Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

win32:TratBHO[trj] [RESOLVED]

Started by cldshwr77 , Jan 26 2008 04:28 PM

This topic is locked

#1
cldshwr77

Posted 26 January 2008 - 04:28 PM

New Member

Member
9 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:55 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Napster\napster.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster...omeLeftPane.htm
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {8FD66659-A7AF-4641-9999-C56607D3A0AB} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\pmnonop.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FAA5F402-1E54-4BC5-B1F3-38C512304C90} - C:\Program Files\Messenger\hoketohC:\WINDOWS\system32\mr9\gyreo83122.exe.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk788YYUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.driveclea...leanerstart.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1187996829312
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 11512 bytes

#2
Rorschach112

Posted 26 January 2008 - 07:14 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3
cldshwr77

Posted 26 January 2008 - 08:10 PM

New Member

Topic Starter
Member
9 posts

thank you for your help here is what you wanted

Deckard's System Scanner v20071014.68
Run by allen on 2008-01-26 21:05:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
98: 2008-01-27 02:05:48 UTC - RP200 - Deckard's System Scanner Restore Point
97: 2008-01-26 21:12:38 UTC - RP199 - System Checkpoint
96: 2008-01-25 18:49:11 UTC - RP198 - System Checkpoint
95: 2008-01-24 15:44:03 UTC - RP197 - System Checkpoint
94: 2008-01-23 14:17:09 UTC - RP196 - System Checkpoint

-- First Restore Point --
1: 2007-10-29 11:20:35 UTC - RP103 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as allen.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:42 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Napster\napster.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\allen\Desktop\WinPFind35u\WinPFind35U.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\allen\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\allen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster...omeLeftPane.htm
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {8FD66659-A7AF-4641-9999-C56607D3A0AB} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\pmnonop.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FAA5F402-1E54-4BC5-B1F3-38C512304C90} - C:\Program Files\Messenger\hoketohC:\WINDOWS\system32\mr9\gyreo83122.exe.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk788YYUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.driveclea...leanerstart.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1187996829312
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 11632 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S1 core - c:\windows\system32\drivers\core.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_1186&DEV_1300&SUBSYS_13011186&REV_10\4&10BD256C&0&08F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_1186&DEV_1300&SUBSYS_13011186&REV_10\4&10BD256C&0&08F0
Service: rtl8139

-- Scheduled Tasks -------------------------------------------------------------

2008-01-26 21:04:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-01-26 03:30:00 386 --a------ C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job

-- Files created between 2007-12-26 and 2008-01-26 -----------------------------

2008-01-26 20:10:36 331776 --a------ C:\WINDOWS\system32\mllji.dll
2008-01-26 19:10:35 331776 --a------ C:\WINDOWS\system32\mljjh.dll
2008-01-26 18:10:34 331776 --a------ C:\WINDOWS\system32\jkkjg.dll
2008-01-26 17:14:42 0 d-------- C:\Program Files\Trend Micro
2008-01-26 16:35:55 0 d-------- C:\WINDOWS\BDOSCAN8
2008-01-26 15:42:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-26 15:42:19 0 d-------- C:\Documents and Settings\allen\Application Data\PrevxCSI
2008-01-26 12:03:48 0 d-------- C:\VundoFix Backups
2008-01-20 18:08:44 0 d-------- C:\Program Files\Call of Duty Game of the Year Edition
2008-01-20 15:13:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Oberon
2008-01-20 15:13:34 0 d-------- C:\Documents and Settings\allen\Application Data\FunWebProducts
2008-01-17 06:19:17 0 d-------- C:\Program Files\MalwareAlarm
2008-01-17 06:18:25 31232 --a------ C:\WINDOWS\xpupdate.exe
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-06 12:02:29 0 d-------- C:\WINDOWS\wt
2008-01-06 12:02:24 0 d-------- C:\Program Files\WildTangent
2008-01-05 06:53:44 0 d-------- C:\WINDOWS\system32\mr9
2008-01-05 06:53:44 0 d-------- C:\WINDOWS\system32\aj2
2008-01-05 06:53:32 0 d-------- C:\WINDOWS\system32\z9
2008-01-05 06:53:32 0 d-------- C:\WINDOWS\system32\wp1
2008-01-05 06:53:20 0 d-------- C:\WINDOWS\system32\z1
2008-01-05 06:52:32 41472 -----n--- C:\WINDOWS\system32\pmnonop.dll
2008-01-05 06:52:30 0 d-------- C:\WINDOWS\system32\ardCo01

-- Find3M Report ---------------------------------------------------------------

2008-01-26 08:22:27 0 d-------- C:\Program Files\IncrediGames
2008-01-26 08:22:25 0 d-------- C:\Program Files\Common Files
2008-01-09 15:43:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-06 18:57:36 0 d-------- C:\Documents and Settings\allen\Application Data\Real
2008-01-05 19:44:30 0 d-------- C:\Program Files\FunWebProducts
2008-01-04 07:22:21 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-01-01 16:29:22 0 d-------- C:\Program Files\PartyGaming
2007-12-23 01:21:06 0 d-------- C:\Program Files\Google
2007-12-23 00:05:57 0 d-------- C:\Program Files\RXToolBar
2007-12-22 23:14:55 0 d-------- C:\Program Files\Altnet
2007-12-22 23:14:54 10 --a------ C:\WINDOWS\smdat32m.sys
2007-12-22 23:14:48 0 d-------- C:\Program Files\Need2Find
2007-12-22 23:14:40 0 d-------- C:\Program Files\Kazaa
2007-12-22 23:08:50 0 --a------ C:\WINDOWS\smdat32a.sys
2007-12-21 20:20:50 45 --a------ C:\WINDOWS\popcinfo.dat
2007-12-20 15:27:21 0 d-------- C:\Program Files\Napster
2007-12-09 12:33:03 0 d-------- C:\Program Files\City Interactive
2007-12-07 18:01:03 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-07 17:59:32 0 d-------- C:\Program Files\Cosmi
2007-12-07 17:55:07 0 d-------- C:\Program Files\Coupons
2007-12-07 17:53:29 0 d-------- C:\Program Files\Yahoo!
2007-12-07 17:53:25 0 d-------- C:\Program Files\QuickTime
2007-12-07 17:53:16 0 d-------- C:\Program Files\Dell
2007-12-07 17:53:15 0 d-------- C:\Program Files\Common Files\AOL
2007-12-07 17:52:33 0 d-------- C:\Program Files\Apple Software Update
2007-12-04 18:11:11 0 d-------- C:\Program Files\Yahoo! Games
2007-12-03 07:31:28 0 d-------- C:\Program Files\IncrediMail
2007-11-26 14:03:43 0 d-------- C:\Program Files\SudokuSweep
2007-11-07 06:47:35 31 --ah----- C:\WINDOWS\uccspecc.sys

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FD66659-A7AF-4641-9999-C56607D3A0AB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1759A31-E627-4758-9562-6899DF36C9C2}]
01/05/2008 06:52 AM 41472 --------- C:\WINDOWS\system32\pmnonop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAA5F402-1E54-4BC5-B1F3-38C512304C90}]
C:\Program Files\Messenger\hoketohC:\WINDOWS\system32\mr9\gyreo83122.exe.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5BED3930-2E9E-76D8-BACC-80DF2188D455}"= C:\WINDOWS\CouponBarIE.dll [ ]
"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}"= C:\Program Files\RXToolBar\RXToolBar.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}]
[HKEY_CLASSES_ROOT\TTB000001.TTB000001.1]
[HKEY_CLASSES_ROOT\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}]
[HKEY_CLASSES_ROOT\TTB000001.TTB000001]

[-HKEY_CLASSES_ROOT\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}]
[HKEY_CLASSES_ROOT\RXToolBar.TBInfo.1]
[HKEY_CLASSES_ROOT\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}]
[HKEY_CLASSES_ROOT\RXToolBar.TBInfo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 09:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 09:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 09:50 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/18/2006 12:46 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/18/2006 12:46 PM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 08:26 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 03:19 PM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [11/08/2007 05:58 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe" [01/04/2008 07:22 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/13/2007 10:44 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [01/04/2008 07:22 AM]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" [03/28/2005 08:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/27/2007 02:22 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/19/2006 7:23:22 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/11/2007 10:58:27 AM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [10/3/2007 1:56:10 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E1759A31-E627-4758-9562-6899DF36C9C2}"= C:\WINDOWS\system32\pmnonop.dll [01/05/2008 06:52 AM 41472]

-- End of Deckard's System Scanner: finished at 2008-01-26 21:07:20 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2038.07 MiB / 1565.3 MiB
Pagefile Memory (total/avail): 2641.19 MiB / 2259.62 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.96 MiB

C: is Fixed (NTFS) - 71.46 GiB total, 56.98 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST380819AS - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 71.46 GiB - C:
\PARTITION2 - Unknown - 3 GiB

\\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device

\\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device

\\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device

\\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1098 [VPS 080126-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Documents and Settings\\uiser\\Local Settings\\Temporary Internet Files\\Content.IE5\\W1MZ0LMZ\\incredimail_install[1].exe"="C:\\Documents and Settings\\uiser\\Local Settings\\Temporary Internet Files\\Content.IE5\\W1MZ0LMZ\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\City Interactive\\WWII Pacific Heroes\\pacific.exe"="C:\\Program Files\\City Interactive\\WWII Pacific Heroes\\pacific.exe:*:Enabled:pacific"
"C:\\Documents and Settings\\uiser\\Local Settings\\Temporary Internet Files\\Content.IE5\\GP4RSVGN\\incredimail_install[1].exe"="C:\\Documents and Settings\\uiser\\Local Settings\\Temporary Internet Files\\Content.IE5\\GP4RSVGN\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo! Games\\Puzzle Express\\PuzzleExpress.exe"="C:\\Program Files\\Yahoo! Games\\Puzzle Express\\PuzzleExpress.exe:*:Disabled:PuzzleExpress"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:AT&T Yahoo! Music Jukebox"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\allen\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D966X791
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\allen
LOGONSERVER=\\D966X791
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\allen\LOCALS~1\Temp
TMP=C:\DOCUME~1\allen\LOCALS~1\Temp
USERDOMAIN=D966X791
USERNAME=allen
USERPROFILE=C:\Documents and Settings\allen
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

uiser (admin)
allen (admin)
doug (admin)
Guest (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7 Wonders --> C:\Program Files\MumboJumbo\7 Wonders\uninstall.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\common\uninstall.exe
AT&T Yahoo! Music Jukebox --> MsiExec.exe /X{54AA707B-68DA-49A4-9916-68DD670241BD}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Call of Duty Game of the Year Edition --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Chuzzle Deluxe 1.0 --> C:\Program Files\PopCap Games\Chuzzle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Chuzzle Deluxe\Install.log"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
CouponBar --> regsvr32 /u /s "C:\WINDOWS\CouponBarIE.dll"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Google AFE --> regsvr32 /u /s "c:\Program Files\GoogleAFE\GoogleAE.dll"
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Jewel Logic --> MsiExec.exe /X{61A57FA5-642C-4AFC-9AD7-8E6CC4053135}
Jewel Quest Solitaire (remove only) --> "C:\Program Files\iWin.com\Jewel Quest Solitaire\Uninstall.exe"
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
My Web Search (Smiley Central) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsbar.dll,O
Napster --> C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Need2Find Bar --> rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
Peer Points Manager --> "C:\Program Files\Altnet\Download Manager\AltnetUninstall.exe" -m
Polar Bowler from WildGames (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\023782E7-308A-4278-9762-947348D4DF34\Uninstall.exe"
Polar Golfer from WildGames (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\169E7C03-35E3-4E8A-855F-225246CE3E5E\Uninstall.exe"
Poppit To Go --> C:\PROGRA~1\POGOGA~1\POPPIT~1\UNWISE.EXE C:\PROGRA~1\POGOGA~1\POPPIT~1\INSTALL.LOG
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RX Bar --> regsvr32.exe /u /s "C:\Program Files\RXToolBar\RXToolBar.dll"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SudokuSweep --> "C:\Program Files\SudokuSweep\uninstall.exe"
Super Collapse! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A301896D-9F55-4492-B518-30EAC4C723E1}\setup.exe" -l0x9
Super Glinx! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> -l0x9
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"

-- Application Event Log -------------------------------------------------------

Event Record #/Type12039 / Error
Event Submitted/Written: 01/26/2008 04:52:31 PM
Event ID/Source: 32045 / Microsoft Fax
Event Description:
Fax Service failed to initialize because it could not initialize the TAPI devices.

Verify that the fax modem was installed and configured correctly.
Win32 error code: -2147483576.
This error code indicates the cause of the error.

Event Record #/Type12009 / Warning
Event Submitted/Written: 01/23/2008 08:25:23 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type11988 / Error
Event Submitted/Written: 01/20/2008 03:19:59 PM
Event ID/Source: 32045 / Microsoft Fax
Event Description:
Fax Service failed to initialize because it could not initialize the TAPI devices.

Verify that the fax modem was installed and configured correctly.
Win32 error code: -2147483576.
This error code indicates the cause of the error.

Event Record #/Type11974 / Error
Event Submitted/Written: 01/20/2008 08:58:59 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application JewelLogic.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11969 / Warning
Event Submitted/Written: 01/20/2008 05:18:24 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type17976 / Error
Event Submitted/Written: 01/26/2008 04:31:51 PM
Event ID/Source: 6161 / Print
Event Description:
The document http://forum.bitdefe...6f91baf56e55816 owned by allen failed to print on printer Lexmark Z22-Z32 Color Jetprinter. Data type: NT EMF 1.008. Size of the spool file in bytes: 443104. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\D966X791. Win32 error code returned by the print processor: http://forum.bitdefe...f91baf56e558160. http://forum.bitdefe...f91baf56e558161

Event Record #/Type17975 / Error
Event Submitted/Written: 01/26/2008 04:29:53 PM
Event ID/Source: 6161 / Print
Event Description:
The document http://forum.bitdefe...6f91baf56e55816 owned by allen failed to print on printer Lexmark Z22-Z32 Color Jetprinter. Data type: NT EMF 1.008. Size of the spool file in bytes: 270260. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\D966X791. Win32 error code returned by the print processor: http://forum.bitdefe...f91baf56e558160. http://forum.bitdefe...f91baf56e558161

Event Record #/Type17974 / Error
Event Submitted/Written: 01/26/2008 04:29:38 PM
Event ID/Source: 6161 / Print
Event Description:
The document http://forum.bitdefe...6f91baf56e55816 owned by allen failed to print on printer Lexmark Z22-Z32 Color Jetprinter. Data type: NT EMF 1.008. Size of the spool file in bytes: 270260. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\D966X791. Win32 error code returned by the print processor: http://forum.bitdefe...f91baf56e558160. http://forum.bitdefe...f91baf56e558161

Event Record #/Type17863 / Warning
Event Submitted/Written: 01/26/2008 02:28:53 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type17854 / Error
Event Submitted/Written: 01/25/2008 00:49:21 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

-- End of Deckard's System Scanner: finished at 2008-01-26 21:07:20 ------------

#4
Rorschach112

Posted 27 January 2008 - 11:13 AM

Ralphie

Retired Staff
47,710 posts

Hello

Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

WildTangent
MyWebSearch
MyWebSA

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {8FD66659-A7AF-4641-9999-C56607D3A0AB} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\pmnonop.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk788YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.driveclea...leanerstart.cab

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\jkkjg.dll
C:\Documents and Settings\All Users\Application Data\Oberon
C:\Documents and Settings\allen\Application Data\FunWebProducts
C:\Program Files\MalwareAlarm
C:\WINDOWS\xpupdate.exe
C:\WINDOWS\wt
C:\Program Files\WildTangent
C:\WINDOWS\system32\mr9
C:\WINDOWS\system32\aj2
C:\WINDOWS\system32\z9
C:\WINDOWS\system32\wp1
C:\WINDOWS\system32\z1
C:\WINDOWS\system32\pmnonop.dll
C:\WINDOWS\system32\ardCo01
C:\Program Files\FunWebProducts
C:\WINDOWS\system32\f3PSSavr.scr
C:\Program Files\Altnet
C:\WINDOWS\smdat32m.sys
C:\Program Files\Coupons
C:\Program Files\MyWebSearch
C:\WINDOWS\system32\pmnonop.dll
C:\Program Files\WildTangent

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
purity
```
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and post a new DSS log

#5
cldshwr77

Posted 27 January 2008 - 11:52 AM

New Member

Topic Starter
Member
9 posts

File/Folder C:\WINDOWS\system32\mllji.dll not found.
File/Folder C:\WINDOWS\system32\mljjh.dll not found.
File/Folder C:\WINDOWS\system32\jkkjg.dll not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Oberon not found.
File/Folder C:\Documents and Settings\allen\Application Data\FunWebProducts not found.
File/Folder C:\Program Files\MalwareAlarm not found.
File/Folder C:\WINDOWS\xpupdate.exe not found.
File/Folder C:\WINDOWS\wt not found.
File/Folder C:\Program Files\WildTangent not found.
File/Folder C:\WINDOWS\system32\mr9 not found.
File/Folder C:\WINDOWS\system32\aj2 not found.
File/Folder C:\WINDOWS\system32\z9 not found.
File/Folder C:\WINDOWS\system32\wp1 not found.
File/Folder C:\WINDOWS\system32\z1 not found.
File/Folder C:\WINDOWS\system32\pmnonop.dll not found.
File/Folder C:\WINDOWS\system32\ardCo01 not found.
File/Folder C:\Program Files\FunWebProducts not found.
File/Folder C:\WINDOWS\system32\f3PSSavr.scr not found.
File/Folder C:\Program Files\Altnet not found.
File/Folder C:\WINDOWS\smdat32m.sys not found.
File/Folder C:\Program Files\Coupons not found.
File/Folder C:\Program Files\MyWebSearch not found.
File/Folder C:\WINDOWS\system32\pmnonop.dll not found.
File/Folder C:\Program Files\WildTangent not found.
[Custom Input]
< purity >

OTMoveIt2 v1.0.15 log created on 01272008_125042
Deckard's System Scanner v20071014.68
Run by allen on 2008-01-27 12:51:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as allen.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:50 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\allen\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\allen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster...omeLeftPane.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FAA5F402-1E54-4BC5-B1F3-38C512304C90} - C:\Program Files\Messenger\hoketohC:\WINDOWS\system32\mr9\gyreo83122.exe.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1187996829312
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 10120 bytes

-- Files created between 2007-12-27 and 2008-01-27 -----------------------------

2008-01-27 12:34:52 381012 --a------ C:\Program Files\Uninstall Fun Web Products.dll <Not Verified; MyWebSearch.com; My Web Search Bar for Internet Explorer, FireFox, Netscape, email clients, and messenger clients>
2008-01-27 08:37:36 0 d-------- C:\Documents and Settings\allen\Saved Games
2008-01-27 08:37:36 0 d-------- C:\Documents and Settings\allen\Application Data\Flood Light Games
2008-01-27 08:37:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-01-26 17:14:42 0 d-------- C:\Program Files\Trend Micro
2008-01-26 16:35:55 0 d-------- C:\WINDOWS\BDOSCAN8
2008-01-26 15:42:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-26 15:42:19 0 d-------- C:\Documents and Settings\allen\Application Data\PrevxCSI
2008-01-26 12:03:48 0 d-------- C:\VundoFix Backups
2008-01-20 18:08:44 0 d-------- C:\Program Files\Call of Duty Game of the Year Edition
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe

-- Find3M Report ---------------------------------------------------------------

2008-01-27 11:25:40 0 d-------- C:\Program Files\IncrediGames
2008-01-27 11:25:39 0 d-------- C:\Program Files\Common Files
2008-01-09 15:43:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-06 18:57:36 0 d-------- C:\Documents and Settings\allen\Application Data\Real
2008-01-01 16:29:22 0 d-------- C:\Program Files\PartyGaming
2007-12-23 01:21:06 0 d-------- C:\Program Files\Google
2007-12-23 00:05:57 0 d-------- C:\Program Files\RXToolBar
2007-12-22 23:14:48 0 d-------- C:\Program Files\Need2Find
2007-12-22 23:14:40 0 d-------- C:\Program Files\Kazaa
2007-12-22 23:08:50 0 --a------ C:\WINDOWS\smdat32a.sys
2007-12-21 20:20:50 45 --a------ C:\WINDOWS\popcinfo.dat
2007-12-20 15:27:21 0 d-------- C:\Program Files\Napster
2007-12-09 12:33:03 0 d-------- C:\Program Files\City Interactive
2007-12-07 18:01:03 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-07 17:59:32 0 d-------- C:\Program Files\Cosmi
2007-12-07 17:53:29 0 d-------- C:\Program Files\Yahoo!
2007-12-07 17:53:25 0 d-------- C:\Program Files\QuickTime
2007-12-07 17:53:16 0 d-------- C:\Program Files\Dell
2007-12-07 17:53:15 0 d-------- C:\Program Files\Common Files\AOL
2007-12-07 17:52:33 0 d-------- C:\Program Files\Apple Software Update
2007-12-04 18:11:11 0 d-------- C:\Program Files\Yahoo! Games
2007-12-03 07:31:28 0 d-------- C:\Program Files\IncrediMail
2007-11-07 06:47:35 31 --ah----- C:\WINDOWS\uccspecc.sys

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAA5F402-1E54-4BC5-B1F3-38C512304C90}]
C:\Program Files\Messenger\hoketohC:\WINDOWS\system32\mr9\gyreo83122.exe.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5BED3930-2E9E-76D8-BACC-80DF2188D455}"= C:\WINDOWS\CouponBarIE.dll [ ]
"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}"= C:\Program Files\RXToolBar\RXToolBar.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}]
[HKEY_CLASSES_ROOT\TTB000001.TTB000001.1]
[HKEY_CLASSES_ROOT\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}]
[HKEY_CLASSES_ROOT\TTB000001.TTB000001]

[-HKEY_CLASSES_ROOT\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}]
[HKEY_CLASSES_ROOT\RXToolBar.TBInfo.1]
[HKEY_CLASSES_ROOT\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}]
[HKEY_CLASSES_ROOT\RXToolBar.TBInfo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 09:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 09:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 09:50 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/18/2006 12:46 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/18/2006 12:46 PM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 08:26 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 03:19 PM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [11/08/2007 05:58 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/13/2007 10:44 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/27/2007 02:22 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/19/2006 7:23:22 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/11/2007 10:58:27 AM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [10/3/2007 1:56:10 PM]

-- End of Deckard's System Scanner: finished at 2008-01-27 12:52:06 ------------

#6
Rorschach112

Posted 27 January 2008 - 12:51 PM

Ralphie

Retired Staff
47,710 posts

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {FAA5F402-1E54-4BC5-B1F3-38C512304C90} - C:\Program Files\Messenger\hoketohC:\WINDOWS\system32\mr9\gyreo83122.exe.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please run the OTMoveIt2 by OldTimer again.

Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
C:\Program Files\Uninstall Fun Web Products.dll
C:\Program Files\RXToolBar
C:\Program Files\Messenger\hoketoh
C:\WINDOWS\system32\mr9
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
purity
```
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Reboot and post a new DSS log

#7
cldshwr77

Posted 27 January 2008 - 03:59 PM

New Member

Topic Starter
Member
9 posts

SUPERAntiSpyware Scan LogFile/Folder C:\Program Files\Uninstall Fun Web Products.dll not found.
File/Folder C:\Program Files\RXToolBar not found.
File/Folder C:\Program Files\Messenger\hoketoh not found.
File/Folder C:\WINDOWS\system32\mr9 not found.
[Custom Input]
< purity >

OTMoveIt2 v1.0.15 log created on 01272008_165751

http://www.superantispyware.com

Generated 01/27/2008 at 04:47 PM

Application Version : 3.9.1008

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 02:35:19

Memory items scanned : 558
Memory threats detected : 0
Registry items scanned : 5179
Registry threats detected : 74
File items scanned : 76654
File threats detected : 498

Adware.MyWay
HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32
C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL

Adware.RX Toolbar
HKLM\Software\Classes\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}
HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}
HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}
HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\InprocServer32
HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\InprocServer32#ThreadingModel
HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\ProgID
HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\Programmable
HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\TypeLib
HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\VersionIndependentProgID
C:\PROGRAM FILES\RXTOOLBAR\RXTOOLBAR.DLL
HKU\S-1-5-21-766722026-832854739-3246968915-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}
HKCR\RXToolBar.TBInfo.1
HKCR\RXToolBar.TBInfo.1\CLSID
HKCR\RXToolBar.TBInfo
HKCR\RXToolBar.TBInfo\CLSID
HKCR\RXToolBar.TBInfo\CurVer
HKCR\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}
HKCR\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}\1.0
HKCR\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}\1.0\0
HKCR\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}\1.0\0\win32
HKCR\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}\1.0\FLAGS
HKCR\TypeLib\{66B20295-DC57-42B6-ACDF-52D916E86464}\1.0\HELPDIR

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\Programmable
HKCR\CLSID\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
HKLM\Software\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\Programmable
HKCR\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}\TypeLib
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E1759A31-E627-4758-9562-6899DF36C9C2}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0042677.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0042686.DLL

Adware.CouponBar
HKLM\Software\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\InprocServer32#ThreadingModel
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ProgID
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\Programmable
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\TypeLib
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\VersionIndependentProgID
C:\WINDOWS\COUPONBARIE.DLL
HKLM\Software\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\InprocServer32#ThreadingModel
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ProgID
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\Programmable
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\TypeLib
HKCR\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\VersionIndependentProgID
C:\WINDOWS\COUPON~1.DLL
HKU\S-1-5-21-766722026-832854739-3246968915-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{5BED3930-2E9E-76D8-BACC-80DF2188D455}
HKCR\TTB000001.TTB000001.1
HKCR\TTB000001.TTB000001.1\CLSID
HKCR\TTB000001.TTB000001
HKCR\TTB000001.TTB000001\CLSID
HKCR\TTB000001.TTB000001\CurVer
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\0\win32
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\FLAGS
HKCR\TypeLib\{9BA983B1-0C05-2DAF-9D1D-7E160077CAF4}\1.0\HELPDIR

Adware.Tracking Cookie
C:\Documents and Settings\allen\Cookies\allen@zedo[2].txt
C:\Documents and Settings\allen\Cookies\allen@indianfriendfinder[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@partypoker[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@interclick[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@apmebf[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@media6degrees[2].txt
C:\Documents and Settings\allen\Cookies\allen@partner2profit[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@adinterax[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][3].txt
C:\Documents and Settings\allen\Cookies\allen@tribalfusion[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@curvyclicks[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@qksrv[2].txt
C:\Documents and Settings\allen\Cookies\allen@zango[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@overture[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@xiti[1].txt
C:\Documents and Settings\allen\Cookies\allen@hitbox[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@xxxcounter[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@casalemedia[1].txt
C:\Documents and Settings\allen\Cookies\allen@revsci[2].txt
C:\Documents and Settings\allen\Cookies\allen@clickbank[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@tacoda[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@sextracker[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@cgi-bin[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@jamster[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@advertising[2].txt
C:\Documents and Settings\allen\Cookies\allen@adlegend[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@specificclick[2].txt
C:\Documents and Settings\allen\Cookies\allen@toplist[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@spamblockerutility[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@atdmt[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@adrevolver[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@hotbar[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@revenue[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@2o7[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@webpower[1].txt
C:\Documents and Settings\allen\Cookies\allen@fastclick[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@clicksmartaffiliates[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@trafficmp[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@doubleclick[1].txt
C:\Documents and Settings\allen\Cookies\allen@questionmarket[1].txt
C:\Documents and Settings\allen\Cookies\allen@mediaplex[2].txt
C:\Documents and Settings\allen\Cookies\allen@atwola[2].txt
C:\Documents and Settings\allen\Cookies\allen@spyguardpro[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@bluestreak[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@curvyclicks[3].txt
C:\Documents and Settings\allen\Cookies\allen@mywebsearch[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@burstnet[1].txt
C:\Documents and Settings\allen\Cookies\allen@statcounter[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@findlaw[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@adserving[1].txt
C:\Documents and Settings\allen\Cookies\allen@serving-sys[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@adbrite[1].txt
C:\Documents and Settings\allen\Cookies\allen@realmedia[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@need2find[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][4].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][5].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@fliptrack[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@maxserving[2].txt
C:\Documents and Settings\allen\Cookies\allen@adecn[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][3].txt
C:\Documents and Settings\allen\Cookies\allen@precisionclick[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@adultfriendfinder[2].txt
C:\Documents and Settings\allen\Cookies\[email protected][4].txt
C:\Documents and Settings\allen\Cookies\[email protected][2].txt
C:\Documents and Settings\allen\Cookies\allen@myadultsite[1].txt
C:\Documents and Settings\allen\Cookies\allen@teendeja[1].txt
C:\Documents and Settings\allen\Cookies\[email protected][3].txt
C:\Documents and Settings\allen\Cookies\allen@shakingmedia[2].txt
C:\Deckard\System Scanner\20080127125142\backup\DOCUME~1\allen\LOCALS~1\Temp\Cookies\allen@atdmt[2].txt
C:\Deckard\System Scanner\20080127125142\backup\DOCUME~1\allen\LOCALS~1\Temp\Cookies\allen@doubleclick[2].txt
C:\Deckard\System Scanner\20080127125142\backup\DOCUME~1\allen\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\Deckard\System Scanner\20080127125142\backup\DOCUME~1\allen\LOCALS~1\Temp\Cookies\allen@mediaplex[1].txt
C:\Documents and Settings\doug\Cookies\doug@2o7[1].txt
C:\Documents and Settings\doug\Cookies\[email protected][2].txt
C:\Documents and Settings\doug\Cookies\doug@adinterax[2].txt
C:\Documents and Settings\doug\Cookies\[email protected][2].txt
C:\Documents and Settings\doug\Cookies\[email protected][1].txt
C:\Documents and Settings\doug\Cookies\[email protected][1].txt
C:\Documents and Settings\doug\Cookies\[email protected][2].txt
C:\Documents and Settings\doug\Cookies\doug@advertising[1].txt
C:\Documents and Settings\doug\Cookies\doug@apmebf[2].txt
C:\Documents and Settings\doug\Cookies\doug@atdmt[2].txt
C:\Documents and Settings\doug\Cookies\[email protected][2].txt
C:\Documents and Settings\doug\Cookies\doug@casalemedia[2].txt
C:\Documents and Settings\doug\Cookies\doug@doubleclick[1].txt
C:\Documents and Settings\doug\Cookies\doug@imrworldwide[2].txt
C:\Documents and Settings\doug\Cookies\[email protected][1].txt
C:\Documents and Settings\doug\Cookies\[email protected][1].txt
C:\Documents and Settings\doug\Cookies\doug@mediaplex[1].txt
C:\Documents and Settings\doug\Cookies\[email protected][1].txt
C:\Documents and Settings\doug\Cookies\doug@mywebsearch[1].txt
C:\Documents and Settings\doug\Cookies\[email protected][1].txt
C:\Documents and Settings\doug\Cookies\doug@partypoker[1].txt
C:\Documents and Settings\doug\Cookies\[email protected][1].txt
C:\Documents and Settings\doug\Cookies\doug@questionmarket[2].txt
C:\Documents and Settings\doug\Cookies\doug@revenue[2].txt
C:\Documents and Settings\doug\Cookies\[email protected][2].txt
C:\Documents and Settings\doug\Cookies\doug@serving-sys[1].txt
C:\Documents and Settings\doug\Cookies\doug@specificclick[2].txt
C:\Documents and Settings\doug\Cookies\doug@tacoda[1].txt
C:\Documents and Settings\doug\Cookies\[email protected][1].txt
C:\Documents and Settings\doug\Cookies\doug@trafficmp[2].txt
C:\Documents and Settings\doug\Cookies\doug@zedo[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@adbrite[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adlegend[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@adultfriendfinder[2].txt
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@hitbox[1].txt
C:\Documents and Settings\Guest\Cookies\guest@hotbar[2].txt
C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
C:\Documents and Settings\Guest\Cookies\guest@revsci[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@toplist[1].txt
C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@2o7[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@adbrite[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@adecn[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@adinterax[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@adknowledge[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@adlegend[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@adprofile[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@adrevolver[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@adserver[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@adtech[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@adverticum[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@advertising[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@apmebf[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@atdmt[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@atwola[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@azjmp[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@azoogleads[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@bluestreak[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@bravenetmedianetwork[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@burstnet[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@casalemedia[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@clickbank[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@clickondetroit[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@clicksmartaffiliates[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@collective-media[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@consumergain[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@coolsavings[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@dealtime[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@directtrack[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@doubleclick[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@drivecleaner[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@easyscreensavers[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@eyewonder[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@ez-tracks[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@fastclick[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@findagrave[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@findgrave[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@friendfinder[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@hitbox[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@hotbar[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@indexstats[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@interclick[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@keywordmax[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@linkstattrack[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@linksynergy[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@maxserving[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@media303[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@mediapartners-img[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@mediaplex[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@mywebsearch[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@netmediagroup[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@nextag[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@overture[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@partner2profit[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@partypoker[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@popularscreensavers[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@precisionclick[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@pro-market[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@questionmarket[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@realmedia[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@revenue[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@revsci[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@roiservice[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@screensaverinsanity[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@screensavers[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@seniorfriendfinder[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][3].txt
C:\Documents and Settings\uiser\Cookies\[email protected][4].txt
C:\Documents and Settings\uiser\Cookies\uiser@serving-sys[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@smileycentral[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@specificclick[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@statcounter[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\uiser@statsgod[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@tacoda[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@thetopscreensavers[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@toplist[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@toseeka[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@trafficmp[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@tribalfusion[1].txt
C:\Documents and Settings\uiser\Cookies\uiser@usenext[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@wjadserver[2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@xiti[1].txt
C:\Documents and Settings\uiser\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Cookies\uiser@xtremetrack[2].txt
C:\Documents and Settings\uiser\Cookies\uiser@zedo[1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@atdmt[1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@bluestreak[1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@casalemedia[2].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@doubleclick[1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@fastclick[1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@findwhat[1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@hitbox[2].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@hotbar[2].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@mediaplex[2].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@mywebsearch[2].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@overture[1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@questionmarket[2].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@realmedia[1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@specificclick[1].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@statcounter[2].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@tribalfusion[2].txt
C:\Documents and Settings\uiser\Local Settings\Temp\Cookies\uiser@zedo[2].txt

Adware.Web Buying
HKU\S-1-5-21-766722026-832854739-3246968915-1008\Software\WebBuying

Adware.180solutions/ZangoSearch
C:\DOCUMENTS AND SETTINGS\UISER\LOCAL SETTINGS\TEMP\TEMPORARY INTERNET FILES\CONTENT.IE5\SBEGOLT2\SETUP[1].EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038682.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038683.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038684.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038685.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038686.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038687.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038689.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038691.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038692.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038693.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038694.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038696.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038697.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP142\A0038706.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP166\A0041001.DLL

Trojan.Unclassifed/AffiliateBundle
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20080127-124330-120.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP198\A0052805.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP200\A0052912.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP200\A0052916.DLL
C:\VUNDOFIX BACKUPS\GEBYWVV.DLL.BAD
C:\VUNDOFIX BACKUPS\PMNONOP.DLL.BAD
C:\_OTMOVEIT\MOVEDFILES\01272008_124651\WINDOWS\SYSTEM32\PMNONOP.DLL

Adware.HotBar/ShopperReports (Low Risk)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0042676.DLL

Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0042688.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP179\A0042727.EXE

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0052723.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP198\A0052801.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP198\A0052802.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP198\A0052803.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP198\A0052806.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP198\A0052807.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP198\A0052808.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP198\A0052809.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP198\A0052811.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP198\A0052812.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP198\A0052813.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP199\A0052878.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP199\A0052908.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0052971.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0052972.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0052973.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0052974.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0052975.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0052976.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0052977.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0053162.EXE

Trojan.Downloader-Gen/TaLDrv
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0053163.EXE

Trojan.Downloader-Gen/BundleBase
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0053164.EXE

Adware.MyWebSearch
C:\_OTMOVEIT\MOVEDFILES\01272008_124651\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSOEMON.EXE

Trojan.XpUpdate/Fake Alert
C:\_OTMOVEIT\MOVEDFILES\01272008_124651\WINDOWS\XPUPDATE.EXE
Deckard's System Scanner v20071014.68
Run by allen on 2008-01-27 16:59:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as allen.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:11 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\allen\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\allen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster...omeLeftPane.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOW

#8
Rorschach112

Posted 27 January 2008 - 05:07 PM

Ralphie

Retired Staff
47,710 posts

Can you post a new DSS log please

Seems it was cut off

#9
cldshwr77

Posted 27 January 2008 - 06:01 PM

New Member

Topic Starter
Member
9 posts

Deckard's System Scanner v20071014.68
Run by allen on 2008-01-27 19:01:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as allen.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:10 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\allen\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\allen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster...omeLeftPane.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1187996829312
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 9858 bytes

-- Files created between 2007-12-27 and 2008-01-27 -----------------------------

2008-01-27 14:06:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-27 14:06:04 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-27 14:06:04 0 d-------- C:\Documents and Settings\allen\Application Data\SUPERAntiSpyware.com
2008-01-27 14:05:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-27 08:37:36 0 d-------- C:\Documents and Settings\allen\Saved Games
2008-01-27 08:37:36 0 d-------- C:\Documents and Settings\allen\Application Data\Flood Light Games
2008-01-27 08:37:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-01-26 17:14:42 0 d-------- C:\Program Files\Trend Micro
2008-01-26 16:35:55 0 d-------- C:\WINDOWS\BDOSCAN8
2008-01-26 15:42:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-26 15:42:19 0 d-------- C:\Documents and Settings\allen\Application Data\PrevxCSI
2008-01-26 12:03:48 0 d-------- C:\VundoFix Backups
2008-01-20 18:08:44 0 d-------- C:\Program Files\Call of Duty Game of the Year Edition
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe

-- Find3M Report ---------------------------------------------------------------

2008-01-27 14:05:44 0 d-------- C:\Program Files\Common Files
2008-01-27 11:25:40 0 d-------- C:\Program Files\IncrediGames
2008-01-09 15:43:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-06 18:57:36 0 d-------- C:\Documents and Settings\allen\Application Data\Real
2008-01-01 16:29:22 0 d-------- C:\Program Files\PartyGaming
2007-12-23 01:21:06 0 d-------- C:\Program Files\Google
2007-12-22 23:14:48 0 d-------- C:\Program Files\Need2Find
2007-12-22 23:14:40 0 d-------- C:\Program Files\Kazaa
2007-12-22 23:08:50 0 --a------ C:\WINDOWS\smdat32a.sys
2007-12-21 20:20:50 45 --a------ C:\WINDOWS\popcinfo.dat
2007-12-20 15:27:21 0 d-------- C:\Program Files\Napster
2007-12-09 12:33:03 0 d-------- C:\Program Files\City Interactive
2007-12-07 18:01:03 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-07 17:59:32 0 d-------- C:\Program Files\Cosmi
2007-12-07 17:53:29 0 d-------- C:\Program Files\Yahoo!
2007-12-07 17:53:25 0 d-------- C:\Program Files\QuickTime
2007-12-07 17:53:16 0 d-------- C:\Program Files\Dell
2007-12-07 17:53:15 0 d-------- C:\Program Files\Common Files\AOL
2007-12-07 17:52:33 0 d-------- C:\Program Files\Apple Software Update
2007-12-04 18:11:11 0 d-------- C:\Program Files\Yahoo! Games
2007-12-03 07:31:28 0 d-------- C:\Program Files\IncrediMail
2007-11-07 06:47:35 31 --ah----- C:\WINDOWS\uccspecc.sys

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 09:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 09:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 09:50 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/18/2006 12:46 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/18/2006 12:46 PM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 08:26 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 03:19 PM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [11/08/2007 05:58 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/13/2007 10:44 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/27/2007 02:22 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/19/2006 7:23:22 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/11/2007 10:58:27 AM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [10/3/2007 1:56:10 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

-- End of Deckard's System Scanner: finished at 2008-01-27 19:01:32 ------------

#10
Rorschach112

Posted 27 January 2008 - 06:04 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
C:\WINDOWS\uccspecc.sys
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
purity
```
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Reboot and post a new DSS log and tell me how your PC is running

#11
cldshwr77

Posted 27 January 2008 - 06:13 PM

New Member

Topic Starter
Member
9 posts

this is from the first part i will run the antispyware now and post when done
C:\WINDOWS\uccspecc.sys moved successfully.
[Custom Input]
< purity >

OTMoveIt2 v1.0.15 log created on 01272008_191216

#12
cldshwr77

Posted 27 January 2008 - 06:13 PM

New Member

Topic Starter
Member
9 posts

this is from the first part i will run the antispyware now and post when done
C:\WINDOWS\uccspecc.sys moved successfully.
[Custom Input]
< purity >

OTMoveIt2 v1.0.15 log created on 01272008_191216

#13
cldshwr77

Posted 27 January 2008 - 07:37 PM

New Member

Topic Starter
Member
9 posts

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/27/2008 at 08:30 PM

Application Version : 3.9.1008

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 01:15:53

Memory items scanned : 560
Memory threats detected : 0
Registry items scanned : 5172
Registry threats detected : 0
File items scanned : 76850
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\[email protected][1].txt
C:\Documents and Settings\allen\Cookies\allen@advertising[1].txt
C:\Documents and Settings\allen\Cookies\allen@specificclick[2].txt
C:\Documents and Settings\allen\Cookies\allen@atdmt[2].txt
C:\Documents and Settings\allen\Cookies\allen@trafficmp[2].txt
C:\Documents and Settings\allen\Cookies\allen@doubleclick[1].txt

Trojan.Unclassifed/AffiliateBundle
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP203\A0053189.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP203\A0053190.DLL
Deckard's System Scanner v20071014.68
Run by allen on 2008-01-27 20:33:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as allen.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:57 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\allen\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\allen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster...omeLeftPane.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1187996829312
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 9864 bytes

-- Files created between 2007-12-27 and 2008-01-27 -----------------------------

2008-01-27 14:06:12 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-27 14:06:04 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-27 14:06:04 0 d-------- C:\Documents and Settings\allen\Application Data\SUPERAntiSpyware.com
2008-01-27 14:05:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-27 08:37:36 0 d-------- C:\Documents and Settings\allen\Saved Games
2008-01-27 08:37:36 0 d-------- C:\Documents and Settings\allen\Application Data\Flood Light Games
2008-01-27 08:37:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-01-26 17:14:42 0 d-------- C:\Program Files\Trend Micro
2008-01-26 16:35:55 0 d-------- C:\WINDOWS\BDOSCAN8
2008-01-26 15:42:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-26 15:42:19 0 d-------- C:\Documents and Settings\allen\Application Data\PrevxCSI
2008-01-26 12:03:48 0 d-------- C:\VundoFix Backups
2008-01-20 18:08:44 0 d-------- C:\Program Files\Call of Duty Game of the Year Edition
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe

-- Find3M Report ---------------------------------------------------------------

2008-01-27 14:05:44 0 d-------- C:\Program Files\Common Files
2008-01-27 11:25:40 0 d-------- C:\Program Files\IncrediGames
2008-01-09 15:43:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-06 18:57:36 0 d-------- C:\Documents and Settings\allen\Application Data\Real
2008-01-01 16:29:22 0 d-------- C:\Program Files\PartyGaming
2007-12-23 01:21:06 0 d-------- C:\Program Files\Google
2007-12-22 23:14:48 0 d-------- C:\Program Files\Need2Find
2007-12-22 23:14:40 0 d-------- C:\Program Files\Kazaa
2007-12-22 23:08:50 0 --a------ C:\WINDOWS\smdat32a.sys
2007-12-21 20:20:50 45 --a------ C:\WINDOWS\popcinfo.dat
2007-12-20 15:27:21 0 d-------- C:\Program Files\Napster
2007-12-09 12:33:03 0 d-------- C:\Program Files\City Interactive
2007-12-07 18:01:03 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-07 17:59:32 0 d-------- C:\Program Files\Cosmi
2007-12-07 17:53:29 0 d-------- C:\Program Files\Yahoo!
2007-12-07 17:53:25 0 d-------- C:\Program Files\QuickTime
2007-12-07 17:53:16 0 d-------- C:\Program Files\Dell
2007-12-07 17:53:15 0 d-------- C:\Program Files\Common Files\AOL
2007-12-07 17:52:33 0 d-------- C:\Program Files\Apple Software Update
2007-12-04 18:11:11 0 d-------- C:\Program Files\Yahoo! Games
2007-12-03 07:31:28 0 d-------- C:\Program Files\IncrediMail

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 09:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 09:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 09:50 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/18/2006 12:46 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/18/2006 12:46 PM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 08:26 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 03:19 PM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [11/08/2007 05:58 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 09:59 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/13/2007 10:44 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/27/2007 02:22 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/19/2006 7:23:22 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [8/11/2007 10:58:27 AM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [10/3/2007 1:56:10 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

-- End of Deckard's System Scanner: finished at 2008-01-27 20:34:16 ------------

#14
Rorschach112

Posted 27 January 2008 - 07:38 PM

Ralphie

Retired Staff
47,710 posts

Your logs are clean ! We need to do a few things

Make sure you have an Internet Connection.
Double-click OTMoveIt2.exe to run it.
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#15
cldshwr77

Posted 27 January 2008 - 07:46 PM

New Member

Topic Starter
Member
9 posts

thankyou for your help patience with me just wanted to get rid of it and the computer seems to be working fine. I wld normally have had avast pop up by now and tell me it detected a virus and it hasnt
thankyou again