brother MFC Serial Port Interface WDM Driver) - System32\Drivers\BrSerIf.sys
3 BrUsbSer (Brother MFC USB Serial WDM Driver) - System32\Drivers\BrUsbSer.sys
3 DCamUSBMke (USB Video Camera for Panasonic Digital Palmcorder) - System32\Drivers\Mkeusbi.sys
3 E100B (Intel® PRO Adapter Driver) - System32\DRIVERS\e100b325.sys
3 EagleNT - \??\C:\WINDOWS\system32\drivers\EagleNT.sys
2 enodpl - System32\drivers\enodpl.sys
3 GEARAspiWDM - System32\Drivers\GEARAspiWDM.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
0 IdeBusDr - System32\DRIVERS\IdeBusDr.sys
0 IdeChnDr (Intel® Ultra ATA Controller) - System32\DRIVERS\IdeChnDr.sys
1 intelppm (Intel Processor Driver) - System32\DRIVERS\intelppm.sys
2 MKEMUSB (Panasonic Digital Palmcorder) - System32\Drivers\MkemUsb.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
3 NIC1394 (1394 Net Driver) - System32\DRIVERS\nic1394.sys
1 NPPTNT2 - \??\C:\WINDOWS\system32\npptNT2.sys
3 nv - system32\DRIVERS\nv4_mini.sys
0 ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - System32\DRIVERS\ohci1394.sys
3 pfc (Padus ASPI Shell) - system32\drivers\pfc.sys
3 Point32 (Microsoft IntelliPoint Filter Driver) - system32\DRIVERS\point32.sys
1 prodrv06 (StarForce Protection Environment Driver v6) - \SystemRoot\System32\drivers\prodrv06.sys
0 prohlp02 (StarForce Protection Helper Driver v2) - System32\drivers\prohlp02.sys
0 prosync1 (StarForce Protection Synchronization Driver v1) - System32\drivers\prosync1.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - System32\DRIVERS\RTL8139.SYS
3 sermouse (Serial Mouse Driver) - System32\DRIVERS\sermouse.sys
0 sfhlp01 (StarForce Protection Helper Driver) - System32\drivers\sfhlp01.sys
0 SI3112 (SiI-3112 SATALink Controller) - System32\DRIVERS\SI3112.sys
3 smwdm - system32\drivers\smwdm.sys
3 StillCam (Still Serial Digital Camera Driver) - System32\DRIVERS\serscan.sys
2 tandpl - System32\drivers\tandpl.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - System32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - System32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - System32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - System32\DRIVERS\USBSTOR.SYS
3 WpdUsb - System32\Drivers\wpdusb.sys
4 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Autodesk Licensing Service - "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
2 bgsvcgen (B's Recorder GOLD Library General Service) - C:\WINDOWS\system32\bgsvcgen.exe
3 CAISafe - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2 COM+ Messages - "C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
4 iPodService - C:\Program Files\iPod\bin\iPodService.exe
3 mple6docserver (Maya 6 PLE Documentation Server) - "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf"
2 NVSvc (NVIDIA Display Driver Service) - %SystemRoot%\system32\nvsvc32.exe
2 SoundMAX Agent Service (default) (SoundMAX Agent Service) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2 UserAccess7 (SecuROM User Access Service (V7)) - C:\WINDOWS\system32\UAService7.exe
3 usprserv (User Privilege Service) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 VETMSGNT (VET Message Service) - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
3 YPCService - C:\WINDOWS\system32\YPCSER~1.EXE


-- Files created between 2007-01-19 and 2007-02-19 ------------------------------

2007-02-19 15:53:51 0 d-------- C:\Documents and Settings\Eric\Application Data\SearchToolbarCorp<SEARCH~1>
2007-02-19 15:53:20 118804 --a------ C:\WINDOWS\system32\irnrmrbe.dll<Unsigned: n/a>
2007-02-19 15:53:16 0 d-------- C:\Program Files\VSAdd-in
2007-02-19 15:53:13 88340 --a------ C:\WINDOWS\system32\tgnkxblb.exe<Unsigned: n/a>
2007-02-18 23:34:17 0 d-------- C:\Program Files\Outerinfo<OUTERI~2>
2007-02-18 23:34:17 0 d-------- C:\Program Files\OpenAL
2007-02-18 23:34:05 0 d-------- C:\Program Files\Ipwindows<IPWIND~1>
2007-02-18 23:33:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1>
2007-02-18 13:38:51 0 d-------- C:\Program Files\Outerinfo(2)<OUTERI~1>
2007-02-18 13:33:03 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-18 12:17:13 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-18 08:49:19 0 d-------- C:\Program Files\PeDevice
2007-02-18 08:38:46 0 d-------- C:\Program Files\Enigma Software Group<ENIGMA~1>
2007-02-18 08:18:51 0 d-------- C:\WINDOWS\system32\nfomon
2007-02-18 08:18:51 0 d-------- C:\Documents and Settings\All Users\Application Data\nfo
2007-02-18 08:16:03 748122 ---hs---- C:\WINDOWS\system32\ccbeg.ini2<CCBEG~1.INI>
2007-02-17 21:14:46 2 --a------ C:\WINDOWS\system32\wnscpcc.exe<Unsigned: n/a>
2007-02-17 21:14:34 0 d-------- C:\Documents and Settings\Eric\Application Data\M?crosoft.NET
2007-02-17 21:14:28 56832 --a------ C:\WINDOWS\system32\llgh.dll<Unsigned: n/a>
2007-02-17 21:14:03 32177 ---hs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe<YAZZLE~4.EXE><Unsigned: n/a>
2007-02-17 21:13:59 0 d-------- C:\WINDOWS\S?mantec
2007-02-17 20:50:53 1168 --a------ C:\WINDOWS\mozver.dat
2007-02-17 20:38:58 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-17 20:11:28 0 d-------- C:\Program Files\InetGet2
2007-02-17 20:09:28 76412 --a------ C:\WINDOWS\system32\hikvgucr.dll<Unsigned: n/a>
2007-02-17 20:09:18 71168 ---h----- C:\Program Files\Common Files\svchost.exe<Unsigned: n/a>
2007-02-17 20:09:08 44177 --a------ C:\WINDOWS\system32\rmyltsgp.dll<Unsigned: n/a>
2007-02-17 20:08:59 748427 ---hs---- C:\WINDOWS\system32\ccbeg.bak2<CCBEG~1.BAK>
2007-02-17 19:53:23 281652 ---hs---- C:\WINDOWS\system32\mllmm.dll<Unsigned: n/a>
2007-02-17 19:53:23 281652 ---hs---- C:\WINDOWS\system32\gebcc.dll<Unsigned: n/a>
2007-02-17 19:43:19 32179 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe<YAZZLE~2.EXE><Unsigned: n/a>
2007-02-17 19:43:18 0 d-------- C:\Program Files\Common Files\{D43484E8-095F-1033-1008-020511060001}<{D4348~1>
2007-02-17 19:43:17 36864 --a------ C:\WINDOWS\system32\svchosts.exe<Unsigned: n/a>
2007-02-17 19:43:16 71168 ---h----- C:\WINDOWS\svchost.exe<Unsigned: n/a>
2007-02-17 19:43:14 93696 --a------ C:\WINDOWS\system32\drvvah.dll<Unsigned: n/a>
2007-02-17 19:43:13 71168 --a------ C:\WINDOWS\system32\xpqjije.dll<Unsigned: n/a>
2007-02-17 19:43:12 92672 --a------ C:\WINDOWS\system32\mknsnln.dll<Unsigned: n/a>
2007-02-17 19:43:11 26637 ---hs---- C:\WINDOWS\system32\ssqonom.dll<Unsigned: n/a>
2007-02-17 19:43:06 8704 --a------ C:\WINDOWS\system32\v6.exe<Unsigned: n/a>
2007-02-17 19:42:59 17920 --a------ C:\WINDOWS\system32\winghy32.dll<Unsigned: n/a>
2007-02-17 18:59:17 53248 --a------ C:\WINDOWS\system32\uninstpw.exe<Unsigned: n/a>
2007-02-17 18:59:17 90112 --a------ C:\WINDOWS\system32\custmon2k.dll<CUSTMO~1.DLL><Unsigned: n/a>
2007-02-17 18:59:00 24576 --a------ C:\WINDOWS\system32\custsave.exe<Unsigned: Acro Software Inc.>
2007-02-17 18:59:00 0 d-------- C:\Program Files\PDF Writer<PDFWRI~1>
2007-02-17 18:58:46 0 d-------- C:\Program Files\gs
2007-02-05 21:32:57 6080 --a------ C:\WINDOWS\system32\zntport.sys<Unsigned: Zeal SoftStudio>
2007-02-05 21:32:57 60928 --a------ C:\WINDOWS\system32\smpremote.dll<SMPREM~1.DLL><Unsigned: Zeal SoftStudio>
2007-02-05 21:32:56 333824 --a------ C:\WINDOWS\system32\dcrawlib.dll<Unsigned: n/a>
2007-01-31 14:28:37 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll<Unsigned: Creative Labs>
2007-01-31 14:28:37 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll<Unsigned: Portions © Creative Labs Inc. and NVIDIA Corp.>
2007-01-24 18:09:21 0 d-------- C:\Documents and Settings\Kirsten\Application Data\OLYMPUS
2007-01-20 23:04:22 0 d-------- C:\Documents and Settings\Darlene\Application Data\OLYMPUS
2007-01-20 18:48:23 0 d-------- C:\temp
2007-01-20 17:36:47 0 d-------- C:\Documents and Settings\Eric\Application Data\OLYMPUS
2007-01-20 15:37:56 0 d-------- C:\Documents and Settings\Rodger\Application Data\OLYMPUS
2007-01-20 15:23:19 0 d-------- C:\WINDOWS\system32\QuickTime<QUICKT~1>
2007-01-20 15:23:08 0 d-------- C:\Program Files\OLYMPUS
2007-01-20 15:22:23 319488 -----n--- C:\WINDOWS\system32\Pvmjpg21.dll<Unsigned: Pegasus Imaging Corporation>
2007-01-20 15:22:17 57344 --a------ C:\WINDOWS\system32\GenSvcInst.exe<GENSVC~1.EXE><Unsigned: B.H.A Corporation>
2007-01-20 15:22:17 86016 --a------ C:\WINDOWS\system32\bgsvcgen.exe<Unsigned: B.H.A Corporation>
2007-01-20 15:22:16 32256 --a------ C:\WINDOWS\system32\drivers\cdrbsdrv.sys<Unsigned: B.H.A Corporation>
2007-01-20 15:20:42 0 d-------- C:\Program Files\PIXELA
2007-01-19 17:00:37 0 d-------- C:\Documents and Settings\Jake\Application Data\Autodesk


-- Find3M Report ----------------------------------------------------------------

2007-02-18 23:33:52 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-18 23:33:48 0 d-------- C:\Program Files\Yahoo!
2007-02-18 23:20:01 0 d-------- C:\Program Files\Common Files\Scanner
2007-02-18 16:25:11 0 d-------- C:\Program Files\Warcraft III<WARCRA~1>
2007-02-18 15:09:33 0 d-------- C:\Program Files\Google
2007-02-17 20:40:27 0 d-------- C:\Documents and Settings\Eric\Application Data\Mozilla
2007-02-15 15:59:20 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL><Unsigned: Sony DADC Austria AG.>
2007-02-14 17:30:00 0 d-------- C:\Documents and Settings\Eric\Application Data\Xfire
2007-02-11 20:39:04 0 d---s---- C:\Program Files\Xfire
2007-01-24 06:12:02 66971 --a------ C:\WINDOWS\War3Unin.dat
2007-01-23 17:42:56 0 d-------- C:\Documents and Settings\Eric\Application Data\Adobe
2007-01-21 00:51:03 0 d-------- C:\Program Files\EPSON Print CD<EPSONP~1>
2007-01-18 17:30:46 0 d-------- C:\Documents and Settings\Eric\Application Data\Apple Computer<APPLEC~1>
2007-01-15 09:12:55 0 d-------- C:\Documents and Settings\Eric\Application Data\Autodesk
2007-01-15 09:09:14 0 d-------- C:\Program Files\Common Files\Autodesk Shared<AUTODE~1>
2007-01-15 09:09:14 0 d-------- C:\Program Files\AnswerWorks 4.0<ANSWER~1.0>
2007-01-15 09:06:17 0 d-------- C:\Program Files\Autodesk
2007-01-14 16:33:01 65 --a------ C:\WINDOWS\system32\BD8460N.DAT
2007-01-13 20:44:43 24 --a------ C:\WINDOWS\system32\sysogg.dll<Unsigned: n/a>
2007-01-13 14:12:33 0 d-------- C:\Program Files\EPSON
2007-01-10 21:46:28 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1>
2007-01-07 12:00:20 0 d-------- C:\Documents and Settings\Eric\Application Data\fretsonfire<FRETSO~1>
2007-01-03 16:19:56 171008 ---hs---- C:\Program Files\Common Files\Yazzle1122OinAdmin.exe<YAZZLE~3.EXE>
2007-01-02 16:10:23 0 d-------- C:\Program Files\Maxis
2007-01-01 12:54:11 494 --a----c- C:\WINDOWS\EReg072.dat
2007-01-01 12:41:50 0 d-------- C:\Program Files\Java
2006-12-23 15:31:00 0 dr------- C:\Documents and Settings\Eric\Application Data\Brother
2006-12-21 16:49:16 0 d-------- C:\Program Files\backburner 2<BACKBU~1>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"ATI Launchpad"="\"C:\\Program Files\\ATI Multimedia\\main\\launchpd.exe\""
"PowerBar"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe -NoStart"
"Reoe"="\"C:\\WINDOWS\\SMANTE~1\\svchost.exe\" -vt yazb"
"Xkl"="\"C:\\Documents and Settings\\Eric\\Application Data\\M?crosoft.NET\\??xplore.exe\" 99001122"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe"
"ResChangerXP"="C:\\Program Files\\ResChanger XP\\ResChangerXP.exe"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\3.bin\\mwsoemon.exe"
"mswspl"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"RegistryMechanic"=""
"QuickTime Task"="\"C:\\P
  • 0

#4
CanadianWinter
Posted 19 February 2007 - 03:25 PM

CanadianWinter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Sorry, I don't think you got the last of the Comboscan. Here is full registry dump.

-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"ATI Launchpad"="\"C:\\Program Files\\ATI Multimedia\\main\\launchpd.exe\""
"PowerBar"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe -NoStart"
"Reoe"="\"C:\\WINDOWS\\SMANTE~1\\svchost.exe\" -vt yazb"
"Xkl"="\"C:\\Documents and Settings\\Eric\\Application Data\\M?crosoft.NET\\??xplore.exe\" 99001122"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe"
"ResChangerXP"="C:\\Program Files\\ResChanger XP\\ResChangerXP.exe"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\3.bin\\mwsoemon.exe"
"mswspl"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"RegistryMechanic"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"EPSON Stylus Photo R340 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAJA.EXE /P30 \"EPSON Stylus Photo R340 Series\" /O6 \"USB002\" /M \"Stylus Photo R340\""
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"syswin"="C:\\WINDOWS\\system32\\v6.exe"
"mknsnln.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Eric\\Local Settings\\Application Data\\mknsnln.dll\",rruzkwe"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvvah.dll,startup"
"{D43484E8-095F-1033-1008-020511060001}"="\"C:\\Program Files\\Common Files\\{D43484E8-095F-1033-1008-020511060001}\\Update.exe\" mc-110-12-0000272"
"IpWins"="C:\\Program Files\\Ipwindows\\ipwins.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\irnrmrbe.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\Program Files\\Common Files\\svchost.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\WINDOWS\\svchost.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqonom
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f243a9fa-7cf0-11d9-84a6-806d6172696f}]
Shell\AutoRun\command E:\pcgamer.exe


-- End of ComboScan: finished at 2007-02-19 at 16:18:02 -------------------------

Thanks.
  • 0

#5
didom
Posted 20 February 2007 - 06:57 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts

Hi,

Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

Ok, here is the renamed hijackthis log, may I ask why I had to rename it?

Some bad software is preventing HijackThis from showing the 020 items with it's original name.

FIX.

* Go to start > controlpanel > software > add/remove programs and uninstall next if present:

Ipwindows / ipwins
MyWebSearch/MySearch
Oin
Yazzle by Oin
YazzleActiveX By OIN
Purityscan by Oin
MediaTickets by OIN
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.

If OIN not listed, download and run this uninstaller.

Reboot when done! Really important!

* Please download VundoFix.exe to your C:\.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • In case it says that nothing was found, Right click the list box (white box) in the main VundoFix window.
  • Select “Add More Files?” from the menu that comes up. This will open a new VundoFix window.
  • In the Window: copy and paste next in the first field: C:\WINDOWS\system32\gebcc.dll
  • Copy and paste next in the second field: C:\WINDOWS\SYSTEM32\ssqonom.dll
  • Click the “Add Files” button.
  • Click the "Close Window" button.
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

After reboot,

* Scan again with HijackThis and check the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.client...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.client...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.client...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...rzyJT0qahLVcrci
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: (no name) - {42AE91F8-7736-6C55-402A-0662DB471F4D} - C:\WINDOWS\system32\xpqjije.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\ssqonom.dll
O2 - BHO: (no name) - {8064FC6A-CE44-4B88-BFF3-88A176F87D4F} - C:\WINDOWS\system32\gebcc.dll
O2 - BHO: (no name) - {854FC26C-03AF-087A-883C-29909DA239C7} - C:\WINDOWS\system32\llgh.dll
O2 - BHO: IYBookmarkHO Class - {8B11A219-80C8-4B42-B558-B8C14D1AA8C4} - blank (file missing)
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\rmyltsgp.dll

O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [mknsnln.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Eric\Local Settings\Application Data\mknsnln.dll",rruzkwe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvah.dll,startup
O4 - HKLM\..\Run: [{D43484E8-095F-1033-1008-020511060001}] "C:\Program Files\Common Files\{D43484E8-095F-1033-1008-020511060001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\irnrmrbe.dll",setvm
O4 - HKCU\..\Run: [Reoe] "C:\WINDOWS\SMANTE~1\svchost.exe" -vt yazb
O4 - HKCU\..\Run: [Xkl] "C:\Documents and Settings\Eric\Application Data\M?crosoft.NET\??xplore.exe" 99001122
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm238YYCA

O20 - Winlogon Notify: gebcc - C:\WINDOWS\system32\gebcc.dll
O20 - Winlogon Notify: ssqonom - C:\WINDOWS\SYSTEM32\ssqonom.dll
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll
After checking these items, close all browser windows except HijackThis and click "Fix checked".


Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.

Find and delete these files and folders (if they are still there):
Files:
C:\WINDOWS\system32\v6.exe
C:\WINDOWS\system32\irnrmrbe.dll
C:\Documents and Settings\Eric\Local Settings\Application Data\mknsnln.dll

Folders:
C:\Program Files\VSAdd-in
C:\Program Files\Outerinfo
C:\Program Files\Ipwindows
C:\Program Files\MyWebSearch
C:\Documents and Settings\Eric\Application Data\SearchToolbarCorp
C:\Program Files\Common Files\{D43484E8-095F-1033-1008-020511060001}


Reboot your computer normally.

Please download, install, and update AVG Anti-Spyware
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware and reboot!!
I need the log later.

Post the the results of the AVG Anti-Spyware scan, a fresh HijackThis log and the log from Vundofix in your next reply.

You may need more than one reply to post the logs.


Edited by didom, 20 February 2007 - 07:02 AM.

  • 0

#6
CanadianWinter
Posted 21 February 2007 - 05:55 AM

CanadianWinter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I will try as hard as I can to do the steps you said, but I may be unable to do them, because for some reason my computer is acting REALLY slow, and for some reason when I opened up the task manager, it said that the explorer.exe was running the cpu at 98 to 100 %. So now I have to run programs from the Start new program button, is this ok?
  • 0

#7
didom
Posted 21 February 2007 - 07:41 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Yeah, that's fine. As long as you run them in the right order and the sooner the better.

And just be patientce... the malware will indeed cause your system to be very slow.
  • 0

#8
CanadianWinter
Posted 22 February 2007 - 04:18 PM

CanadianWinter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Wow, looks like you know what you are talking about...my system runs smoothly and no more popups so far. Here is the new Highjackthis log, although I encountered two errors while trying to scan. The first error was one that said "For some reason your system denied write access to the hosts file." The second error message said, "Unexpected error occured" and it was error number 75. Is this ok?

Logfile of HijackThis v1.99.1
Scan saved at 5:13:54 PM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\ResChanger XP\ResChangerXP.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\Eric\Desktop\HJT\Analyse.exe.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.client...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = NEWSERVER:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {331C41B0-C2C2-463E-A0CE-3808E45BCBCA} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Neverwinter Nights_ Platinum Edition Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Spam Sleuth.lnk = G:\Program Files\Blue Squirrel\Spam Sleuth\SpamSleuth.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm238YYCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\nphcd32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: Yahoo! Bridge - http://download.game...nts/y/bt1_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qps.peel.edu.on.ca/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172001848234
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {94B6A838-7EA3-4C3C-B768-D260DDD685B6} (GetFQDN.ctlTrace) - http://www.rogershel...ork/getfqdn.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...1.10/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...410/mcfscan.cab
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#9
CanadianWinter
Posted 22 February 2007 - 04:21 PM

CanadianWinter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
The AVg Antispyware log I will send when my dad gets home because he saved it to his desktop, and he put a password on it so I can't access it. He doesn't want me to mess the computer further. And the VundoFix is on his desktop too, but I did not see a vundofix log button, is there a way to get a vundofix log?
  • 0

#10
didom
Posted 22 February 2007 - 04:37 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
I'll wait for the AVG and Vundofix log (C:\vundofix.txt).

Please also do this:

Open HijackThis.
  • Click Open the Misc Tools section.
  • Click Open Uninstall Manager.
  • Click Save list (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

  • 0

Advertisements

#11
CanadianWinter
Posted 22 February 2007 - 04:46 PM

CanadianWinter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ok here you go, and I'm not sure if you've read the second last post I did, but theres a question about 2 error messages that popped up while I was trying to do the hijackthis scan.

3ds max 7
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop 6.0
Adobe Premiere 6.0
Adobe Reader 7.0.8
Adobe SVG Viewer
Advanced RealMedia Export Plug-in for Premiere 6.0
AnswerWorks Runtime
ArcSoft PhotoImpression 5
ArcSoft PhotoStudio 5.5
ArtRage 2.1 Free
AutoCAD 2007 - English
Avery DesignPro
Avex Video Converter Platinum (remove only)
AVG Anti-Spyware 7.5
Beyond Good & Evil
BIONICLE
Blue Squirrel Spam Sleuth Pro 4.5
Bridge Baron 12
Brother BRAdmin Professiona 2.66
Brother Internet Fax 2.02
Brother Internet Fax Driver
Brother MFL-Pro Suite
Bugs
Cable Database v3.2
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Drivers
Canon MP Toolbox 4.1.1.0.mp10
Canon PhotoRecord
Canon PowerShot A200 WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.5
Canon ZoomBrowser EX
CC_ccProxyExt
ccCommon
ccPxyCore
Celtic Kings
Cortex Command Test Build 10
Crazy Burger
Dawn
Detective Barbie® 2 The Vacation Mystery™
Dev-C++ 4
Dev-C++ 5 beta 9 release (4.9.9.2)
DivX Web Player
Dreamfall
Dusk 5900
DVD Shrink 3.2
DVD Solution
Earthworm Jim
Easy CD Creator 5 Basic
EasyCleaner
eGames GameButler
ELAN Configuration
Elasto Mania
eMule
EPSON Print CD
EPSON Printer Software
EPSON SPR340 User's Guide
EPSON Web-To-Page
FaxTools
Freedom Force
gmax
gmax
Google Earth
GPL Ghostscript 8.50
GPL Ghostscript Fonts
GT Interactive - Driver
Half-Life
Half-Life® 2
HijackThis 1.99.1
Hot Wheels® Stunt Track Driver 2 - GET'N DIRTY™
HydraVision
HyperCD
ImageMixer VCD/DVD2 for OLYMPUS
Indeo® software
Intel Application Accelerator
Intel® PRO Network Adapters and Drivers
InterActual Player
Internet Worm Protection
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment Standard Edition v1.3
Labacus Innovator Data Freeware
Learn to Play Bridge
LiteWare3.51Product
LiveUpdate 3.0 (Symantec Corporation)
LpvPlayer 2003/05/30
LucasArts' Curse of Monkey Island
LucasArts' Rogue Squadron
Macromedia Flash Player 8
Macromedia Shockwave Player
Mall Tycoon
Marvel Comic Book Creator
Maya 6.0 Personal Learning Edition
Medal of Honor Allied Assault
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Firewall Client
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Picture It! Photo 7.0
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Milton Bradley Classic Board Games
MOV to AVI MPEG WMV Converter 3.0.8
Mozilla Firefox (2.0.0.1)
MP3 To Wave Converter PLUS
Mplayer.com
MSN Messenger 7.0
MSN Music Assistant
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Multimedia Launcher
Musicmatch® Jukebox
NAVShortcut
Network Play System (Patching)
Neverwinter Nights Platinum Edition
NiBiRu
Norton AntiSpam
Norton AntiVirus 2006
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Internet Security
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall
Norton Personal Firewall
Norton Protection Center
Norton WMI Update
Norton WMI Update
NVIDIA Display Driver
NVIDIA Drivers
Oblivion
Oblivion - Construction Set
Ogg Converter
OHRRPGCE (hasta-la-qb+) 20060803
OLYMPUS Master
Paint Shop Pro 7
PaperPort
PC-Gamer Cheatbook-Database 2004
PDF Writer
Philips Firmware Manager
PHOTOVU / MPEG4 Movie Messenger System 1.01
PowerDVD
PowerProducer
QuickTime
QuickTime 3.0
ResChanger XP
RGSS-RTP Standard
Rogers Yahoo! Applications
RollerCoaster Tycoon 2
RPGToolkit, Version 3.0.6
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Sega Smash Pack II
Shockwave
ShowNet Pro
Sid Meier's Alpha Centauri
Sid Meier's Civil War Collection
Sierra Utilities
SOFTIMAGE®|XSI 2.0.2 Demo Version
Sonic & Knuckles Collection Documentation
Sonic & Knuckles Killer !
SoundMAX
SPBBC
Speaker Workshop
Steam
Stop Motion Pro v5.1 Trial
Street Legal Racing Redline
Stronghold
StuffIt Standard
Symantec
Symantec Technical Support Web Controls
TES Construction Set
The Sims Deluxe Edition
Theme Manager
Thunder Trucks
Toy Soldiers
Ultra QuickTime Converter 1.1.2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB931836)
Update Manager (remove only)
Valve Hammer Editor
Ventrilo Client
Ventrilo Server
VideoMach 3.5.2
VSAdd-in for Internet Explorer
Waterloo - Napoleon's Last Battle
Way Cool Programming Tool
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
Wolfenstein - Enemy Territory
World of Warcraft
World of Warcraft Desktop
Xfire (remove only)
Yahoo! Messenger Explorer Bar
Zinio Reader
  • 0

#12
didom
Posted 22 February 2007 - 04:50 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Yeah I saw those questions. Noting to be worried about, just continue (if it happens again).

Please fix these items in HijackThis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {331C41B0-C2C2-463E-A0CE-3808E45BCBCA} - C:\WINDOWS\system32\gebcc.dll (file missing)

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm238YYCA

O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll

Then reboot and post back the AVG log, the Vundofix log and a fresh HijackThis log.
  • 0

#13
CanadianWinter
Posted 23 February 2007 - 04:19 PM

CanadianWinter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ok here is the new hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 5:19:04 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Eric\Desktop\HJT\Analyse.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.client...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rogers.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = NEWSERVER:8080
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {331C41B0-C2C2-463E-A0CE-3808E45BCBCA} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ResChangerXP] C:\Program Files\ResChanger XP\ResChangerXP.exe
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Neverwinter Nights_ Platinum Edition Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Spam Sleuth.lnk = G:\Program Files\Blue Squirrel\Spam Sleuth\SpamSleuth.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\nphcd32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mdg.ca
O16 - DPF: Yahoo! Bridge - http://download.game...nts/y/bt1_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qps.peel.edu.on.ca/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.co...ll/gtdownlr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172001848234
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {94B6A838-7EA3-4C3C-B768-D260DDD685B6} (GetFQDN.ctlTrace) - http://www.rogershel...ork/getfqdn.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...1.10/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...410/mcfscan.cab
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#14
CanadianWinter
Posted 23 February 2007 - 04:20 PM

CanadianWinter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here is the AVG scan.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:03:06 AM 2/22/2007

+ Scan result:



C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp\bin\Starware.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp\bin\dlls\jokester.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1530\A0386012.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1530\A0386013.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1531\A0386257.dll -> Adware.Delfin : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1531\A0386264.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1531\A0386265.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1531\A0386266.ocx -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1531\A0386267.dll -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1531\A0386268.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp\Hbinst.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1530\A0386010.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1529\A0385498.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1529\A0385499.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0393285.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0393286.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1528\A0385285.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1531\A0386209.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1531\A0386210.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1531\A0386251.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1532\A0388095.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1532\A0388096.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Local Settings\Temp\b116.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Local Settings\Temporary Internet Files\Content.IE5\TXU8EQP9\116[1].net -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1529\A0385466.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0393277.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0393280.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\jokesearch.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\pranks.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smiley.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smileyxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Configurator -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Configurator\ConfiguratorOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Configurator\ConfiguratorOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\JokeSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\JokeSearch\JokeSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Pranks -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Pranks\PranksOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Pranks\PranksOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\SmileyTown -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\SmileyTown\SmileyTownOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Darlene\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-3866618421-3375310717-1531342322-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1532\A0387841.exe -> Adware.ValueAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Jake\Local Settings\Temporary Internet Files\Content.IE5\ULWZQD2D\setar-101[1].0000 -> Adware.Yazzle : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1529\A0385463.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0393290.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1528\A0385277.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0393289.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win8B6.tmp.exe -> Downloader.Small.dod : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1529\A0385465.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0393276.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1528\A0385239.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1528\A0385282.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1528\A0385291.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1529\A0385327.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1529\A0385464.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1531\A0387567.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1531\A0387780.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1532\A0387827.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1533\A0388200.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0388409.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0389272.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0390274.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0391274.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0392274.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0393274.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0393389.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\Documents and Settings\Rodger\Cookies\[email protected][1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][2].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][1].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\Darlene\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Kirsten\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Darlene\Cookies\darlene@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Darlene\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Kirsten\Cookies\kirsten@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Kirsten\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Rodger\Cookies\rodger@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.49:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.50:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.51:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.52:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Rodger\Cookies\rodger@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Rodger\Cookies\rodger@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Rodger\Cookies\rodger@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.45:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][2].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\Jake\Cookies\jake@gamershell[2].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][1].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.40:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.41:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.42:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.43:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.53:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Rodger\Cookies\rodger@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.34:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Kirsten\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Darlene\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kirsten\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kirsten\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Rodger\Cookies\rodger@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][1].txt -> TrackingCookie.Quarterserver : Cleaned.
:mozilla.39:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Rodger\Cookies\rodger@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Kirsten\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.48:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Darlene\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Darlene\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Darlene\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Darlene\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Rodger\Cookies\rodger@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.70:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Darlene\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Rodger\Cookies\rodger@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jake\Cookies\[email protected][1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Rodger\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Rodger\Cookies\rodger@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.54:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\nmv7cjmf.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Rodger\Cookies\rodger@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1532\A0388094.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1534\A0388263.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1535\A0396028.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drvvah.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1528\A0385270.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EB981262-D757-42D4-9E0D-0F83010CA91B}\RP1532\A0387842.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnscpcc.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end
  • 0

#15
CanadianWinter
Posted 23 February 2007 - 04:23 PM

CanadianWinter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hope this is what you meant by the vundofix log. Here it is


VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.9

Scan started at 12:17:13 PM 2/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\ccbeg.tmp
C:\WINDOWS\system32\gebcc.dll

VundoFix V6.3.9

Checking Java version...

Java version is 1.5.0.9

Scan started at 8:14:51 PM 2/21/2007

Listing files found while scanning....

C:\Documents and settings\Rodger\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Rodger\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\ccbeg.tmp
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\rmyltsgp.dll

Beginning removal...

Attempting to delete C:\Documents and settings\Rodger\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Rodger\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Rodger\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Rodger\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\ccbeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ccbeg.tmp
C:\WINDOWS\system32\ccbeg.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gebcc.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\ssqonom.dll
C:\WINDOWS\SYSTEM32\ssqonom.dll Has been deleted!

Performing Repairs to the registry.
Done!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP