Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

POS files, running slow, popups, fake warnings - HELP! [RESOLVED]


  • This topic is locked This topic is locked

#1
ginrella

ginrella

    Member

  • Member
  • PipPip
  • 38 posts
I started getting fake warnings on Feb 7th. I tried to do a system restore, but it wouldn't let me go back to any time before that actual morning. I had Mcafee but it had expired about 1 month ago. I dowloaded CA anti virus and spyware. I ran Anti virus I had 11 viruses, I also ran spyware. I keep getting unwanted popups, ####### ones also, I had over 4000 POS files in My Documents and when i did a search file/folder. I have since deleted all of them. I don't know what to do from here.
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello ginrella

Welcome to G2Go. :)
===============
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
ginrella

ginrella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Deckard's System Scanner v20071014.68
Run by David Ricci on 2008-02-10 20:44:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-02-11 01:44:50 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-02-10 19:26:02 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as David Ricci.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-10 20:46:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\Net Nanny\NNSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\MyWebSearch\bar\c.bin\M3SRCHMN.EXE
C:\Program Files\Net Nanny\nntray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\ssmsrvc.exe
C:\Documents and Settings\David Ricci\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...l...&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...l...&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\c.bin\MWSBAR.DLL
O2 - BHO: {d0824e53-6dbf-0f4a-01e4-999315573053} - {35037551-3999-4e10-a4f0-fbd635e4280d} - C:\WINDOWS\system32\jbdmkpwv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {9FCBE028-3D87-4D11-8CC1-31015BF94C22} - C:\WINDOWS\system32\geeda.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\urqqppp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\c.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\c.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZKfox000
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly Here and Now\Images\stg_drm.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} () - file://C:\Program Files\Monopoly Here and Now\Images\armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - (no file)
O20 - Winlogon Notify: ggjckaht - C:\WINDOWS\system32\ggjckaht.dll (file missing)
O20 - Winlogon Notify: urqqppp - C:\WINDOWS\system32\urqqppp.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NNSvc - BioNet Systems, LLC - C:\Program Files\Net Nanny\NNSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: SCX-4725 Status Monitor Service (SM_scx425_FUService) - Unknown owner - C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\ssmsrvc /Service
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 8587 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\DAVIDR~1\Desktop\backups\) ------------

backup-20070531-134029-148 O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\a.bin\MWSBAR.DLL
backup-20070531-134029-306 O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL
backup-20070531-134029-327 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL
backup-20070531-134030-385 O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSYYYYYYLVUS
backup-20070531-134030-562 O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll (file missing)
backup-20070531-134030-714 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
backup-20070531-134030-748 O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll (file missing)
backup-20070531-144235-770 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 DgiVecp - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>

S3 SQTECH905C (DB CIF Cam) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NNSvc - c:\program files\net nanny\nnsvc.exe <Not Verified; BioNet Systems, LLC; Net Nanny 5>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 SiteAdvisor Service - c:\program files\siteadvisor\6028\saservice.exe (file missing)
S3 MSControlService (Microsoft cache control) - c:\windows\system32\windows
S3 SM_scx425_FUService (SCX-4725 Status Monitor Service) - "c:\program files\samsung\samsung scx-4725 series\spanel\ssmsrvc /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-01-10 and 2008-02-10 -----------------------------

2008-02-10 17:03:06 86080 --a------ C:\WINDOWS\system32\cpjwxsys.dll
2008-02-10 16:57:06 93248 --a------ C:\WINDOWS\system32\jbdmkpwv.dll
2008-02-09 16:59:57 0 d-------- C:\Program Files\Lavasoft
2008-02-09 16:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-09 16:55:17 93760 --a------ C:\WINDOWS\system32\xvlnimcu.dll
2008-02-09 15:58:44 93760 --a------ C:\WINDOWS\system32\psotphro.dll
2008-02-09 09:04:39 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-09 09:04:39 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-09 09:04:39 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-09 09:04:39 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-02-09 09:04:39 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-09 09:04:39 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-09 09:04:39 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-02-09 09:04:39 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-09 09:04:39 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-09 09:04:39 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-02-09 09:04:39 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-02-09 09:04:39 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-02-09 09:04:38 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-09 08:44:10 0 d-------- C:\WINDOWS\network diagnostic
2008-02-08 12:24:16 94784 --a------ C:\WINDOWS\system32\axnrkenu.dll
2008-02-07 20:48:35 0 d-------- C:\WINDOWS\CAVTemp
2008-02-07 20:45:43 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-02-07 20:45:41 0 d-------- C:\Program Files\CA
2008-02-07 20:29:32 262144 --a------ C:\Documents and Settings\Owner\NTUSER.DAT
2008-02-07 20:29:32 262144 --a------ C:\Documents and Settings\Application Data\NTUSER.DAT
2008-02-07 19:23:07 7168 --a------ C:\WINDOWS\system32\windows
2008-02-07 10:40:29 6291456 --a------ C:\Documents and Settings\David Ricci\ntuser.dat
2008-02-07 10:39:57 311495 --ahs---- C:\WINDOWS\system32\adeeg.ini2
2008-02-07 10:39:48 331264 --a------ C:\WINDOWS\system32\geeda.dll
2008-02-07 10:38:17 0 d-------- C:\Program Files\Temporary
2008-02-07 10:38:17 0 d-------- C:\Program Files\Drmupgds
2008-02-07 10:34:50 0 d-------- C:\WINDOWS\s?stem
2008-02-07 10:34:40 0 d-------- C:\WINDOWS\system32\nGpxx01
2008-02-07 10:34:40 0 d-------- C:\Temp
2008-02-04 10:08:29 0 d-------- C:\Program Files\MyWebSearch
2008-01-26 12:57:31 0 d-------- C:\Documents and Settings\David Ricci\Application Data\SmarThru4
2008-01-26 12:57:27 41984 -----n--- C:\WINDOWS\system32\drivers\DgivEcpXP.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
2008-01-26 12:57:26 163840 -----n--- C:\WINDOWS\system32\SecSNMP.dll <Not Verified; ; SNMPManager>
2008-01-26 12:56:41 458752 --a------ C:\WINDOWS\prinst.exe <Not Verified; Samsung Software Center; Samsung INF Installer>
2008-01-26 12:56:31 90112 --a------ C:\WINDOWS\system32\SamFaxPort.dll
2008-01-26 12:56:24 465408 --a------ C:\WINDOWS\system32\LTRPR13n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® COM for Win32>
2008-01-26 12:56:24 326144 --a------ C:\WINDOWS\system32\LTRIO13N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® COM for Win32>
2008-01-26 12:56:23 931840 --a------ C:\WINDOWS\system32\LTR13N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® COM for Win32>
2008-01-26 12:56:12 0 d-------- C:\Program Files\Common Files\SRC Shared
2008-01-26 12:55:52 23040 --a------ C:\WINDOWS\system32\irisco32.dll
2008-01-26 12:54:43 0 d-------- C:\Program Files\Readiris10
2008-01-26 12:53:55 0 d-------- C:\Program Files\SmarThru 4
2008-01-26 12:52:59 462848 --a------ C:\WINDOWS\ssndii.exe <Not Verified; ; Non-Device INF Installer>
2008-01-26 12:52:50 0 d-------- C:\WINDOWS\Samsung
2008-01-26 12:50:42 73728 -ra------ C:\WINDOWS\WiaInst.exe <Not Verified; ; INF Scanner Installer>
2008-01-26 12:48:58 0 d-------- C:\WINDOWS\system32\drivers\Samsung
2008-01-16 16:07:20 0 d-------- C:\Program Files\Disney
2008-01-14 17:53:49 0 d-------- C:\Documents and Settings\David Ricci\Application Data\BloodTies
2008-01-14 17:50:00 0 d-------- C:\Program Files\Blood Ties


-- Find3M Report ---------------------------------------------------------------

2008-02-10 19:42:35 0 dr------- C:\Program Files\Net Nanny
2008-02-09 16:59:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 21:06:19 0 d-------- C:\Program Files\Common Files
2008-02-07 20:35:22 0 d-------- C:\Program Files\McAfee
2008-02-07 20:35:16 0 d-------- C:\Program Files\McAfee.com
2008-02-04 10:51:01 5852 --a------ C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-04 10:50:59 104 -r-hs---- C:\WINDOWS\system32\5A69A598FA.sys
2008-02-04 10:09:19 28672 --a----c- C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-02-04 08:38:40 0 d-------- C:\Documents and Settings\David Ricci\Application Data\AdobeUM
2008-02-03 13:50:04 9297 --a------ C:\Documents and Settings\David Ricci\Application Data\SmarThruOptions.xml
2008-02-02 09:26:37 109 --a------ C:\WINDOWS\popcinfo.dat
2008-01-26 12:54:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-26 12:48:52 0 d-------- C:\Program Files\Samsung
2008-01-20 15:10:43 0 d-------- C:\Program Files\Wild Thornberrys Australian Wildlife Rescue
2008-01-15 14:53:47 0 d-------- C:\Program Files\Nick Arcade
2008-01-15 14:52:08 0 d-------- C:\Program Files\Shockwave.com
2008-01-15 14:49:19 0 d-------- C:\Program Files\Alawar
2008-01-15 14:47:41 0 d-------- C:\Program Files\Infogrames
2008-01-13 00:28:43 0 d-------- C:\Program Files\AIM6
2008-01-12 16:35:56 0 d-------- C:\Program Files\Barbie™
2008-01-07 18:58:20 119 ---h---c- C:\WINDOWS\popcreg.dat
2008-01-07 18:58:20 43 --a----c- C:\WINDOWS\popcinfot.dat
2008-01-01 18:36:31 0 d-------- C:\Documents and Settings\David Ricci\Application Data\Yahoo!
2008-01-01 13:07:11 0 d-------- C:\Program Files\Yahoo!
2007-12-29 16:27:49 0 d-------- C:\Program Files\Common Files\Sandlot Shared
2007-12-29 13:46:56 0 d-------- C:\Program Files\eGames
2007-12-26 17:52:51 0 d-------- C:\Documents and Settings\David Ricci\Application Data\SpinTop
2007-12-25 20:03:59 0 d-------- C:\Program Files\DB CIF Cam
2007-12-25 20:02:46 0 d-------- C:\Documents and Settings\David Ricci\Application Data\InstallShield
2007-12-25 20:02:37 0 d-------- C:\Program Files\Disney Pix Micro Downloader
2007-12-25 20:01:36 0 d-------- C:\Program Files\Disney Pix 2.2
2007-12-24 18:44:13 0 d-------- C:\Program Files\Hasbro Interactive
2007-12-22 19:17:53 0 d-------- C:\Documents and Settings\David Ricci\Application Data\PlayFirst


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35037551-3999-4e10-a4f0-fbd635e4280d}]
02/10/2008 04:57 PM 93248 --a------ C:\WINDOWS\system32\jbdmkpwv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FCBE028-3D87-4D11-8CC1-31015BF94C22}]
02/07/2008 10:39 AM 331264 --a------ C:\WINDOWS\system32\geeda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
C:\WINDOWS\system32\urqqppp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NNTray"="C:\Program Files\Net Nanny\nnstart.exe" [05/06/2003 11:03 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [09/26/2005 07:34 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\c.bin\m3SrchMn.exe" [02/04/2008 10:09 AM]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [01/22/2007 12:55 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E180F496-8A4B-44E2-9FE0-0364E345DB7F}"= C:\WINDOWS\system32\urqqppp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ggjckaht]
ggjckaht.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqppp]
urqqppp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geeda.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David Ricci^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
path=C:\Documents and Settings\David Ricci\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk
backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
"C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\DAVIDR~1\LOCALS~1\Temp\20061123111023_mcappins.exe /v=3 /cleanup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dc02790c]
rundll32.exe "C:\WINDOWS\system32\cpjwxsys.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drmupgds]
C:\Program Files\Drmupgds\Drmupgds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1145800454\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\DAVIDR~1\LOCALS~1\Temp\20061123111020_mcinfo.exe /insfin

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\c.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\c.bin\m3SrchMn.exe" /m=2 /w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\c.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonDemo]
C:\dell\utilities\dsr\demo\Demo.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
c:\progra~1\vision~1\paperp~1\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PP6100b]
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
"C:\WINDOWS\SSTEM~1\dvdplay.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Whitney2_S2P]
C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe




-- End of Deckard's System Scanner: finished at 2008-02-10 20:48:10 ------------

Deckard's System Scanner v20071014.68
Run by David Ricci on 2008-02-10 20:44:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-02-11 01:44:50 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-02-10 19:26:02 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as David Ricci.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-10 20:46:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\Net Nanny\NNSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\MyWebSearch\bar\c.bin\M3SRCHMN.EXE
C:\Program Files\Net Nanny\nntray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\ssmsrvc.exe
C:\Documents and Settings\David Ricci\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...l...&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...l...&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\c.bin\MWSBAR.DLL
O2 - BHO: {d0824e53-6dbf-0f4a-01e4-999315573053} - {35037551-3999-4e10-a4f0-fbd635e4280d} - C:\WINDOWS\system32\jbdmkpwv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {9FCBE028-3D87-4D11-8CC1-31015BF94C22} - C:\WINDOWS\system32\geeda.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\urqqppp.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\c.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\c.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZKfox000
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly Here and Now\Images\stg_drm.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} () - file://C:\Program Files\Monopoly Here and Now\Images\armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - (no file)
O20 - Winlogon Notify: ggjckaht - C:\WINDOWS\system32\ggjckaht.dll (file missing)
O20 - Winlogon Notify: urqqppp - C:\WINDOWS\system32\urqqppp.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NNSvc - BioNet Systems, LLC - C:\Program Files\Net Nanny\NNSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: SCX-4725 Status Monitor Service (SM_scx425_FUService) - Unknown owner - C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\ssmsrvc /Service
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 8587 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\DAVIDR~1\Desktop\backups\) ------------

backup-20070531-134029-148 O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\a.bin\MWSBAR.DLL
backup-20070531-134029-306 O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL
backup-20070531-134029-327 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL
backup-20070531-134030-385 O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSYYYYYYLVUS
backup-20070531-134030-562 O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll (file missing)
backup-20070531-134030-714 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
backup-20070531-134030-748 O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll (file missing)
backup-20070531-144235-770 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 DgiVecp - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>

S3 SQTECH905C (DB CIF Cam) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NNSvc - c:\program files\net nanny\nnsvc.exe <Not Verified; BioNet Systems, LLC; Net Nanny 5>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 SiteAdvisor Service - c:\program files\siteadvisor\6028\saservice.exe (file missing)
S3 MSControlService (Microsoft cache control) - c:\windows\system32\windows
S3 SM_scx425_FUService (SCX-4725 Status Monitor Service) - "c:\program files\samsung\samsung scx-4725 series\spanel\ssmsrvc /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-01-10 and 2008-02-10 -----------------------------

2008-02-10 17:03:06 86080 --a------ C:\WINDOWS\system32\cpjwxsys.dll
2008-02-10 16:57:06 93248 --a------ C:\WINDOWS\system32\jbdmkpwv.dll
2008-02-09 16:59:57 0 d-------- C:\Program Files\Lavasoft
2008-02-09 16:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-09 16:55:17 93760 --a------ C:\WINDOWS\system32\xvlnimcu.dll
2008-02-09 15:58:44 93760 --a------ C:\WINDOWS\system32\psotphro.dll
2008-02-09 09:04:39 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-09 09:04:39 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-09 09:04:39 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-09 09:04:39 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-02-09 09:04:39 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-09 09:04:39 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-09 09:04:39 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-02-09 09:04:39 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-09 09:04:39 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-09 09:04:39 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-02-09 09:04:39 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-02-09 09:04:39 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-02-09 09:04:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-02-09 09:04:38 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-09 08:44:10 0 d-------- C:\WINDOWS\network diagnostic
2008-02-08 12:24:16 94784 --a------ C:\WINDOWS\system32\axnrkenu.dll
2008-02-07 20:48:35 0 d-------- C:\WINDOWS\CAVTemp
2008-02-07 20:45:43 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-02-07 20:45:41 0 d-------- C:\Program Files\CA
2008-02-07 20:29:32 262144 --a------ C:\Documents and Settings\Owner\NTUSER.DAT
2008-02-07 20:29:32 262144 --a------ C:\Documents and Settings\Application Data\NTUSER.DAT
2008-02-07 19:23:07 7168 --a------ C:\WINDOWS\system32\windows
2008-02-07 10:40:29 6291456 --a------ C:\Documents and Settings\David Ricci\ntuser.dat
2008-02-07 10:39:57 311495 --ahs---- C:\WINDOWS\system32\adeeg.ini2
2008-02-07 10:39:48 331264 --a------ C:\WINDOWS\system32\geeda.dll
2008-02-07 10:38:17 0 d-------- C:\Program Files\Temporary
2008-02-07 10:38:17 0 d-------- C:\Program Files\Drmupgds
2008-02-07 10:34:50 0 d-------- C:\WINDOWS\s?stem
2008-02-07 10:34:40 0 d-------- C:\WINDOWS\system32\nGpxx01
2008-02-07 10:34:40 0 d-------- C:\Temp
2008-02-04 10:08:29 0 d-------- C:\Program Files\MyWebSearch
2008-01-26 12:57:31 0 d-------- C:\Documents and Settings\David Ricci\Application Data\SmarThru4
2008-01-26 12:57:27 41984 -----n--- C:\WINDOWS\system32\drivers\DgivEcpXP.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
2008-01-26 12:57:26 163840 -----n--- C:\WINDOWS\system32\SecSNMP.dll <Not Verified; ; SNMPManager>
2008-01-26 12:56:41 458752 --a------ C:\WINDOWS\prinst.exe <Not Verified; Samsung Software Center; Samsung INF Installer>
2008-01-26 12:56:31 90112 --a------ C:\WINDOWS\system32\SamFaxPort.dll
2008-01-26 12:56:24 465408 --a------ C:\WINDOWS\system32\LTRPR13n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® COM for Win32>
2008-01-26 12:56:24 326144 --a------ C:\WINDOWS\system32\LTRIO13N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® COM for Win32>
2008-01-26 12:56:23 931840 --a------ C:\WINDOWS\system32\LTR13N.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® COM for Win32>
2008-01-26 12:56:12 0 d-------- C:\Program Files\Common Files\SRC Shared
2008-01-26 12:55:52 23040 --a------ C:\WINDOWS\system32\irisco32.dll
2008-01-26 12:54:43 0 d-------- C:\Program Files\Readiris10
2008-01-26 12:53:55 0 d-------- C:\Program Files\SmarThru 4
2008-01-26 12:52:59 462848 --a------ C:\WINDOWS\ssndii.exe <Not Verified; ; Non-Device INF Installer>
2008-01-26 12:52:50 0 d-------- C:\WINDOWS\Samsung
2008-01-26 12:50:42 73728 -ra------ C:\WINDOWS\WiaInst.exe <Not Verified; ; INF Scanner Installer>
2008-01-26 12:48:58 0 d-------- C:\WINDOWS\system32\drivers\Samsung
2008-01-16 16:07:20 0 d-------- C:\Program Files\Disney
2008-01-14 17:53:49 0 d-------- C:\Documents and Settings\David Ricci\Application Data\BloodTies
2008-01-14 17:50:00 0 d-------- C:\Program Files\Blood Ties


-- Find3M Report ---------------------------------------------------------------

2008-02-10 19:42:35 0 dr------- C:\Program Files\Net Nanny
2008-02-09 16:59:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 21:06:19 0 d-------- C:\Program Files\Common Files
2008-02-07 20:35:22 0 d-------- C:\Program Files\McAfee
2008-02-07 20:35:16 0 d--------
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
ginrella

ginrella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
ComboFix 08-02.05.3 - David Ricci 2008-02-10 21:15:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.497 [GMT -5:00]
Running from: C:\Documents and Settings\David Ricci\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MyWebSearch\bar\c.bin\F3HTMLMU.DLL
C:\WINDOWS\system32\geeda.dll
C:\Documents and Settings\David Ricci\Application Data\FunWebProducts
C:\Documents and Settings\David Ricci\Application Data\FunWebProducts\Data\David Ricci\avatar.dat
C:\Documents and Settings\David Ricci\Application Data\FunWebProducts\Data\David Ricci\register.dat
C:\Documents and Settings\David Ricci\Application Data\macromedia\Flash Player\#SharedObjects\7CGLA6DM\www.broadcaster.com
C:\Documents and Settings\David Ricci\Application Data\macromedia\Flash Player\#SharedObjects\7CGLA6DM\www.broadcaster.com\played_list.sol
C:\Documents and Settings\David Ricci\Application Data\macromedia\Flash Player\#SharedObjects\7CGLA6DM\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\David Ricci\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\David Ricci\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\ScreenSaver\Images\061A8908.urr
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\b.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\b.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\c.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\c.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\c.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\c.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\c.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\c.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\c.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\c.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\c.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\c.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\c.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\c.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\c.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\c.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\c.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\c.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\c.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\c.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\c.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\c.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\c.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\c.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\c.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\c.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\c.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Cache\000AF3C5
C:\Program Files\MyWebSearch\bar\Cache\00565BF8
C:\Program Files\MyWebSearch\bar\Cache\04F1CC40
C:\Program Files\MyWebSearch\bar\Cache\04F1CE82
C:\Program Files\MyWebSearch\bar\Cache\04F1DFD7.bin
C:\Program Files\MyWebSearch\bar\Cache\04F1EBED.bin
C:\Program Files\MyWebSearch\bar\Cache\04F1EC99.bin
C:\Program Files\MyWebSearch\bar\Cache\04F1ED83.bin
C:\Program Files\MyWebSearch\bar\Cache\04F1EE3F.bin
C:\Program Files\MyWebSearch\bar\Cache\050DF1D1.bin
C:\Program Files\MyWebSearch\bar\Cache\050DF348.bin
C:\Program Files\MyWebSearch\bar\Cache\050DF53C.bin
C:\Program Files\MyWebSearch\bar\Cache\050DF5F7.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\sstem~1
C:\WINDOWS\sstem~1\s?stem\
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\axnrkenu.dll
C:\WINDOWS\system32\bmfjnhaq.ini
C:\WINDOWS\system32\cpjwxsys.dll
C:\WINDOWS\system32\ctlradwv.ini
C:\WINDOWS\system32\dlosfcsv.ini
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\ggjckaht.dllbox
C:\WINDOWS\system32\htnrvggg.dllbox
C:\WINDOWS\system32\jbdmkpwv.dll
C:\WINDOWS\system32\kxxallrd.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\psotphro.dll
C:\WINDOWS\system32\sysxwjpc.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\xvlnimcu.dll
C:\Program Files\MyWebSearch

.
((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-10 20:44 . 2008-02-10 20:44 <DIR> d-------- C:\Deckard
2008-02-09 16:59 . 2008-02-09 16:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-09 16:59 . 2008-02-09 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-09 09:04 . 2006-04-13 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-09 09:04 . 2006-04-13 15:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-02-09 09:04 . 2006-04-13 15:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-02-09 08:51 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-09 08:51 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-09 08:51 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-09 08:51 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-09 08:51 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-09 08:51 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-09 08:51 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-09 08:51 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-09 08:51 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-07 20:48 . 2008-02-10 21:04 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-02-07 20:45 . 2008-02-07 20:45 <DIR> d-------- C:\Program Files\CA
2008-02-07 20:45 . 2008-02-07 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-02-07 20:45 . 2007-08-20 13:42 879,784 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-02-07 20:45 . 2007-08-20 13:42 108,312 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-02-07 20:45 . 2007-08-20 13:42 99,592 --a------ C:\WINDOWS\system32\isafeif.dll
2008-02-07 20:45 . 2007-08-20 13:42 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-02-07 20:45 . 2007-08-20 13:42 75,016 --a------ C:\WINDOWS\system32\isafprod.dll
2008-02-07 20:45 . 2007-08-20 13:42 32,264 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-02-07 20:45 . 2007-08-20 13:42 26,376 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-02-07 20:45 . 2007-08-20 13:42 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-02-07 20:45 . 2007-08-20 13:42 21,128 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-02-07 10:38 . 2008-02-07 21:10 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-07 10:34 . 2008-02-07 10:38 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-02-07 10:34 . 2008-02-07 10:34 <DIR> d-------- C:\Temp\isgTi19
2008-02-07 10:34 . 2008-02-07 10:34 <DIR> d-------- C:\Temp
2008-01-26 12:57 . 2008-01-26 12:57 <DIR> d-------- C:\Documents and Settings\David Ricci\Application Data\SmarThru4
2008-01-26 12:57 . 2006-08-15 19:54 163,840 --a------ C:\WINDOWS\system32\SecSNMP.dll
2008-01-26 12:57 . 2006-08-15 19:53 41,984 --a------ C:\WINDOWS\system32\drivers\DgivEcpXP.sys
2008-01-26 12:56 . 2008-01-26 12:56 <DIR> d-------- C:\Program Files\Common Files\SRC Shared
2008-01-26 12:55 . 1997-05-26 14:55 23,040 --a------ C:\WINDOWS\system32\irisco32.dll
2008-01-26 12:54 . 2008-01-26 12:56 <DIR> d-------- C:\Program Files\Readiris10
2008-01-26 12:53 . 2008-01-26 12:57 <DIR> d-------- C:\Program Files\SmarThru 4
2008-01-26 12:52 . 2008-01-26 12:52 <DIR> d-------- C:\WINDOWS\Samsung
2008-01-26 12:52 . 2006-09-21 03:28 462,848 --a------ C:\WINDOWS\ssndii.exe
2008-01-26 12:50 . 2006-08-15 20:06 151,552 --a------ C:\WINDOWS\system32\scx425ci.exe
2008-01-26 12:50 . 2006-09-21 03:28 73,728 -ra------ C:\WINDOWS\WiaInst.exe
2008-01-26 12:50 . 2006-08-15 20:06 57,344 --a------ C:\WINDOWS\system32\scx425ci.dll
2008-01-26 12:48 . 2008-01-26 12:48 <DIR> d-------- C:\WINDOWS\system32\drivers\Samsung
2008-01-16 16:07 . 2008-01-16 16:07 <DIR> d-------- C:\Program Files\Disney
2008-01-15 14:52 . 2007-07-15 09:18 3,003 --a------ C:\WINDOWS\_detmp.1
2008-01-14 17:53 . 2008-01-14 17:56 <DIR> d-------- C:\Documents and Settings\David Ricci\Application Data\BloodTies
2008-01-14 17:50 . 2008-01-14 17:52 <DIR> d-------- C:\Program Files\Blood Ties

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 02:21 --------- d-----r C:\Program Files\Net Nanny
2008-02-09 21:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 01:35 --------- d-----w C:\Program Files\McAfee.com
2008-02-08 01:35 --------- d-----w C:\Program Files\McAfee
2008-02-08 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-04 13:38 --------- d-----w C:\Documents and Settings\David Ricci\Application Data\AdobeUM
2008-01-26 17:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 17:48 --------- d-----w C:\Program Files\Samsung
2008-01-21 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
2008-01-20 20:10 --------- d-----w C:\Program Files\Wild Thornberrys Australian Wildlife Rescue
2008-01-16 20:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 19:53 --------- d-----w C:\Program Files\Nick Arcade
2008-01-15 19:52 --------- d-----w C:\Program Files\Shockwave.com
2008-01-15 19:49 --------- d-----w C:\Program Files\Alawar
2008-01-15 19:47 --------- d-----w C:\Program Files\Infogrames
2008-01-13 05:28 --------- d-----w C:\Program Files\AIM6
2008-01-12 21:35 --------- d-----w C:\Program Files\Barbie™
2008-01-03 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-03 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-03 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 23:36 --------- d-----w C:\Documents and Settings\David Ricci\Application Data\Yahoo!
2008-01-01 23:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-01 18:07 --------- d-----w C:\Program Files\Yahoo!
2007-12-29 21:27 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2007-12-29 18:46 --------- d-----w C:\Program Files\eGames
2007-12-26 22:52 --------- d-----w C:\Documents and Settings\David Ricci\Application Data\SpinTop
2007-12-26 01:03 --------- d-----w C:\Program Files\DB CIF Cam
2007-12-26 01:02 --------- d-----w C:\Program Files\Disney Pix Micro Downloader
2007-12-26 01:02 --------- d-----w C:\Documents and Settings\David Ricci\Application Data\InstallShield
2007-12-26 01:01 --------- d-----w C:\Program Files\Disney Pix 2.2
2007-12-24 23:44 --------- d-----w C:\Program Files\Hasbro Interactive
2007-12-24 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2007-12-24 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-23 00:17 --------- d-----w C:\Documents and Settings\David Ricci\Application Data\PlayFirst
2007-12-23 00:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-01-27 16:48 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-09-18 21:45 8 -c--a-w C:\Documents and Settings\David Ricci\Application Data\usb.dat.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
C:\WINDOWS\system32\urqqppp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NNTray"="C:\Program Files\Net Nanny\nnstart.exe" [2003-05-06 11:03 61440]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 19:34 169984]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\c.bin\m3SrchMn.exe" [ ]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2007-01-22 00:55 507904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E180F496-8A4B-44E2-9FE0-0364E345DB7F}"= C:\WINDOWS\system32\urqqppp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ggjckaht]
ggjckaht.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqppp]
urqqppp.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^David Ricci^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
path=C:\Documents and Settings\David Ricci\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk
backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a--c--- 2006-04-13 14:48 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
--a------ 2007-08-20 13:42 230664 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
--a------ 2007-08-16 22:25 177416 C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\DAVIDR~1\LOCALS~1\Temp\20061123111023_mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a--c--- 2005-11-16 19:08 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dc02790c]
C:\WINDOWS\system32\cpjwxsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2005-05-15 02:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a--c--- 2005-09-08 05:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-10-05 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drmupgds]
C:\Program Files\Drmupgds\Drmupgds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a--c--- 2006-05-14 18:11 118784 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 19:24 50760 C:\Program Files\Common Files\AOL\1145800454\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2005-09-20 08:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-09-20 08:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-09-20 08:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2005-09-20 08:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a--c--- 2006-02-17 11:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 10:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 10:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2005-09-08 19:20 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a--c--- 2005-09-08 19:20 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\DAVIDR~1\LOCALS~1\Temp\20061123111020_mcinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a--c--- 2005-08-12 15:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\c.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\c.bin\m3SrchMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\c.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonDemo]
--a--c--- 2005-08-17 20:10 24576 C:\dell\utilities\dsr\demo\Demo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
-----c--- 2005-08-11 22:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
c:\progra~1\vision~1\paperp~1\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a--c--- 2005-09-20 08:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PP6100b]
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-04-13 15:05 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-11-22 17:10 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
-----c--- 2002-02-04 21:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
--a------ 2007-01-22 00:55 507904 C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
C:\WINDOWS\SSTEM~1\dvdplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2004-10-14 19:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2003-11-19 17:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-11-22 17:10 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
-----c--- 2005-08-10 12:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a--c--- 2005-07-08 17:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Whitney2_S2P]
--a------ 2007-01-26 01:33 245760 C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 SM_scx425_FUService;SCX-4725 Status Monitor Service;"C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\ssmsrvc []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 21:21:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Net Nanny\nnsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Net Nanny\nntray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-02-10 21:25:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-11 02:25:06
.
2008-02-10 08:00:43 --- E O F ---
  • 0

#6
ginrella

ginrella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I sent you the combofix.txt; however, I didn't know where the new HijackThis Log was.
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You will have to run Hijackthis again and choose "do a system scan and save a log file" each time you want to get a new log.
================================================================================
==
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\urqqppp.dll
C:\WINDOWS\system32\cpjwxsys.dll
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mrofinu572.exe.tmp
Folder::
C:\Deckard
C:\Program Files\Drmupgds
C:\WINDOWS\system32\nGpxx01
C:\Temp\isgTi19
C:\WINDOWS\system32\windows 
C:\Program Files\Viewpoint
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"My Web Search Bar Search Scope Monitor"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E180F496-8A4B-44E2-9FE0-0364E345DB7F}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ggjckaht]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqppp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dc02790c]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drmupgds]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
Driver::
Viewpoint Manager Service
MSControlService
Microsoft cache control


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#8
ginrella

ginrella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here are the logs you requested:

ComboFix 08-02.05.3 - David Ricci 2008-02-12 8:55:26.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.624 [GMT -5:00]
Running from: C:\Documents and Settings\David Ricci\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\David Ricci\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\cpjwxsys.dll
C:\WINDOWS\system32\urqqppp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Deckard
C:\Program Files\Drmupgds
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\Program Files\Viewpoint\Viewpoint Manager\CPtask.xml
C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
C:\Temp\isgTi19
C:\WINDOWS\system32\nGpxx01

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSCONTROLSERVICE
-------\LEGACY_VIEWPOINT_MANAGER_SERVICE
-------\MSControlService
-------\Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-09 16:59 . 2008-02-09 16:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-09 16:59 . 2008-02-09 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-09 09:04 . 2006-04-13 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-09 09:04 . 2006-04-13 15:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-02-09 09:04 . 2006-04-13 15:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-02-09 08:51 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-09 08:51 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-09 08:51 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-09 08:51 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-09 08:51 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-09 08:51 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-09 08:51 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-09 08:51 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-09 08:51 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-07 20:48 . 2008-02-10 23:54 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-02-07 20:45 . 2008-02-07 20:45 <DIR> d-------- C:\Program Files\CA
2008-02-07 20:45 . 2008-02-07 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-02-07 20:45 . 2007-08-20 13:42 879,784 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-02-07 20:45 . 2007-08-20 13:42 108,312 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-02-07 20:45 . 2007-08-20 13:42 99,592 --a------ C:\WINDOWS\system32\isafeif.dll
2008-02-07 20:45 . 2007-08-20 13:42 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-02-07 20:45 . 2007-08-20 13:42 75,016 --a------ C:\WINDOWS\system32\isafprod.dll
2008-02-07 20:45 . 2007-08-20 13:42 32,264 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-02-07 20:45 . 2007-08-20 13:42 26,376 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-02-07 20:45 . 2007-08-20 13:42 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-02-07 20:45 . 2007-08-20 13:42 21,128 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-02-07 10:34 . 2008-02-12 08:59 <DIR> d-------- C:\Temp
2008-01-26 12:57 . 2008-01-26 12:57 <DIR> d-------- C:\Documents and Settings\David Ricci\Application Data\SmarThru4
2008-01-26 12:57 . 2006-08-15 19:54 163,840 --a------ C:\WINDOWS\system32\SecSNMP.dll
2008-01-26 12:57 . 2006-08-15 19:53 41,984 --a------ C:\WINDOWS\system32\drivers\DgivEcpXP.sys
2008-01-26 12:56 . 2008-01-26 12:56 <DIR> d-------- C:\Program Files\Common Files\SRC Shared
2008-01-26 12:55 . 1997-05-26 14:55 23,040 --a------ C:\WINDOWS\system32\irisco32.dll
2008-01-26 12:54 . 2008-01-26 12:56 <DIR> d-------- C:\Program Files\Readiris10
2008-01-26 12:53 . 2008-01-26 12:57 <DIR> d-------- C:\Program Files\SmarThru 4
2008-01-26 12:52 . 2008-01-26 12:52 <DIR> d-------- C:\WINDOWS\Samsung
2008-01-26 12:52 . 2006-09-21 03:28 462,848 --a------ C:\WINDOWS\ssndii.exe
2008-01-26 12:50 . 2006-08-15 20:06 151,552 --a------ C:\WINDOWS\system32\scx425ci.exe
2008-01-26 12:50 . 2006-09-21 03:28 73,728 -ra------ C:\WINDOWS\WiaInst.exe
2008-01-26 12:50 . 2006-08-15 20:06 57,344 --a------ C:\WINDOWS\system32\scx425ci.dll
2008-01-26 12:48 . 2008-01-26 12:48 <DIR> d-------- C:\WINDOWS\system32\drivers\Samsung
2008-01-16 16:07 . 2008-01-16 16:07 <DIR> d-------- C:\Program Files\Disney
2008-01-15 14:52 . 2007-07-15 09:18 3,003 --a------ C:\WINDOWS\_detmp.1
2008-01-14 17:53 . 2008-01-14 17:56 <DIR> d-------- C:\Documents and Settings\David Ricci\Application Data\BloodTies
2008-01-14 17:50 . 2008-01-14 17:52 <DIR> d-------- C:\Program Files\Blood Ties

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 14:01 --------- d-----r C:\Program Files\Net Nanny
2008-02-09 21:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 01:35 --------- d-----w C:\Program Files\McAfee.com
2008-02-08 01:35 --------- d-----w C:\Program Files\McAfee
2008-02-08 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-04 13:38 --------- d-----w C:\Documents and Settings\David Ricci\Application Data\AdobeUM
2008-01-26 17:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 17:48 --------- d-----w C:\Program Files\Samsung
2008-01-21 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
2008-01-20 20:10 --------- d-----w C:\Program Files\Wild Thornberrys Australian Wildlife Rescue
2008-01-16 20:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 19:53 --------- d-----w C:\Program Files\Nick Arcade
2008-01-15 19:52 --------- d-----w C:\Program Files\Shockwave.com
2008-01-15 19:49 --------- d-----w C:\Program Files\Alawar
2008-01-15 19:47 --------- d-----w C:\Program Files\Infogrames
2008-01-13 05:28 --------- d-----w C:\Program Files\AIM6
2008-01-12 21:35 --------- d-----w C:\Program Files\Barbie™
2008-01-03 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-03 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-03 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 23:36 --------- d-----w C:\Documents and Settings\David Ricci\Application Data\Yahoo!
2008-01-01 23:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-01 18:07 --------- d-----w C:\Program Files\Yahoo!
2007-12-29 21:27 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2007-12-29 18:46 --------- d-----w C:\Program Files\eGames
2007-12-26 22:52 --------- d-----w C:\Documents and Settings\David Ricci\Application Data\SpinTop
2007-12-26 01:03 --------- d-----w C:\Program Files\DB CIF Cam
2007-12-26 01:02 --------- d-----w C:\Program Files\Disney Pix Micro Downloader
2007-12-26 01:02 --------- d-----w C:\Documents and Settings\David Ricci\Application Data\InstallShield
2007-12-26 01:01 --------- d-----w C:\Program Files\Disney Pix 2.2
2007-12-24 23:44 --------- d-----w C:\Program Files\Hasbro Interactive
2007-12-24 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2007-12-24 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-23 00:17 --------- d-----w C:\Documents and Settings\David Ricci\Application Data\PlayFirst
2007-12-23 00:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-01-27 16:48 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-09-18 21:45 8 -c--a-w C:\Documents and Settings\David Ricci\Application Data\usb.dat.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NNTray"="C:\Program Files\Net Nanny\nnstart.exe" [2003-05-06 11:03 61440]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 19:34 169984]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2007-01-22 00:55 507904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^David Ricci^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
path=C:\Documents and Settings\David Ricci\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk
backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a--c--- 2006-04-13 14:48 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
--a------ 2007-08-20 13:42 230664 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
--a------ 2007-08-16 22:25 177416 C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\DAVIDR~1\LOCALS~1\Temp\20061123111023_mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a--c--- 2005-11-16 19:08 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2005-05-15 02:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a--c--- 2005-09-08 05:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-10-05 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a--c--- 2006-05-14 18:11 118784 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 19:24 50760 C:\Program Files\Common Files\AOL\1145800454\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2005-09-20 08:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-09-20 08:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-09-20 08:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2005-09-20 08:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a--c--- 2006-02-17 11:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 10:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 10:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2005-09-08 19:20 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a--c--- 2005-09-08 19:20 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\DAVIDR~1\LOCALS~1\Temp\20061123111020_mcinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a--c--- 2005-08-12 15:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonDemo]
--a--c--- 2005-08-17 20:10 24576 C:\dell\utilities\dsr\demo\Demo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
-----c--- 2005-08-11 22:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
c:\progra~1\vision~1\paperp~1\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a--c--- 2005-09-20 08:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PP6100b]
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2006-04-13 15:05 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-11-22 17:10 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
-----c--- 2002-02-04 21:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
--a------ 2007-01-22 00:55 507904 C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2004-10-14 19:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2003-11-19 17:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-11-22 17:10 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
-----c--- 2005-08-10 12:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a--c--- 2005-07-08 17:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Whitney2_S2P]
--a------ 2007-01-26 01:33 245760 C:\Program Files\Samsung\Samsung SCX-4725 Series\SPanel\RCP\Scan2pc.exe


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 09:01:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Net Nanny\nnsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Net Nanny\nntray.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-12 9:05:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 14:05:48
ComboFix2.txt 2008-02-11 02:25:10
.
2008-02-10 08:00:43 --- E O F ---




Hijackthis File:

Logfile of HijackThis v1.99.1
Scan saved at 9:08:46 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Net Nanny\nnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Net Nanny\nntray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\David Ricci\Desktop\David Ricci.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\c.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZKfox000
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly Here and Now\Images\stg_drm.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://C:\Program Files\Monopoly Here and Now\Images\armhelper.ocx
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NNSvc - BioNet Systems, LLC - C:\Program Files\Net Nanny\nnsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6028\SAService.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

  • 0

#10
ginrella

ginrella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Results of Total Scan Follow:

******One other point,,,when I try to connect to the internet from Outlook Express, I cannot. I gets hung up trying, then I eventually just X out***********


;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-02-13 08:13:27
PROTECTIONS: 1
MALWARE: 35
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
CA Anti-Virus 8.4.0.28 No Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install.1
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.mediaplex.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.azjmp.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.burstnet.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[www.burstbeacon.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.advertising.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.adrevolver.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.go.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.target.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.did-it.com/]
00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\GoldMinerSE_AOLSetup-dm[1].exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.atwola.com/]
00333562 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\David Ricci\Desktop\backups\backup-20070531-134029-306.dll
00522059 Application/MyWebSearch HackTools No 0 Yes No C:\Documents and Settings\David Ricci\Desktop\backups\backup-20070531-134029-148.dll
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0000171.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000115.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0000623.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000046.EXE
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\david [email protected][2].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\David Ricci\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\David Ricci\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0000165.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0000649.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000138.com
02684897 Application/AVSystemCare HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0000284.exe
02684897 Application/AVSystemCare HackTools No 0 Yes No C:\QooBox\Quarantine\C\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M0611NetInstaller.exe.vir
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0000621.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000112.sys
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Application Data\Mozilla\Firefox\Profiles\pzc7m4l2.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\David Ricci\Cookies\[email protected][1].txt
02899316 Trj/ZapChast.DO Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir
02900049 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000027.dll
02900270 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\axnrkenu.dll.vir
02900270 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000091.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[-hkey_classes_root\install.install.1]

[-hkey_classes_root\install.install]
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
=================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===============================================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
====================================
After that you log is clean of malware. :)

Let me know if you are still having trouble with outlook express after doing the above.
  • 0

#12
ginrella

ginrella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Kahdah,

Thank You So Much for all the help. I seem to be running smooth. You asked me to delete anything that we used leftover. What exactly should I be looking for in regards to that. I still have the following things on my desktop:

Hijackthis.log,fixthis.reg,totalscan.txt, and dss.exe should I delete these? By the way, I seem to be running smooth through outlook express also.

You have been such a great help!!!

:)

Thanks,
Ginny
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great :)

Yes delete anything else that we used all of those things can go.

You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP