Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing Blackbird Trojan & Smitfraud & others!


  • This topic is locked This topic is locked

#16
Leighwh

Leighwh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Fredil, Here is the new ComboFix log, in it's own post. When I attempted to drag the script to CF it said CF was out of date, and it was put in the trash. I downloaded CF from the same site you recommended earlier in this thread. When I dragged the script to it it ran the green bars but did not boot CF. I went to Task Manager and noticed that there were about 8 IEExplorer processes open although I did not have IE open. I shut them all down and then CF was able to boot. Here's the log, others to follow in separate post.

ComboFix 08-04-27.2 - Shannon Healy 2008-04-28 7:27:22.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.438 [GMT -4:00]
Running from: C:\Documents and Settings\Shannon Healy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shannon Healy\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ca4512c83f5e7a82508302
C:\ca4512c83f5e7a82508302\$shtdwn$.req
C:\ca4512c83f5e7a82508302\mrt.exe
C:\ca4512c83f5e7a82508302\mrtstub.exe
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\filters.props
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\installation.props
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\library.dat
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\limewire.props
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\mojito.props
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\questions.props
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\tables.props
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\01_star.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\02_star.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\03_star.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\04_star.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\05_star.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\logo.png
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\notsearching.png
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\searching.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\version.txt
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\version.xml
C:\Documents and Settings\Shannon Healy\Application Data\LimeWire\xml\data\audio.sxml
C:\Program Files\LimeWire
C:\Program Files\LimeWire\aopalliance.jar.tmp
C:\Program Files\LimeWire\clink.jar.tmp
C:\Program Files\LimeWire\commons-httpclient.jar.tmp
C:\Program Files\LimeWire\commons-logging.jar.tmp
C:\Program Files\LimeWire\commons-net.jar.tmp
C:\Program Files\LimeWire\commons-pool.jar.tmp
C:\Program Files\LimeWire\daap.jar.tmp
C:\Program Files\LimeWire\forms.jar.tmp
C:\Program Files\LimeWire\foxtrot.jar.tmp
C:\Program Files\LimeWire\gettext-commons.jar.tmp
C:\Program Files\LimeWire\guice-1.0.jar.tmp
C:\Program Files\LimeWire\httpcore-nio.jar.tmp
C:\Program Files\LimeWire\httpcore.jar.tmp
C:\Program Files\LimeWire\icu4j.jar.tmp
C:\Program Files\LimeWire\id3v2.jar.tmp
C:\Program Files\LimeWire\jcraft.jar.tmp
C:\Program Files\LimeWire\jdic.jar.tmp
C:\Program Files\LimeWire\jdic_stub.jar.tmp
C:\Program Files\LimeWire\jflac.jar.tmp
C:\Program Files\LimeWire\jl.jar.tmp
C:\Program Files\LimeWire\jmdns.jar.tmp
C:\Program Files\LimeWire\jogg.jar.tmp
C:\Program Files\LimeWire\jorbis.jar.tmp
C:\Program Files\LimeWire\lib\aopalliance.jar
C:\Program Files\LimeWire\lib\clink.jar
C:\Program Files\LimeWire\lib\commons-httpclient.jar
C:\Program Files\LimeWire\lib\commons-logging.jar
C:\Program Files\LimeWire\lib\commons-net.jar
C:\Program Files\LimeWire\lib\commons-pool.jar
C:\Program Files\LimeWire\lib\daap.jar
C:\Program Files\LimeWire\lib\forms.jar
C:\Program Files\LimeWire\lib\foxtrot.jar
C:\Program Files\LimeWire\lib\gettext-commons.jar
C:\Program Files\LimeWire\lib\guice-1.0.jar
C:\Program Files\LimeWire\lib\httpcore-nio.jar
C:\Program Files\LimeWire\lib\httpcore.jar
C:\Program Files\LimeWire\lib\icu4j.jar
C:\Program Files\LimeWire\lib\id3v2.jar
C:\Program Files\LimeWire\lib\jcraft.jar
C:\Program Files\LimeWire\lib\jdic.dll
C:\Program Files\LimeWire\lib\jdic.jar
C:\Program Files\LimeWire\lib\jdic_stub.jar
C:\Program Files\LimeWire\lib\jflac.jar
C:\Program Files\LimeWire\lib\jl.jar
C:\Program Files\LimeWire\lib\jmdns.jar
C:\Program Files\LimeWire\lib\jogg.jar
C:\Program Files\LimeWire\lib\jorbis.jar
C:\Program Files\LimeWire\lib\LimeWire.jar
C:\Program Files\LimeWire\lib\log4j.jar
C:\Program Files\LimeWire\lib\looks.jar
C:\Program Files\LimeWire\lib\messages.jar
C:\Program Files\LimeWire\lib\mp3spi.jar
C:\Program Files\LimeWire\lib\ProgressTabs.jar
C:\Program Files\LimeWire\lib\swt.jar
C:\Program Files\LimeWire\lib\SystemUtilities.dll
C:\Program Files\LimeWire\lib\themes.jar
C:\Program Files\LimeWire\lib\tray.dll
C:\Program Files\LimeWire\lib\tritonus.jar
C:\Program Files\LimeWire\lib\vorbisspi.jar
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\LimeWire\LimeWire.jar.tmp
C:\Program Files\LimeWire\log4j.jar.tmp
C:\Program Files\LimeWire\looks.jar.tmp
C:\Program Files\LimeWire\messages.jar.tmp
C:\Program Files\LimeWire\mp3spi.jar.tmp
C:\Program Files\LimeWire\ProgressTabs.jar.tmp
C:\Program Files\LimeWire\swt.jar.tmp
C:\Program Files\LimeWire\themes.jar.tmp
C:\Program Files\LimeWire\tritonus.jar.tmp
C:\Program Files\LimeWire\vorbisspi.jar.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-21 17:51 . 2008-04-21 17:51 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 17:51 . 2008-04-21 17:51 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-21 17:51 . 2008-04-21 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-21 17:44 . 2008-04-21 17:44 <DIR> d-------- C:\Deckard
2008-04-20 12:07 . 2008-04-20 12:07 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-20 12:05 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-09 16:38 . 2008-04-09 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-09 16:30 . 2008-04-09 16:31 <DIR> d-------- C:\Program Files\Hijack
2008-04-08 20:02 . 2008-04-08 20:02 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-08 20:01 . 2008-04-08 20:03 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-08 18:20 . 2008-04-08 18:20 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-08 17:46 . 2005-02-16 11:06 218,112 --a------ C:\Program Files\HijackThis.exe
2008-04-08 17:25 . 2008-04-08 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-08 17:08 . 2008-04-08 17:08 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-08 17:08 . 2008-04-08 17:09 <DIR> d-------- C:\Program Files\CCleaner
2008-04-08 17:07 . 2008-04-08 18:05 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-04-08 17:03 . 2008-04-20 11:31 3,756 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-08 16:28 . 2008-04-08 16:31 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-06 15:04 . 2008-04-06 15:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 15:04 . 2008-04-06 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 12:14 . 2008-04-06 13:17 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-06 12:14 . 2008-04-06 13:17 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 17:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-21 11:09 --------- d-----w C:\Documents and Settings\Shannon Healy\Application Data\WTablet
2008-04-20 16:05 --------- d-----w C:\Program Files\Java
2008-04-20 15:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-04-08 22:08 --------- d-----w C:\Program Files\HP
2008-04-08 22:08 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-08 21:46 13,739 ----a-w C:\Program Files\hijackthis.log
2008-04-06 17:44 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-06 17:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-06 17:17 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-06 17:17 --------- d-----w C:\Program Files\Symantec
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2006-07-07 20:16 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot_2008-04-14_ 6.56.38.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 10:44:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-21 11:08:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-11-10 19:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 05:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 19:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 05:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 21:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 06:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-03-25 00:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 00:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-04-14 10:49:33 54,010 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-21 11:13:00 54,010 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-14 10:49:33 383,822 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-21 11:13:00 383,822 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 14:34 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-02 19:25 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-02 19:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-02 19:26 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-11-22 15:55 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [2005-10-20 10:15 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 03:04 761945]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 12:30 503808]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 17:22 53096]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 15:39 94208]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 14:56 409600]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-05-18 14:29 233534]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 14:23 1187840]
"HostManager"="C:\Program Files\Common Files\AOL\1152635987\ee\AOLHostManager.exe" [2005-08-02 15:33 159832]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"zango"="c:\program files\zango\zango.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 05:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1152635987\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 15:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 14:30]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-25 16:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-08 01:00:26 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Shannon Healy.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 07:30:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????q????|?`???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-28 7:32:57
ComboFix-quarantined-files.txt 2008-04-28 11:32:53
ComboFix2.txt 2008-04-20 15:26:29
ComboFix3.txt 2008-04-14 10:56:59
ComboFix4.txt 2008-04-08 23:02:08
ComboFix5.txt 2008-04-08 21:58:09

Pre-Run: 37,671,854,080 bytes free
Post-Run: 37,908,369,408 bytes free

270 --- E O F --- 2008-04-09 00:03:39
  • 0

Advertisements


#17
Leighwh

Leighwh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
And here is the original Kaspersky scan log that cut off in my earlier post:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 21, 2008 7:53:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/04/2008
Kaspersky Anti-Virus database records: 719519
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 100113
Number of viruses found: 13
Number of infected objects: 31
Number of suspicious objects: 12
Duration of the scan process: 01:37:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader1.zip/id53.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader2.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader7.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader7.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant17.zip/180ax.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant17.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant4.zip/saap.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango12.zip/zango.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango12.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B062A80.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A1B3C9B.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A62584C.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A660248.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A660248.exe Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A660248.tmp Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A692C44.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A692C44.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A692C44.exe CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41D51F84.tmp Infected: Trojan.Java.ClassLoader.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76EB77FF.tmp Infected: Trojan-Downloader.Java.Agent.a skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shannon Healy\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Shannon Healy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Shannon Healy\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Shannon Healy\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Shannon Healy\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Shannon Healy\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\History\History.IE5\MSHist012008042120080422\index.dat Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Temp\~DFEAFD.tmp Object is locked skipped
C:\Documents and Settings\Shannon Healy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shannon Healy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Shannon Healy\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0397NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0681NAV~.TMP Object is locked skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aeh skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\Web\def.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.c skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15\A0002247.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15\A0002247.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15\A0002247.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP19\change.log Object is locked skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000308.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000386.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000386.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000386.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP8\A0000944.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP19\change.log Object is locked skipped

Scan process completed.
  • 0

#18
Leighwh

Leighwh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
And here's a new HiJack This log. It looks like the two items I deleted still remain, argh! thanks--will await your next post. - Leighwh

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:24 AM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\1152635987\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1152635987\ee\AOLServiceHost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152635987\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12118 bytes
  • 0

#19
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello Leighwh, nice job with ComboFix :) Let's get rid of a few other things, and see if we can fix your multiple iexplore.exe problems.

1. Run a ComboFix Script
------------------------------------------------

1. Please open a blank Notepad document.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
C:\Program Files\Online Services

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"webHancer Agent"=-
"zango"=-


3. Go to File > Save As. Save the file name as CFScript and make sure "Text Documents (*.txt)" is selected in "Save as type". Save it to where you saved Combofix.

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. If it asks you to reboot, let it reboot. Either way, a Combofix log will be made. Post that in your next reply.

In your next post
------------------------------------------------

  • ComboFix log (attach if too big)

  • 0

#20
Leighwh

Leighwh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks, Fredil, here is the new log:

ComboFix 08-04-27.2 - Shannon Healy 2008-05-01 14:47:05.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.576 [GMT -4:00]
Running from: C:\Documents and Settings\Shannon Healy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shannon Healy\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Online Services
C:\Program Files\Online Services\Aol\AOL.ico
C:\Program Files\Online Services\Aol\bb03.ico
C:\Program Files\Online Services\Aol\credits.txt
C:\Program Files\Online Services\Aol\hpqnt.dll
C:\Program Files\Online Services\Aol\InstallAol.exe
C:\Program Files\Online Services\Aol\nb03.ico
C:\Program Files\Online Services\Aol\Thumbs.db
C:\Program Files\Online Services\Aol\United States\AOL90\comp01.000
C:\Program Files\Online Services\Aol\United States\AOL90\comp02.000
C:\Program Files\Online Services\Aol\United States\AOL90\comp03.000
C:\Program Files\Online Services\Aol\United States\AOL90\comps.ini
C:\Program Files\Online Services\Aol\United States\AOL90\comps\acs\AcsInstN.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\acs\acsnet.zip
C:\Program Files\Online Services\Aol\United States\AOL90\comps\acs\acssetup.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\aol\flasha.ocx
C:\Program Files\Online Services\Aol\United States\AOL90\comps\art\art.idx
C:\Program Files\Online Services\Aol\United States\AOL90\comps\asp\aspcheck.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\asp\aspsetup.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\coach\acpver.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\coach\aolcinst.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\flash\FlashAX.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\fw\nisale.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\fw\NISChk.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\LP\LANGPACK.EXE
C:\Program Files\Online Services\Aol\United States\AOL90\comps\ocp\ocpchk.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\ocp\ocpinst.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\port\pmsetup.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\port\pmverchk.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\qt\qt.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\qt\QTInsInf.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\rp\real_upd.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\rp\RealChk.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\rp\RealPl8.EXE
C:\Program Files\Online Services\Aol\United States\AOL90\comps\rp\rp9codec.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\sysinfo\SiNdInst.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\sysinfo\SinfInst.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\tb\tbinst.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\tb\tbsetup.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\tpspd\DaclDll.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\tpspd\TSsetup.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\tpspd\tsverchk.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\vwpt\AOLTheme.mtx
C:\Program Files\Online Services\Aol\United States\AOL90\comps\vwpt\AOLVPChk.dll
C:\Program Files\Online Services\Aol\United States\AOL90\comps\vwpt\VMPCache.mtz
C:\Program Files\Online Services\Aol\United States\AOL90\comps\vwpt\VPPrePop.exe
C:\Program Files\Online Services\Aol\United States\AOL90\comps\vwpt\Vwpt.exe
C:\Program Files\Online Services\Aol\United States\AOL90\media\ending.swf
C:\Program Files\Online Services\Aol\United States\AOL90\media\init.swf
C:\Program Files\Online Services\Aol\United States\AOL90\media\media.ini
C:\Program Files\Online Services\Aol\United States\AOL90\media\scanning.swf
C:\Program Files\Online Services\Aol\United States\AOL90\media\start.swf
C:\Program Files\Online Services\Aol\United States\AOL90\media\upgrade.swf
C:\Program Files\Online Services\Aol\United States\AOL90\setup90.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comp01.000
C:\Program Files\Online Services\Aol\United States\AOL90E\comp02.000
C:\Program Files\Online Services\Aol\United States\AOL90E\comp03.000
C:\Program Files\Online Services\Aol\United States\AOL90E\comps.ini
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\acs\AcsInstN.dll
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\acs\acsnet.zip
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\acs\acssetup.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\aol\flasha.ocx
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\art\art.idx
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\asp\aspcheck.dll
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\asp\aspsetup.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\coach\acpver.dll
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\coach\aolcinst.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\flash\FlashAX.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\fw\nisale.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\fw\NISChk.dll
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\lp\LANGPACK.EXE
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\ocp\ocpchk.dll
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\ocp\ocpinst.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\port\pmsetup.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\port\pmverchk.dll
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\qt\qt.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\qt\QTInsInf.dll
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\rp\real_upd.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\rp\RealChk.dll
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\rp\RealPl8.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\rp\rp9codec.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\sysinfo\SiNdInst.dll
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\sysinfo\SinfInst.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\tb\tbinst.dll
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\tb\tbsetup.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\tpspd\TSsetup.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\tpspd\tsverchk.dll
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\vwpt\AOLTheme.mtx
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\vwpt\AOLVPChk.dll
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\vwpt\VMPCache.mtz
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\vwpt\VPPrePop.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\vwpt\Vwpt.exe
C:\Program Files\Online Services\Aol\United States\AOL90E\media\ending.swf
C:\Program Files\Online Services\Aol\United States\AOL90E\media\init.swf
C:\Program Files\Online Services\Aol\United States\AOL90E\media\media.ini
C:\Program Files\Online Services\Aol\United States\AOL90E\media\scanning.swf
C:\Program Files\Online Services\Aol\United States\AOL90E\media\start.swf
C:\Program Files\Online Services\Aol\United States\AOL90E\media\upgrade.swf
C:\Program Files\Online Services\Aol\United States\AOL90E\setup90.exe
C:\Program Files\Online Services\Aol\United States\LangPick.exe
C:\Program Files\Online Services\Aol\United States\LangPick.ini
C:\Program Files\Online Services\digiterra\Get high speed.ico
C:\Program Files\Online Services\digiterra\hp_broadband_demo.fla
C:\Program Files\Online Services\digiterra\hp_broadband_demo.hta
C:\Program Files\Online Services\digiterra\hp_broadband_demo.swf
C:\Program Files\Online Services\digiterra\ISPSignup.exe
C:\Program Files\Online Services\digiterra\PremiumApp.ini
C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe
C:\Program Files\Online Services\EarthLink\InstallEarthLink.exe
C:\Program Files\Online Services\MSN90\cinfo.xml
C:\Program Files\Online Services\MSN90\LaunchMsn.exe
C:\Program Files\Online Services\MSN90\msnmnfst.xml
C:\Program Files\Online Services\MSN90\msnredir.xml
C:\Program Files\Online Services\MSN90\msnsusii.exe
C:\Program Files\Online Services\MSN90\pkgs\en\flash6AX.exe
C:\Program Files\Online Services\MSN90\pkgs\en\msnmsgs.msi
C:\Program Files\Online Services\MSN90\pkgs\en\msnolcon.msi
C:\Program Files\Online Services\MSN90\pkgs\en\pi9.msi
C:\Program Files\Online Services\MSN90\pkgs\en\pod.msi
C:\Program Files\Online Services\MSN90\pkgs\en\us\axlerndo.exe
C:\Program Files\Online Services\MSN90\pkgs\en\us\ccmsnbridge.exe
C:\Program Files\Online Services\MSN90\pkgs\en\us\digcore.exe
C:\Program Files\Online Services\MSN90\pkgs\en\us\digopt.msi
C:\Program Files\Online Services\MSN90\pkgs\en\us\digreqEx.msi
C:\Program Files\Online Services\MSN90\pkgs\en\us\encanvas.exe
C:\Program Files\Online Services\MSN90\pkgs\en\us\mnyinst.exe
C:\Program Files\Online Services\MSN90\pkgs\en\us\ms\msnsusii.exe
C:\Program Files\Online Services\MSN90\pkgs\en\us\msncli.exe
C:\Program Files\Online Services\MSN90\pkgs\en\us\o04astrc.msi
C:\Program Files\Online Services\MSN90\pkgs\instmsia.exe
C:\Program Files\Online Services\MSN90\pkgs\instmsiw.exe
C:\Program Files\Online Services\MSN90\xfp.XML
C:\Program Files\Online Services\NetscapeOnline\Netscape.ico
C:\Program Files\Online Services\NetscapeOnline\NSsetup.exe
C:\Program Files\Online Services\PeoplePC\Accelerated\AcceleratedInstaller.exe
C:\Program Files\Online Services\PeoplePC\Autorun.inf
C:\Program Files\Online Services\PeoplePC\BartShel.exe
C:\Program Files\Online Services\PeoplePC\Bin\9XRas.dll
C:\Program Files\Online Services\PeoplePC\Bin\Crypto.dll
C:\Program Files\Online Services\PeoplePC\Bin\Downloader.dll
C:\Program Files\Online Services\PeoplePC\Bin\IniMod.dll
C:\Program Files\Online Services\PeoplePC\Bin\ISPUtil8.dll
C:\Program Files\Online Services\PeoplePC\Bin\MailClient.dll
C:\Program Files\Online Services\PeoplePC\Bin\ODWabUtil.dll
C:\Program Files\Online Services\PeoplePC\Bin\PaceSync.dll
C:\Program Files\Online Services\PeoplePC\Bin\POP3.INS
C:\Program Files\Online Services\PeoplePC\Bin\PPCLog.dll
C:\Program Files\Online Services\PeoplePC\Bin\PPCOfso.dll
C:\Program Files\Online Services\PeoplePC\Bin\PPCOLink.exe
C:\Program Files\Online Services\PeoplePC\Bin\PPCOXML.dll
C:\Program Files\Online Services\PeoplePC\Bin\Tapi.dll
C:\Program Files\Online Services\PeoplePC\Bin\XPRas.dll
C:\Program Files\Online Services\PeoplePC\Browser\BartShel.exe
C:\Program Files\Online Services\PeoplePC\Browser\PPShared.exe
C:\Program Files\Online Services\PeoplePC\Dialer.dll
C:\Program Files\Online Services\PeoplePC\Downloader.dll
C:\Program Files\Online Services\PeoplePC\DUN\Msdun13.exe
C:\Program Files\Online Services\PeoplePC\EULA.brt
C:\Program Files\Online Services\PeoplePC\FinishedInstall.brt
C:\Program Files\Online Services\PeoplePC\Flash.inf
C:\Program Files\Online Services\PeoplePC\Flash.ocx
C:\Program Files\Online Services\PeoplePC\flashplayer7_winax.exe
C:\Program Files\Online Services\PeoplePC\Help\PeoplePC_QuickHelp.chm
C:\Program Files\Online Services\PeoplePC\HPPeoplePC.exe
C:\Program Files\Online Services\PeoplePC\HTA\accel_login.brt
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\accel_login.brt
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\accelerated.brt
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\accelerated_diagnostics.brt
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\accel_level1.jpg
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\accel_level2.jpg
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\accel_level3.jpg
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\accel_level4.jpg
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\accel_level5.jpg
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\accel_quality_arrows.gif
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\accel_refreshfullquality.gif
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\btn_deletetempfiles.gif
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\btn_resetthesetotals.gif
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\clear_info_btn.gif
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\copy_window_btn.gif
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\run_test_btn.gif
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\images\system_info_btn.gif
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\performance.brt
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\tips_AccelLevel.brt
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\tips_DeleteTmpFiles.brt
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\tips_ResetStats.brt
C:\Program Files\Online Services\PeoplePC\HTA\accelerated\tips_WhyDeleteTmpFiles.brt
C:\Program Files\Online Services\PeoplePC\HTA\accelerated_settings.brt
C:\Program Files\Online Services\PeoplePC\HTA\autoconnect.brt
C:\Program Files\Online Services\PeoplePC\HTA\Banner.brt
C:\Program Files\Online Services\PeoplePC\HTA\cd.brt
C:\Program Files\Online Services\PeoplePC\HTA\cicero.brt
C:\Program Files\Online Services\PeoplePC\HTA\ComingSoon.brt
C:\Program Files\Online Services\PeoplePC\HTA\Configure.brt
C:\Program Files\Online Services\PeoplePC\HTA\confirm.brt
C:\Program Files\Online Services\PeoplePC\HTA\confirm2.brt
C:\Program Files\Online Services\PeoplePC\HTA\connecting.brt
C:\Program Files\Online Services\PeoplePC\HTA\Content\tips.xml
C:\Program Files\Online Services\PeoplePC\HTA\Content\wotd.xml
C:\Program Files\Online Services\PeoplePC\HTA\Data\navigation.xml
C:\Program Files\Online Services\PeoplePC\HTA\dialog.brt
C:\Program Files\Online Services\PeoplePC\HTA\disconnect.brt
C:\Program Files\Online Services\PeoplePC\HTA\download_login.brt
C:\Program Files\Online Services\PeoplePC\HTA\error.brt
C:\Program Files\Online Services\PeoplePC\HTA\frame.brt
C:\Program Files\Online Services\PeoplePC\HTA\harddisconnect.brt
C:\Program Files\Online Services\PeoplePC\HTA\idledisconnect.brt
C:\Program Files\Online Services\PeoplePC\HTA\Images\1.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\2.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\border.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_ad_location.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_add_numbers.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_add_numbers2.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_agree_off.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_agree_on.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_Back.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_Cancel.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_cancel2.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_close_window2.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_connect.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_connect2.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_continue.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_continue_setup.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_continue2.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_ContinueInstallation.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_ContinuePreviousInstallation.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_disagree_off.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_disagree_on.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_disconnect.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_Finish.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_help.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_help2.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_hidedetails.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_moredetails.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_Next.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_No.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_OK.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_OK2.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_reconnect_now.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_rename_location.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_retry.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_reviewdialing.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_sign_in_now.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_SignUpNow.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_skip_step.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_stay_online.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_stayonline.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_StopInstallation.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_tryagain.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_TryNextNumber.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_workoffline.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\btn_Yes.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\cancel2_btn.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\cd_signin_gradient.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\check_blue.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\check_orange.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\check_red.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\closex.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\confirm_background_gradient_left.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\confirm_background_gradient_main.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\confirm_background_gradient_right.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\Content\totd.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\Content\wotd.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\content_frame_lft.jpg
C:\Program Files\Online Services\PeoplePC\HTA\Images\content_frame_rt.jpg
C:\Program Files\Online Services\PeoplePC\HTA\Images\corner_login_botleft.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\corner_login_botright.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\corner_login_side.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\corner_login_topleft.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\corner_login_topright.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\Email_Change.ico
C:\Program Files\Online Services\PeoplePC\HTA\Images\error_alert.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\error_background_gradient_bottom.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\error_background_gradient_leftbottom.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\error_background_gradient_leftmain.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\error_background_gradient_lefttop.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\error_background_gradient_main.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\error_background_gradient_rightbottom.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\error_background_gradient_rightmain.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\error_background_gradient_righttop.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\error_background_gradient_top.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\finished_btn.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\finished_icon.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\finished_icon1.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\getstarted_notify.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\glassblock.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\header_arrows.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\header_Choose_Option.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\header_connecting.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\header_notify.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\header_settings.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\header_welcome.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\icon_connecting_bullet.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\icon_connecting_step1.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\icon_connecting_step2.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\icon_connecting_step3.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\install_gradient.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\install_logo.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\InstallComplete.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\installprogressbar_box.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\login_background_gradient.jpg
C:\Program Files\Online Services\PeoplePC\HTA\Images\logo.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\logo_notify.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\navigation_arrow_blue.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\navigation_arrow_flyout.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\navigation_arrow_orange.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\navigation_arrow_steps.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\next_btn2.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\non_member_signup.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\notify_line.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\or.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\page_background_gradient.jpg
C:\Program Files\Online Services\PeoplePC\HTA\Images\phone_icon.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\phone_icon1.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\photo_background_gradient.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\photo_default.jpg
C:\Program Files\Online Services\PeoplePC\HTA\Images\PPC_DrkBlue_icon.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\ppc_powered.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\progressbar_box.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\reg_progress_bar_start.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\reg_progress_bar_stop.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\selectbox_arrow.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\send_btn.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\send_notification_btn.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\shadowbox_frame.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\smheader_settings.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\spacer.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\stay_online_off.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\stay_online_on.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\subheader_member.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\subheader_no_member.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\talking_icon.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\talking_icon1.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\temp_install_flash.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\text_connectionsettings.gif
C:\Program Files\Online Services\PeoplePC\HTA\Images\wave.gif
C:\Program Files\Online Services\PeoplePC\HTA\LoadError.brt
C:\Program Files\Online Services\PeoplePC\HTA\login.brt
C:\Program Files\Online Services\PeoplePC\HTA\mail_notify.brt
C:\Program Files\Online Services\PeoplePC\HTA\mail_notify_finished.brt
C:\Program Files\Online Services\PeoplePC\HTA\mail_notify_notice.brt
C:\Program Files\Online Services\PeoplePC\HTA\main.brt
C:\Program Files\Online Services\PeoplePC\HTA\password\password.brt
C:\Program Files\Online Services\PeoplePC\HTA\progress.brt
C:\Program Files\Online Services\PeoplePC\HTA\radius_harddisconnect.brt
C:\Program Files\Online Services\PeoplePC\HTA\reconnect.brt
C:\Program Files\Online Services\PeoplePC\HTA\reconnect_reg.brt
C:\Program Files\Online Services\PeoplePC\HTA\rename.brt
C:\Program Files\Online Services\PeoplePC\HTA\Scripts\bart.js
C:\Program Files\Online Services\PeoplePC\HTA\Scripts\content.js
C:\Program Files\Online Services\PeoplePC\HTA\Scripts\display.js
C:\Program Files\Online Services\PeoplePC\HTA\Scripts\download.js
C:\Program Files\Online Services\PeoplePC\HTA\Scripts\mail.js
C:\Program Files\Online Services\PeoplePC\HTA\Scripts\popup.js
C:\Program Files\Online Services\PeoplePC\HTA\Scripts\propel.js
C:\Program Files\Online Services\PeoplePC\HTA\Scripts\softwarelog.js
C:\Program Files\Online Services\PeoplePC\HTA\Scripts\sound.js
C:\Program Files\Online Services\PeoplePC\HTA\Scripts\toast.js
C:\Program Files\Online Services\PeoplePC\HTA\Scripts\utils.js
C:\Program Files\Online Services\PeoplePC\HTA\sessiontimeout.brt
C:\Program Files\Online Services\PeoplePC\HTA\settings_accessnumbers.brt
C:\Program Files\Online Services\PeoplePC\HTA\settings_advanced.brt
C:\Program Files\Online Services\PeoplePC\HTA\settings_connectiontype.brt
C:\Program Files\Online Services\PeoplePC\HTA\settings_editnumbers.brt
C:\Program Files\Online Services\PeoplePC\HTA\settings_locations.brt
C:\Program Files\Online Services\PeoplePC\HTA\station.brt
C:\Program Files\Online Services\PeoplePC\HTA\Style\global.css
C:\Program Files\Online Services\PeoplePC\HTA\Style\modal.css
C:\Program Files\Online Services\PeoplePC\HTA\tapi.brt
C:\Program Files\Online Services\PeoplePC\HTA\tips.xml
C:\Program Files\Online Services\PeoplePC\HTA\Toasts\deal.brt
C:\Program Files\Online Services\PeoplePC\HTA\Toasts\images\deal_bgd.jpg
C:\Program Files\Online Services\PeoplePC\HTA\Toasts\images\deal_crnr.gif
C:\Program Files\Online Services\PeoplePC\HTA\Toasts\images\deal_hdr.gif
C:\Program Files\Online Services\PeoplePC\HTA\Toasts\images\deal_icon.gif
C:\Program Files\Online Services\PeoplePC\HTA\Toasts\images\email.gif
C:\Program Files\Online Services\PeoplePC\HTA\Toasts\images\toast_bgd.jpg
C:\Program Files\Online Services\PeoplePC\HTA\Toasts\mail.brt
C:\Program Files\Online Services\PeoplePC\HTA\Toasts\url.brt
C:\Program Files\Online Services\PeoplePC\HTA\wotd.xml
C:\Program Files\Online Services\PeoplePC\ICON\acc_connected_16.ico
C:\Program Files\Online Services\PeoplePC\ICON\acc_connected_256.ico
C:\Program Files\Online Services\PeoplePC\ICON\BM.GIF
C:\Program Files\Online Services\PeoplePC\ICON\brand.ico
C:\Program Files\Online Services\PeoplePC\ICON\busy_16.ico
C:\Program Files\Online Services\PeoplePC\ICON\busy_256.ico
C:\Program Files\Online Services\PeoplePC\ICON\busy2_16.ico
C:\Program Files\Online Services\PeoplePC\ICON\busy2_256.ico
C:\Program Files\Online Services\PeoplePC\ICON\email_change.ico
C:\Program Files\Online Services\PeoplePC\ICON\Email95.ico
C:\Program Files\Online Services\PeoplePC\ICON\EmailChangeNotification_2000.ico
C:\Program Files\Online Services\PeoplePC\ICON\EmailChangeNotification_95.ico
C:\Program Files\Online Services\PeoplePC\ICON\EmailChangeNotification_XP.ico
C:\Program Files\Online Services\PeoplePC\ICON\GB.GIF
C:\Program Files\Online Services\PeoplePC\ICON\glassblock.gif
C:\Program Files\Online Services\PeoplePC\ICON\GM.GIF
C:\Program Files\Online Services\PeoplePC\ICON\having_trouble_16.ico
C:\Program Files\Online Services\PeoplePC\ICON\having_trouble_256.ico
C:\Program Files\Online Services\PeoplePC\ICON\Help.ico
C:\Program Files\Online Services\PeoplePC\ICON\ISPSetup.ico
C:\Program Files\Online Services\PeoplePC\ICON\LE.GIF
C:\Program Files\Online Services\PeoplePC\ICON\LEB.GIF
C:\Program Files\Online Services\PeoplePC\ICON\Logo_w_Tagline.gif
C:\Program Files\Online Services\PeoplePC\ICON\on_disabled_16.ico
C:\Program Files\Online Services\PeoplePC\ICON\on_disabled_256.ico
C:\Program Files\Online Services\PeoplePC\ICON\Password.ico
C:\Program Files\Online Services\PeoplePC\ICON\PPCO95.ICO
C:\Program Files\Online Services\PeoplePC\ICON\RE.GIF
C:\Program Files\Online Services\PeoplePC\ICON\REG.GIF
C:\Program Files\Online Services\PeoplePC\ICON\spacer.gif
C:\Program Files\Online Services\PeoplePC\ICON\systray_offline_16.ico
C:\Program Files\Online Services\PeoplePC\ICON\systray_offline_256.ico
C:\Program Files\Online Services\PeoplePC\ICON\systray_online_16.ico
C:\Program Files\Online Services\PeoplePC\ICON\systray_online_256.ico
C:\Program Files\Online Services\PeoplePC\IE\EN\ADVAUTH.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\AOLSUPP.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\AXA.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\AXA3.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\BRANDING.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\CRLUPD.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\FONTCORE.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\FONTSUP.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\GSETUP95.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\GSETUPNT.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\HELPCONT.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\HHUPD.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\ICW.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\ICWCON.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IE_EXTRA.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IE_S1.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IE_S2.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IE_S3.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IE_S4.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IE_S5.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IE_S6.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\ie6setup.exe
C:\Program Files\Online Services\PeoplePC\IE\EN\IECIF.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IEDATA.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IEDOM.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IEEXINST.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IELPKAD.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IELPKAR.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IELPKIW.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IELPKJA.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IELPKKO.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IELPKPE.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IELPKTH.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IELPKVI.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IELPKZHC.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IELPKZHT.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IEMIL_1.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IEMIL_2.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IEMIL_3.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IEMIL_4.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IENT_S1.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IENT_S2.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IENT_S3.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IENT_S4.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IENT_S5.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IENT_S6.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\iesetup.ini
C:\Program Files\Online Services\PeoplePC\IE\EN\IEW2K_1.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IEW2K_2.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IEW2K_3.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\IEW2K_4.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\JAAIME.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\KOAIME.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\MAILNEWS.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\MOBILE95.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\MOBILENT.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\MPCDCS.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\MPLAY2A.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\MPLAY2U.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\MPLAYER2.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\OAINST.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\OEEXCEP.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\README.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\SCAIME.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\SCR56EN.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\SCRIPTEN.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\SETUPNT.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\SETUPW95.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\SWFLASH.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\TCAIME.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\TS95.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\TSNT.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\USP10.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\VGX.CAB
C:\Program Files\Online Services\PeoplePC\IE\EN\WAB.CAB
C:\Program Files\Online Services\PeoplePC\Images\install_gradient.gif
C:\Program Files\Online Services\PeoplePC\Images\install_logo.gif
C:\Program Files\Online Services\PeoplePC\Images\progressbar_box.gif
C:\Program Files\Online Services\PeoplePC\Images\reg_progress_bar_start.gif
C:\Program Files\Online Services\PeoplePC\Images\reg_progress_bar_stop.gif
C:\Program Files\Online Services\PeoplePC\Images\temp_install_flash.gif
C:\Program Files\Online Services\PeoplePC\Install.brt
C:\Program Files\Online Services\PeoplePC\Install.swf
C:\Program Files\Online Services\PeoplePC\Intro.brt
C:\Program Files\Online Services\PeoplePC\Intro.swf
C:\Program Files\Online Services\PeoplePC\ISP5900\Accelerated\AcceleratedInstaller.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\Autorun.inf
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\9X\systray_offline.ico
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\9X\systray_online.ico
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\bartppc.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\Email95.ico
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\NT\systray_offline.ico
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\NT\systray_online.ico
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\PPCO95.ICO
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\XP\systray_offline.ico
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\XP\systray_online.ico
C:\Program Files\Online Services\PeoplePC\ISP5900\Dialer\DIALER.CHM
C:\Program Files\Online Services\PeoplePC\ISP5900\Dialer\dialer.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\Dialer\Dll\AUTODIAL.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\Dialer\Dll\CustomDial.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\Dialer\Dll\images.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\Dialer\Dll\lang_en.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\Dialer\Dll\PROXY.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\Dialer\Dms\CALLREC.DAT
C:\Program Files\Online Services\PeoplePC\ISP5900\Dialer\Dms\dms.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\Dialer\Updates\dir.dat
C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\AutoDial.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\CAB.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\CLOSEIE.EXE
C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\CRYPTO.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\DOWNLOAD.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\IEDownload.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\INSTUTIL.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RasSetAutoDial.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\Win95.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\Icon\ISPSetup.ico
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Bin\BartShel.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Bin\FireWall.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Bin\IniMod.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Bin\ISPUtil8.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Bin\LogOff.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Bin\ODWabUtil.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Bin\OEUI.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Bin\PPCDialer.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Bin\PPCOLink.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Bin\PPShared.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Bin\SETUP.ICO
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\Banner.htm
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\BEGIN.BRT
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\DetectOnline.brt
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\End.brt
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\Error.brt
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\BM.GIF
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\btn_cancel_off.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\btn_cancel_on.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\btn_next_off.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\btn_next_on.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\btn_ok_off.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\btn_ok_on.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\cancel_off.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\cancel_on.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\GB.GIF
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\glassblock.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\GM.GIF
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\LE.GIF
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\LEB.GIF
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\left_corner.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\login_off.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\login_on.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\Logo_w_Tagline.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\Password.ico
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\ppc.css
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\ppc_powered.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\progress_box.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\RE.GIF
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\red_stripe.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\REG.GIF
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\reg_progress_bar_start.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\reg_progress_bar_stop.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\Setup.ico
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\SPACER.GIF
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\stylebase.css
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\transparent_topleft_corner_left.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\transparent_topleft_corner_top.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I\whitespacer.gif
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\ISPConnect.brt
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\ISPStart.brt
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\OfflineISPStart.brt
C:\Program Files\Online Services\PeoplePC\ISP5900\ISP50\Setup\Win95.sbrt
C:\Program Files\Online Services\PeoplePC\ISP5900\Promo.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\setup.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\SETUP.INI
C:\Program Files\Online Services\PeoplePC\ISP5900\setupx.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\System\ANSI\ATL.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\ANSI\ATL70.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\ANSI\ATL71.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\CLOSEIE.EXE
C:\Program Files\Online Services\PeoplePC\ISP5900\System\MFC42.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\MFC70.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\MFC71.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\MSVCIRT.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\MSVCP60.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\MSVCP70.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\MSVCP71.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\MSVCR70.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\MSVCR71.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\MSVCRT.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\POP3.INS
C:\Program Files\Online Services\PeoplePC\ISP5900\System\PopWait.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\System\PPCOUNIN.EXE
C:\Program Files\Online Services\PeoplePC\ISP5900\System\PPCRunOnce.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\System\RasWait.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\System\RegHero.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\System\RPCRT4.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\SENSAPI.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\SetPop3.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\System\SETUPAPI.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\UniCode\ATL.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\UniCode\ATL70.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\UniCode\ATL71.DLL
C:\Program Files\Online Services\PeoplePC\ISP5900\System\unPPC.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\Syst
  • 0

#21
Leighwh

Leighwh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Attempting to attach as log was cut off==

Attached Files


  • 0

#22
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello Leighwh, ComboFix looks good :) Let's get a couple of last scans. How's your computer?

1. Re-scan with DSS
------------------------------------------------

Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%userprofile%\Desktop\dss.exe" /config

Hit "Check All" and click "Scan!" DSS will produce main.txt and extra.txt, please post them back :)

2. Scan with ActiveScan
------------------------------------------------

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
In your next post
------------------------------------------------

  • DSS main.txt and extra.txt
  • ActiveScan log

  • 0

#23
Leighwh

Leighwh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Fredil, The computer is acting ok, except for the IEEXPLORE.exe that stays open. I haven't logged onto this computer for about a week, while my daughter's been using it, and when I went in to run these scans, I found about 10 of those processes open. Closed them all, of course, but what's holding them open? Everything else seems to be running ok. Here are the log files as requested. Should I delete the Panda Active Scan ActiveX component and how do I do that?

Deckard's System Scanner v20071014.68
Run by Shannon Healy on 2008-05-06 07:06:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
31: 2008-05-06 11:06:26 UTC - RP31 - Deckard's System Scanner Restore Point
30: 2008-05-05 01:01:40 UTC - RP30 - System Checkpoint
29: 2008-05-03 22:40:07 UTC - RP29 - System Checkpoint
28: 2008-05-02 21:53:37 UTC - RP28 - System Checkpoint
27: 2008-05-01 18:46:51 UTC - RP27 - ComboFix created restore point


-- First Restore Point --
1: 2008-04-08 18:38:50 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Shannon Healy.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:33 AM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\1152635987\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1152635987\ee\AOLServiceHost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shannon Healy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SHANNO~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152635987\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12228 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080420-104652-110 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
backup-20080420-104652-157 O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
backup-20080420-104652-164 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
backup-20080420-104652-187 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
backup-20080420-104652-188 O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
backup-20080420-104652-222 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
backup-20080420-104652-224 O4 - HKCU\..\Policies\Explorer\Run: [mv1EMl2DnF] C:\Documents and Settings\All Users\Application Data\edkpezen\knkfqhsp.exe
backup-20080420-104652-296 O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
backup-20080420-104652-299 O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
backup-20080420-104652-344 O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
backup-20080420-104652-365 O4 - HKCU\..\Run: [eqkontbh] C:\WINDOWS\system32\itclclex.exe
backup-20080420-104652-407 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
backup-20080420-104652-423 O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
backup-20080420-104652-495 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
backup-20080420-104652-521 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
backup-20080420-104652-528 O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
backup-20080420-104652-540 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
backup-20080420-104652-552 R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
backup-20080420-104652-586 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
backup-20080420-104652-700 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
backup-20080420-104652-707 O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
backup-20080420-104652-781 O2 - BHO: (no name) - {b1f03258-1dd1-11b2-844a-d95ac99666f6} - (no file)
backup-20080420-104652-803 O4 - HKLM\..\Policies\Explorer\Run: [mv1EMl2DnF] C:\Documents and Settings\All Users\Application Data\edkpezen\knkfqhsp.exe
backup-20080420-104652-912 O2 - BHO: (no name) - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - (no file)
backup-20080420-104652-951 O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
backup-20080421-173715-288 O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
backup-20080421-173716-498 O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
backup-20080421-173716-719 O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
backup-20080428-071921-892 O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
backup-20080428-071922-587 O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 USBDeviceService - c:\program files\sonic\digitalmedia plus v7\mydvd plus\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 4260)
2005-11-30 19:31:34 282624 --a------ C:\Program Files\HPQ\Quick Launch Buttons\cpqinfo.dll <Not Verified; Hewlett-Packard; Quick Launch Buttons>


-- Scheduled Tasks -------------------------------------------------------------

2008-03-07 21:00:26 564 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Shannon Healy.job
2008-02-25 12:36:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-06 and 2008-05-06 -----------------------------

2008-04-28 07:26:42 68096 --a------ C:\WINDOWS\zip.exe
2008-04-28 07:26:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-28 07:26:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-28 07:26:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-28 07:26:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-28 07:26:42 98816 --a------ C:\WINDOWS\sed.exe
2008-04-28 07:26:42 80412 --a------ C:\WINDOWS\grep.exe
2008-04-28 07:26:42 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-21 17:51:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 17:51:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-21 17:51:52 0 d-------- C:\WINDOWS\LastGood
2008-04-20 12:07:07 1160 --a------ C:\WINDOWS\mozver.dat
2008-04-09 16:38:03 0 d-------- C:\Program Files\Trend Micro
2008-04-09 16:30:39 0 d-------- C:\Program Files\Hijack
2008-04-08 18:57:41 0 dr-h----- C:\Documents and Settings\Shannon Healy\Recent
2008-04-08 18:20:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-08 18:20:36 0 d-------- C:\Documents and Settings\Shannon Healy\Application Data\Mozilla
2008-04-08 17:46:26 218112 --a------ C:\Program Files\HijackThis.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2008-04-08 17:25:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-08 17:08:49 0 d-------- C:\Program Files\Yahoo!
2008-04-08 17:08:45 0 d-------- C:\Program Files\CCleaner
2008-04-08 17:07:23 0 d-------- C:\Program Files\RogueRemover FREE
2008-04-08 17:03:56 3756 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-08 16:28:23 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-06 17:30:25 0 d-------- C:\WINDOWS\CSC
2008-04-06 17:00:33 0 -rahs---- C:\MSDOS.SYS
2008-04-06 17:00:33 0 -rahs---- C:\IO.SYS
2008-04-06 15:04:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 14:02:19 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-04-29 18:10:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-28 15:51:48 0 d-------- C:\Program Files\Norton Internet Security
2008-04-21 07:09:00 0 d-------- C:\Documents and Settings\Shannon Healy\Application Data\WTablet
2008-04-20 12:05:48 0 d-------- C:\Program Files\Java
2008-04-14 13:55:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-08 18:08:27 0 d-------- C:\Program Files\HP
2008-04-08 18:08:15 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-08 17:46:56 13739 --a------ C:\Program Files\hijackthis.log
2008-04-06 14:56:23 0 d-------- C:\Program Files\Common Files
2008-04-06 13:17:58 0 d-------- C:\Program Files\Symantec
2008-04-05 20:11:18 0 d-------- C:\Documents and Settings\Shannon Healy\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2005 07:25 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2005 07:22 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/02/2005 07:26 PM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [11/22/2005 03:55 PM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [10/20/2005 10:15 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/11/2005 03:04 AM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [11/16/2005 12:30 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/11/2008 05:22 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [12/12/2005 03:39 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/07/2005 02:56 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [05/18/2005 02:29 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 02:23 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1152635987\ee\AOLHostManager.exe" [08/02/2005 03:33 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"zango"="c:\program files\zango\zango.exe" []
"webHancer Agent"="C:\Program Files\webHancer\Programs\whagent.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/05/2005 03:08 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/21/2007 02:34 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\Shannon Healy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 5:39:30 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST



-- Hosts -----------------------------------------------------------------------

127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

8116 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-06 07:08:02 ------------
  • 0

#24
Leighwh

Leighwh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here's the extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T1300 @ 1.66GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 1013.98 MiB / 439.41 MiB
Pagefile Memory (total/avail): 2440.09 MiB / 1904.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.02 MiB

C: is Fixed (NTFS) - 65.6 GiB total, 34.82 GiB free.
D: is Fixed (FAT32) - 7.91 GiB total, 0.51 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST98823AS - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 65.6 GiB - C:
\PARTITION1 - Unknown - 7.92 GiB - D:
\PARTITION2 - Unknown - 1027.6 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Norton Internet Security 2006 v2006 (Symantec Corporation)
AV: Norton Internet Security 2006 v2006 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1152635987\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1152635987\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1152635987\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1152635987\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Shannon Healy\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SHANNON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Shannon Healy
LOGONSERVER=\\SHANNON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SHANNO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SHANNO~1\LOCALS~1\Temp
USERDOMAIN=SHANNON
USERNAME=Shannon Healy
USERPROFILE=C:\Documents and Settings\Shannon Healy
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Shannon Healy (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3datelier.com SCREENSAVERpsy --> "C:\Program Files\3datelier.com SCREENSAVERpsy\unins000.exe"
5 Card Slingo from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AOL Explorer --> C:\Program Files\Common Files\AOL\1152635987\ee\services\browser\ver1_1_1042\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB\Uninstall.exe"
Big Kahuna Reef from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\Uninstall.exe"
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\Uninstall.exe"
Boggle Supreme from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe"
Bookworm Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe"
CC_ccProxyExt --> MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ccPxyCore --> MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iqta30a0a.INF
Crystal Maze from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
FATE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe"
Final Drive Nitro from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe"
Flip Words from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE\Uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_qta30a0k\HXFSETUP.EXE -U -IQTA30A0K.INF
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP QuickPlay 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\setup.exe" -l0x9 -removeonly
HP User Guides 0009 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58C62A8E-E628-4822-A0F2-BBE10329D53F}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 B3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Inkscape 0.45.1 --> "C:\Program Files\Inkscape\uninst.exe"
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\Uninstall.exe"
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PRO Network Connections Drivers --> Prounstl.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Jewel Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\Uninstall.exe"
Lexibox Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Mah Jong Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\Uninstall.exe"
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FFB4DD53-28B7-4981-BFF0-9BD801F61095}
Norton Internet Security 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Oasis from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Polar Bowler from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\Uninstall.exe"
Polar Golfer from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2E44AA4-8665-4490-A6C9-2D0744B47B27\Uninstall.exe"
Puzzle Express from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5\Uninstall.exe"
Quick Launch Buttons 5.20 F2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
SCRABBLE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Slingo Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0\Uninstall.exe"
Slyder from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116\Uninstall.exe"
SmartAudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly
Snowboard SuperJam --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95\Uninstall.exe"
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Granny from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tablet --> C:\Program Files\Tablet\Remove.exe /u
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Tradewinds from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
Tune Tools for iPod --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31B5C6E6-15A4-4614-8169-DA9576575715}\setup.exe" -l0x9 -removeonly
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint...completed.html"
Windows Driver Package - MicroVision (Mvc25U870_VID_1262&PID_25FD) Image (11/30/2005 1.0.1.1) --> C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\mvc25u870_5F382E4712B10D6A2C8EE6AF940197B92B0D5AEC\mvc25u870.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\Setup.exe" -l0x9 -removeonly
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zuma Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type7072 / Error
Event Submitted/Written: 04/28/2008 08:10:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7071 / Error
Event Submitted/Written: 04/28/2008 08:10:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7070 / Error
Event Submitted/Written: 04/28/2008 07:58:34 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7069 / Error
Event Submitted/Written: 04/28/2008 07:58:34 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7068 / Error
Event Submitted/Written: 04/28/2008 07:58:34 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type39011 / Warning
Event Submitted/Written: 05/06/2008 07:01:39 AM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"

Event Record #/Type39002 / Warning
Event Submitted/Written: 05/05/2008 11:35:44 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"

Event Record #/Type38995 / Warning
Event Submitted/Written: 05/05/2008 04:32:55 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"

Event Record #/Type38994 / Warning
Event Submitted/Written: 05/05/2008 04:32:55 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"

Event Record #/Type38993 / Warning
Event Submitted/Written: 05/05/2008 04:32:55 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"



-- End of Deckard's System Scanner: finished at 2008-05-06 07:08:02 ------------
  • 0

#25
Leighwh

Leighwh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-06 08:44:49
PROTECTIONS: 1
MALWARE: 54
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Norton Internet Security 2006 2006 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00041487 adware/webhancer Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\run\webhancer agent
00048239 adware/adlogix Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FA6752A-C4A0-4222-88C2-928AE5AB4966}
00096188 spyware/searchcentrix Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E1075F4-EEC4-4a86-ADD7-CD5F52858C31}
00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5B2F29-1F46-4639-A6B4-828942301D3E}
00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15651C7C-E812-44A2-A9AC-B467A2233E7D}
00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{622CC208-B014-4FE0-801B-874A5E5E403A}
00135099 adware/powerstrip Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{965A592F-8EFA-4250-8630-7960230792F1}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Shannon Healy\Desktop\smitRem\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15\A0002249.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Shannon Healy\Desktop\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Shannon Healy\Desktop\smitRem.exe[smitRem/Process.exe]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.247realmedia.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.mediaplex.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.com.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[www.burstbeacon.com/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.bluestreak.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[.bravenet.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Application Data\Mozilla\Firefox\Profiles\8yt0j0qj.default\cookies.txt[searchportal.information.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00217430 adware/surfassistant Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dafd089-24b1-4c5e-bd42-8ca72550717b}
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Shannon Healy\Cookies\shannon [email protected][1].txt
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL.vir
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP27\A0004655.DLL
00520936 Application/ViewPoint HackTools No 0 Yes No C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP9\A0001972.exe[327882R2FWJFW\nircmd.cfexe]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Shannon Healy\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP23\A0004333.exe[327882R2FWJFW\nircmd.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP10\A0001995.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP5\A0000770.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000499.EXE
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Shannon Healy\Desktop\SmitfraudFix\Reboot.exe
02913138 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP8\A0000944.exe
02913323 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000385.exe
02913338 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000386.exe
02913338 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir
02913340 Adware/InternetSpeedMonitor Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir[ism.exe]
02913340 Adware/InternetSpeedMonitor Adware No 0 No No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000386.exe[ism.exe]
02913340 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\ISM\ism.exe.vir
02913340 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000304.exe
02913341 Adware/InternetSpeedMonitor Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir[QdrModule15.exe]
02913341 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule15.exe.vir
02913341 Adware/InternetSpeedMonitor Adware No 0 No No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000386.exe[QdrModule15.exe]
02913341 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000308.exe
02915793 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000384.exe
02936956 Adware/SideSearch Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir[QdrDrive15.dll]
02936956 Adware/SideSearch Adware No 0 Yes No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000306.dll
02936956 Adware/SideSearch Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\QdrDrive\QdrDrive15.dll.vir
02936956 Adware/SideSearch Adware No 0 No No C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2\A0000386.exe[QdrDrive15.dll]
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location n
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description n
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

Advertisements


#26
Leighwh

Leighwh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Fredil,

One additional bit of info has surfaced. I asked my daughter if Internet Explorer is acting odd in any way and she said she doesn't use it, only uses Mozilla Firefox. So interesting that something seems to open and keep open multiple IE processes in the background even when the browser hasn't been fired up. Wanted you to know--will wait further instructions on next steps. thanks, Leighwh
  • 0

#27
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello Leighwh, this is getting a bit frustrating :) Let's try some other tricks.

Before you perform any of the steps, see if you can get a HijackThis log while the multiple iexplore processes are running :)

Please read my entire post before commencing, and please follow my instructions in the order that they are given :) If you don't understand something, don't be afraid to ask!

1. Clean Temporary Files
------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

2. Download and Install SpywareBlaster
------------------------------------------------

Follow the instructions here to download, install, and configure SpywareBlaster. The screenshots are a little outdated, but you should be able to follow them with no problems :)

3. Scan with BlackLight
------------------------------------------------

Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply.
In your next post
------------------------------------------------

  • HijackThis log
  • BlackLight log

  • 0

#28
Leighwh

Leighwh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Fredil, Oddly, this time there are no IEExplore.exe processes open, and I opened IE and closed it again, and still none running. I captured a HiJackThis log anyway, to show where we are starting out. Next posts wil contain the logs from the steps I"ll follow from your post.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:43 AM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\1152635987\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1152635987\ee\AOLServiceHost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152635987\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12185 bytes
  • 0

#29
Leighwh

Leighwh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Fredil,

OK, I went through the steps as requested, but was not able to run Blacklight in expert mode--when I put in the command in the window opened by run -> cmd, I got back an error message saying directory not found, even though I had put Blacklight on the C drive. Maybe I need to run it in safe mode? Anyway, here is the new HiJack This log which now shows an open IExplore.exe--where did that come from? And the Blacklight log which shows nothing. Hmm, what next? thanks so much

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:26 AM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\1152635987\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1152635987\ee\AOLServiceHost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152635987\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12267 bytes


05/11/08 08:45:48 [Info]: BlackLight Engine 1.0.70 initialized
05/11/08 08:45:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/11/08 08:45:48 [Note]: 7019 4
05/11/08 08:45:48 [Note]: 7005 0
05/11/08 08:46:04 [Note]: 7006 0
05/11/08 08:46:04 [Note]: 7011 4260
05/11/08 08:46:04 [Note]: 7035 0
05/11/08 08:46:04 [Note]: 7026 0
05/11/08 08:46:04 [Note]: 7026 0
05/11/08 08:46:07 [Note]: FSRAW library version 1.7.1024
05/11/08 08:56:36 [Note]: 7007 0
  • 0

#30
Chopin

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello Leighwh, did you install SpywareBlaster? I don't see anything out of the ordinary with just that one IE entry - try to post a HJT log when you have multiple ones running.

Please read my entire post before commencing, and please follow my instructions in the order that they are given :) If you don't understand something, don't be afraid to ask!

1. Scan with RootkitRevealer
------------------------------------------------

Let's try this scan to rule out some possible causes of your iexplore.exe processes.

Please download Rootkit Revealer (It should be part of the Top 10 Downloads list)
  • Unzip it to your desktop.
  • Open the rootkitrevealer folder and double-click rootkitrevealer.exe
  • Close ALL windows and programs and do nothing on the pc while the scan runs. This includes games, browser windows, email clients, etc.
  • Click the Scan button (bottom right)
  • It may take a while to scan (don't do anything while it's running)
  • When it's done, go up to File > Save. Choose to save it to your desktop.
  • Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

2. Run a BFU Script
------------------------------------------------

Download and unzip BFU.zip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:
Posted Image

Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/MediaGateway.BFU

Make sure all IE windows are closed. In your case, kill any open iexplore.exe processes with the task manager prior to running the script.

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.gee...structions.html


3. Re-scan with DSS
------------------------------------------------

Please go to Start > Run. In the box that appears, carefully copy and paste the following:

"%userprofile%\Desktop\dss.exe" /config

Hit "Check All" and click "Scan!" DSS will produce main.txt and extra.txt, please post them back :)

In your next post
------------------------------------------------

  • RootkitRevealer log
  • DSS main.txt and extra.txt

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP