Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

antispycheck and others [RESOLVED]

Started by mlinva , Jun 14 2008 11:53 PM

This topic is locked

#1
mlinva

Posted 14 June 2008 - 11:53 PM

Member

Member
36 posts

My zone alarm was removed, mcafee tried but wasn't able to catch it all, I went to task manager and end the antispycheck process and then uninstalled it at the remove program spot. My system went into buffer stack overrun and blue screened ( I do have minidumps). I removed the hard drive and ran a symantec scan on it and removed all that I could find. When I put the drive back in the desktop it did the same thing so I did a system restore knowing that it would reload the virus. I figured if I could get it running I could try to get rid of it. I have tried a bunch of things but still see it smirking at me from my taskbar. Please help me get rid of this nasty thing. You will see I was able to re download zone alarm after I think I got rid of the browser hijacker.

here is a hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:15 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1178675955\ee\AOLSoftware.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1178675955\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\aol\1178675955\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\system32\162123\162123.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178675955\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [AntiSpyCheck 2.1.0] "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O22 - SharedTaskScheduler: chaplin - {257f6f44-2c64-46bb-acb4-55f9b9e0ae08} - C:\WINDOWS\system32\psqnuvo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12781 bytes

#2
mlinva

Posted 15 June 2008 - 12:41 AM

Member

Topic Starter
Member
36 posts

I ran Spybot S&D advanced mode and got rid of some but not all, here is the report from spybot.

thanks for your help

--- Search result list ---
Win32.BHO.je: [SBI $90A69837] Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}

Win32.BHO.je: [SBI $8AA4E23B] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}

Win32.Renos: [SBI $CEFE2943] Library (File, fixed)
C:\WINDOWS\system32\psqnuvo.dll

Smitfraud-C.: [SBI $8F732AAF] Autorun settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\start

Smitfraud-C.gp: [SBI $3CA356D5] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

Win32.Renos: [SBI $C1EB2B7D] Executable (File, fixed)
C:\Documents and Settings\Administrator\Local Settings\Temp\zfe2.exe

DoubleClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)

DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)

BurstMedia: Tracking cookie (Firefox: default) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-06-15 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-06-03 Includes\Adware.sbi (*)
2008-06-10 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-06-10 Includes\DialerC.sbi (*)
2008-06-03 Includes\HeavyDuty.sbi (*)
2008-06-04 Includes\Hijackers.sbi (*)
2008-06-03 Includes\HijackersC.sbi (*)
2008-06-03 Includes\Keyloggers.sbi (*)
2008-06-10 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-06-03 Includes\Malware.sbi (*)
2008-06-11 Includes\MalwareC.sbi (*)
2008-06-03 Includes\PUPS.sbi (*)
2008-06-10 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-10 Includes\Security.sbi (*)
2008-06-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-06-03 Includes\Spyware.sbi (*)
2008-06-03 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-06-11 Includes\Trojans.sbi (*)
2008-06-11 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)

--- Startup entries list ---
Located: HK_LM:Run, Acronis Scheduler2 Service
command: "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
file: C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
size: 118784
MD5: 866DC930FB1F4307D37665A86AC58F76

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, AntiSpyCheck 2.1.0
command: "C:\Program Files\AntiSpyCheck\AntiSpyCheck.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1178675955\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1178675955\ee\AOLSoftware.exe
size: 41824
MD5: C32C2FE355CC3A94183DB50179664A04

Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 01018F75F3F18CE629FAC9689954A2AE

Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 996ABAC2332DE28F3B6A179C6DA20205

Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: 3F2C8DD08549BB3419CDA372F5999FFA

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 04A9F0C58B170F30445BCC0683EF9FFC

Located: HK_LM:Run, mcagent_exe
command: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 582992
MD5: 9405B452064BFA6A0F78E2F177A988A4

Located: HK_LM:Run, NBKeyScan
command: "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
file: C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
size: 1836328
MD5: 60E91D2BCC467842B478E8F3A5BF7C16

Located: HK_LM:Run, NeroFilterCheck
command: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
file: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
size: 153136
MD5: 8112D0DACAE746290FC87B3A980FA719

Located: HK_LM:Run, Omnipage
command: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
file: C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
size: 49152
MD5: 1D0F6AEACEDDDA839EEB6AF0E9DB9F9B

Located: HK_LM:Run, Pure Networks Port Magic
command: "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
file: C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
size: 99480
MD5: BA99C608A075C44026720D5383F3D75B

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 6DF76965A0FB8237E9C3B3CAB9815EC2

Located: HK_LM:Run, RealTray
command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
file: C:\Program Files\Real\RealPlayer\RealPlay.exe
size: 26112
MD5: 849D97FE4CC09CFC2772D10F641E1BAF

Located: HK_LM:Run, SiteAdvisor
command: "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
file: C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
size: 36904
MD5: D8BF7C96FED3177EDAF5136CB7B5460C

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
size: 36975
MD5: 70DE314A16E5A486A0EF2425014685B2

Located: HK_LM:Run, TPP Auto Loader
command: C:\WINDOWS\TPPALDR.EXE
file: C:\WINDOWS\TPPALDR.EXE
size: 118784
MD5: A90E85B4367DFF9AFDBF2ED109119D44

Located: HK_LM:Run, TrueImageMonitor.exe
command: C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
file: C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
size: 984243
MD5: F6DDAE7FD3223C7FD65F05F53AD36720

Located: HK_LM:Run, VMware hqtray
command: "C:\Program Files\VMware\VMware Player\hqtray.exe"
file: C:\Program Files\VMware\VMware Player\hqtray.exe
size: 55856
MD5: 614AC721121216745E19071E702B9B81

Located: HK_LM:Run, WinFaxAppPortStarter
command: wfxsnt40.exe
file: C:\WINDOWS\system32\wfxsnt40.exe
size: 43008
MD5: 7A9DB3D93C96B678548E8FCF2ACD3799

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 02555A653450DE053FFF03C31E0B5986

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
where: S-1-5-21-94265825-982960712-586011108-500...
command: "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
file: C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
size: 202024
MD5: 7BF2D3A10DA0149A5B95261BD000C68F

Located: HK_CU:Run, PhotoShow Deluxe Media Manager
where: S-1-5-21-94265825-982960712-586011108-500...
command: C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
file: C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
size: 212992
MD5: 917BAFA5FC295611A401692F56DA7829

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-94265825-982960712-586011108-500...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F

Located: HK_CU:Run, swg
where: S-1-5-21-94265825-982960712-586011108-500...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, Weather
where: S-1-5-21-94265825-982960712-586011108-500...
command: C:\Program Files\AWS\WeatherBug\Weather.exe 1
file: C:\Program Files\AWS\WeatherBug\Weather.exe
size: 1347584
MD5: 84D68C45074DDA46181382DCE9C35F4E

Located: HK_CU:RunOnce, SpybotDeletingB179
where: S-1-5-21-94265825-982960712-586011108-500...
command: command /c del "C:\WINDOWS\system32\psqnuvo.dll_old"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB8198
where: S-1-5-21-94265825-982960712-586011108-500...
command: command /c del "C:\Documents and Settings\Administrator\Local Settings\Temp\zfe2.exe_old"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD2538
where: S-1-5-21-94265825-982960712-586011108-500...
command: cmd /c del "C:\WINDOWS\system32\psqnuvo.dll_old"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, SpybotDeletingD4811
where: S-1-5-21-94265825-982960712-586011108-500...
command: cmd /c del "C:\Documents and Settings\Administrator\Local Settings\Temp\zfe2.exe_old"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (common), America Online 9.0 Tray Icon.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\America Online 9.0\aoltray.exe
file: C:\Program Files\America Online 9.0\aoltray.exe
size: 156784
MD5: D3E103E5B79A6E8BA5B58E0A7C21523B

Located: Startup (common), APC UPS Status.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
file: C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
size: 209016
MD5: 7D82E85364C18C7435FF3714A5D663E3

Located: Startup (common), WinZip Quick Pick.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 415072
MD5: 235E9060FE95FF3E1D32AAD5AF892E71

Located: Startup (common), ZDWlan.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
file: C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
size: 438272
MD5: B1F640D6D04CAF10C6CFEAC984AC8B33

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

--- Browser helper object list ---
{089FD14D-132B-48FC-8861-0048AE113215} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Program Files\SiteAdvisor\6261\
Long name: SiteAdv.dll
Short name:
Date (created): 5/22/2008 4:14:36 AM
Date (last access): 6/15/2008 1:46:54 AM
Date (last write): 5/16/2008 12:49:40 PM
Filesize: 927008
Attributes: archive
MD5: 6286EC908C5E3F829B96A8CA024BB957
CRC32: EA971888
Version: 2.6.0.6261

{145B29F4-A56B-4b90-BBAC-45784EBEBBB7} (StumbleUpon Launcher)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: StumbleUpon Launcher
Path: C:\Program Files\StumbleUpon\
Long name: StumbleUponIEBar.dll
Short name: STUMBL~1.DLL
Date (created): 10/24/2007 2:57:00 PM
Date (last access): 6/15/2008 1:49:46 AM
Date (last write): 10/24/2007 2:57:00 PM
Filesize: 987832
Attributes: archive
MD5: 086223EBBF52794016F6292DFDDFD19C
CRC32: 84043130
Version: 1.0.0.1

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files\McAfee\VirusScan\
Long name: scriptsn.dll
Short name:
Date (created): 11/7/2007 6:19:20 AM
Date (last access): 6/15/2008 1:49:46 AM
Date (last write): 10/24/2007 6:51:28 AM
Filesize: 58688
Attributes: archive
MD5: 5B9FCB73F5A4A000C55AFF08B639A07C
CRC32: C78C7E89
Version: 14.0.0.366

{95667A7A-03B3-4EE0-91AE-A4DE74D25729} (162123 helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: 162123 helper
CLSID name: 162123 Class
Path: C:\WINDOWS\system32\162123\
Long name: 162123.dll
Short name:
Date (created): 6/14/2008 12:22:30 PM
Date (last access): 6/15/2008 1:49:48 AM
Date (last write): 6/14/2008 12:22:30 PM
Filesize: 15360
Attributes: archive
MD5: 861F78514BC9F1046B5D4F1B002BA433
CRC32: 3B5E1D68
Version: 1.0.0.1

{99BA268B-4021-4739-9945-3C774217FE75} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Program Files\NetProject\
Long name: sbmdl.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 10/24/2007 1:39:52 AM
Date (last access): 6/15/2008 1:49:46 AM
Date (last write): 10/24/2007 1:39:52 AM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\
Long name: swg.dll
Short name:
Date (created): 4/5/2008 8:22:38 AM
Date (last access): 6/15/2008 1:49:52 AM
Date (last write): 4/5/2008 8:22:38 AM
Filesize: 734704
Attributes: archive
MD5: F1D0608833F726C8FF84E11A46843CDE
CRC32: 0AF4F0EF
Version: 3.0.1225.9868

{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (ZoneAlarm Spy Blocker BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: ZoneAlarm Spy Blocker BHO
CLSID name: ZoneAlarm Spy Blocker BHO
Path: C:\Program Files\ZoneAlarmSB\bar\1.bin\
Long name: SPYBLOCK.DLL
Short name:
Date (created): 1/4/2006 9:38:32 PM
Date (last access): 6/15/2008 1:49:48 AM
Date (last write): 1/4/2006 9:38:32 PM
Filesize: 262144
Attributes: archive
MD5: 022D7161713F894BB7ADCA751D606F3F
CRC32: 8D236622
Version: 2.3.0.11

--- ActiveX list ---
{01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class)
DPF name:
CLSID name: SysProWmi Class
Installer: C:\WINDOWS\Downloaded Program Files\SysPro.inf
Codebase: https://support.dell...iler/SysPro.CAB
description:
classification: Legitimate
known filename: SysPro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Dell\SystemProfiler\
Long name: SysPro.ocx
Short name:
Date (created): 1/23/2003 2:23:18 PM
Date (last access): 6/15/2008 2:40:00 AM
Date (last write): 1/23/2003 2:23:18 PM
Filesize: 86016
Attributes: archive
MD5: 2EE3E0AE6AA35F135CAE24DF2DA9B172
CRC32: A76A5BDA
Version: 2.0.0.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_01
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_01\bin\
Long name: NPJPI150_01.dll
Short name: NPJPI1~1.DLL
Date (created): 12/6/2068 10:31:52 PM
Date (last access): 6/15/2008 2:40:00 AM
Date (last write): 12/6/2004 10:49:16 PM
Filesize: 69746
Attributes: archive
MD5: 7B8F5AAF633987C6F1B88146357D04E5
CRC32: AD99524A
Version: 1.5.0.10

{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_01
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_01\bin\
Long name: NPJPI150_01.dll
Short name: NPJPI1~1.DLL
Date (created): 12/6/2068 10:31:52 PM
Date (last access): 6/15/2008 2:40:00 AM
Date (last write): 12/6/2004 10:49:16 PM
Filesize: 69746
Attributes: archive
MD5: 7B8F5AAF633987C6F1B88146357D04E5
CRC32: AD99524A
Version: 1.5.0.10

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macr...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9e.ocx
Short name:
Date (created): 11/20/2007 8:04:14 PM
Date (last access): 6/15/2008 2:40:00 AM
Date (last write): 11/20/2007 8:04:14 PM
Filesize: 2987392
Attributes: readonly archive
MD5: D3C50535C26190FEAD7785A03499C0AC
CRC32: A77C3E92
Version: 9.0.115.0

--- Process list ---
PID: 0 ( 0) [System]
PID: 1012 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 1072 (1012) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1096 (1012) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 1140 (1096) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1152 (1096) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1312 (1140) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1360 (1140) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2008 (1140) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 680 (1140) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 860 (1140) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1404 (1140) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 75304
MD5: E95EA35BE5D16FD3E33B903439AF00FF
PID: 1496 (1268) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 640 (1140) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
size: 607576
MD5: 07AE10139D7713D69F57209FDF0425CC
PID: 944 (1140) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 320 (1140) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
size: 172032
MD5: 5C52B3C8602929A19136840117843D4B
PID: 348 (1140) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
size: 46640
MD5: 85180CF88C5EBAD73B452A43A004CA51
PID: 380 (1140) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
size: 155770
MD5: EDE236AED2002D20AA81A0F1E0276B63
PID: 396 (1140) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 110592
MD5: 1961CB10BB48EB4D97E37DB6373E9E63
PID: 472 (1140) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
size: 767976
MD5: CB3A8976DE2F65349322DA7627CEA223
PID: 568 (1140) c:\program files\common files\mcafee\mna\mcnasvc.exe
size: 2458128
MD5: C69E71E00B30B60556D3E096699BD423
PID: 656 (1140) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
size: 359248
MD5: 8CF3DA0BE6094C34D7C4A85493E60547
PID: 788 (1140) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
size: 144704
MD5: 33734ABFA52EC8D096A1254D645E9B4F
PID: 908 (1140) C:\Program Files\McAfee\MPF\MPFSrv.exe
size: 856864
MD5: 346F30F1FF73553AA466F4AE7948DA00
PID: 1432 (1140) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
size: 853288
MD5: 6D4028D458EAAA1782099750790DC8C9
PID: 2340 (1140) C:\Program Files\SiteAdvisor\6261\SAService.exe
size: 345376
MD5: 0C90F038A8CED65D78A7DC791A0E6011
PID: 2408 (1140) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2532 (1140) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 2624 (1140) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
size: 269104
MD5: 7BECF16932ABBCD71627C500E31A8BE6
PID: 2748 (1140) C:\WINDOWS\system32\vmnat.exe
size: 150064
MD5: 079600816E8263CEB623E2EA57D115FF
PID: 2812 (1140) C:\WINDOWS\wanmpsvc.exe
size: 65536
MD5: 909F2DC0DA7F57D229A05EE90647B2C3
PID: 2900 (1140) C:\WINDOWS\system32\vmnetdhcp.exe
size: 121392
MD5: CF131B0B60D61E07825E54829557C805
PID: 2952 (1140) C:\Program Files\VMware\VMware Player\vmware-authd.exe
size: 109104
MD5: D6EF36EE5F872EEB478485FAFE0390C6
PID: 3188 (1312) C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 582992
MD5: 9405B452064BFA6A0F78E2F177A988A4
PID: 2040 (1496) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 02555A653450DE053FFF03C31E0B5986
PID: 588 (1496) C:\Program Files\VMware\VMware Player\hqtray.exe
size: 55856
MD5: 614AC721121216745E19071E702B9B81
PID: 1060 (1496) C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
size: 984243
MD5: F6DDAE7FD3223C7FD65F05F53AD36720
PID: 1944 (1496) C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
size: 36975
MD5: 70DE314A16E5A486A0EF2425014685B2
PID: 2068 (1496) C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
size: 36904
MD5: D8BF7C96FED3177EDAF5136CB7B5460C
PID: 2248 (1496) C:\Program Files\Real\RealPlayer\RealPlay.exe
size: 26112
MD5: 849D97FE4CC09CFC2772D10F641E1BAF
PID: 2416 (1496) C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 6DF76965A0FB8237E9C3B3CAB9815EC2
PID: 2808 (1496) C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
size: 49152
MD5: 1D0F6AEACEDDDA839EEB6AF0E9DB9F9B
PID: 3124 (1060) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
size: 118784
MD5: 866DC930FB1F4307D37665A86AC58F76
PID: 3304 (1496) C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 04A9F0C58B170F30445BCC0683EF9FFC
PID: 3344 (1496) C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 996ABAC2332DE28F3B6A179C6DA20205
PID: 3352 (1496) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: 01018F75F3F18CE629FAC9689954A2AE
PID: 3360 (1496) C:\Program Files\Common Files\AOL\1178675955\ee\AOLSoftware.exe
size: 41824
MD5: C32C2FE355CC3A94183DB50179664A04
PID: 3512 (1496) C:\WINDOWS\TPPALDR.EXE
size: 118784
MD5: A90E85B4367DFF9AFDBF2ED109119D44
PID: 3788 (1496) C:\Program Files\AWS\WeatherBug\Weather.exe
size: 1347584
MD5: 84D68C45074DDA46181382DCE9C35F4E
PID: 3816 (1496) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
PID: 3860 (1496) C:\Program Files\Nero\data\Xtras\mssysmgr.exe
size: 212992
MD5: 917BAFA5FC295611A401692F56DA7829
PID: 3892 (1496) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
size: 202024
MD5: 7BF2D3A10DA0149A5B95261BD000C68F
PID: 3976 (1496) C:\Program Files\America Online 9.0\aoltray.exe
size: 156784
MD5: D3E103E5B79A6E8BA5B58E0A7C21523B
PID: 3996 (1496) C:\Program Files\WinZip\WZQKPICK.EXE
size: 415072
MD5: 235E9060FE95FF3E1D32AAD5AF892E71
PID: 4008 (1496) C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
size: 438272
MD5: B1F640D6D04CAF10C6CFEAC984AC8B33
PID: 2384 (1140) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3864 (1140) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
size: 382248
MD5: FF4D73B16EA3A32D34CEB3A7BC3C3773
PID: 3888 (3988) C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
size: 413816
MD5: FD99A3837ED7EAA96DF493B628795DDC
PID: 3412 (1312) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
size: 1410344
MD5: CF45E5F12EBA630BA563950B1A64D241
PID: 3116 (1140) C:\Program Files\iPod\bin\iPodService.exe
size: 504104
MD5: 1CB96E83FD76EB5580451CEF29E24303
PID: 3288 (3360) c:\program files\common files\aol\1178675955\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
size: 1536
MD5: 87A2CD3AD5BF4F57C0DF046CC3A8C5A7
PID: 4080 (3360) C:\Program Files\Common Files\aol\1178675955\ee\aolsoftware.exe
size: 41824
MD5: C32C2FE355CC3A94183DB50179664A04
PID: 2144 (1140) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2476 (1140) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
size: 695624
MD5: FD47DF2BCC3544DF65B01AD6B6062430
PID: 2228 (1496) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7660656
MD5: B366BB8334CDCFB5C2A58DCF5121B6BC
PID: 2528 (2288) C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
size: 396288
MD5: C4CA7416A6DF6D95075F81D9E3B41AD1
PID: 2728 (1312) c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
size: 752448
MD5: 59252440C56F4706C5CD64304D56DAD7
PID: 1824 ( 744) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4044 (1312) c:\PROGRA~1\mcafee\msc\mcuimgr.exe
size: 265040
MD5: 02800372FA7F33E4042DA92D362D6573
PID: 39644 (2008) C:\WINDOWS\system32\wuauclt.exe
size: 53080
MD5: F3E9065EB617A7E3A832A7976BFA021B
PID: 39976 (1140) G:\hpzstub.exe
size: 385024
MD5: DC70BA9C3560FD8F6712BAA86A40B098
PID: 4 ( 0) System
PID: 37272 (39976) G:\hpzsetup.exe
size: 800344
MD5: 29F3E29B6F04E1CFC112E6182DB9A5A2
PID: 39592 (37272) G:\setup\hpzrein01.exe
size: 783968
MD5: C5DCA3AD75044F33DD6B6AB3B3C5082E

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/15/2008 2:41:45 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
http://internetsearchservice.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft...p...&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://internetsearchservice.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL
http://internetsearchservice.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://internetsearchservice.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://internetsearc...ce.com/ie6.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft...p...ER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm

--- Winsock Layered Service Provider list ---

--- Uninstall list ---
(AddressBook)

Adobe Flash Player ActiveX 9.0.115.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com...player_support/

5.0.7 (AnswerWorks 5.0 English Runtime)
publisher: Vantage Software Technologies
comments: Please see the readme file before removing the AnswerWorks natural language search solution.
readme: C:\Program Files\Common Files\AnswerWorks 5.0\awreadme.htm

AOL Toolbar (AOL Toolbar)
uninstall cmd: "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"

AOL Uninstaller (AOL Uninstaller)
uninstall cmd: C:\Program Files\Common Files\AOL\uninstaller.exe

AOL You've Got Pictures Screensaver (AOL YGP Screensaver)
uninstall cmd: C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe

AOL Coach Version 1.0(Build:20040229.1 en) (AOLCoach)
uninstall cmd: C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe

(AOLOCP_N)

(Branding)

(Connection Manager)

Cakewalk Audio Finder Tool (CWAFV3)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\Cakewalk\CWAF\DeIsL1.isu"

(DirectAnimation)

(DirectDrawEx)

DreamStation DXi2 (DreamStation DXi2)
uninstall cmd: C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2

(DXM_Runtime)

(Fontcore)

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(KB884016)

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft....k/?LinkId=42467

LiveAdvisor (Symantec Corporation) 1.0.0.706 (LiveAdvisor)
install location: C:\Program Files\Common Files\Symantec Shared\LiveAdvisor
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveAdvisor\VcSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate (LiveUpdate)
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\Uninst.exe -u

(MobileOptionPack)

Mozilla Firefox (2.0.0.14) 2.0.0.14 (en-US) (Mozilla Firefox (2.0.0.14))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

(MPlayer2)

McAfee SecurityCenter (MSC)
install location: C:\Program Files\McAfee
uninstall cmd: C:\Program Files\McAfee\MSC\mcuninst.exe
publisher: McAfee, Inc.

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

Music Creator 2 (Music Creator 2)
uninstall cmd: C:\PROGRA~1\Cakewalk\MUSICC~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\MUSICC~1\INSTALL.LOG

MySpeed PC Lite Edition (MySpeed PC Lite Edition)
uninstall cmd: "C:\Program Files\MySpeed PC Lite Edition\Uninstall.exe" "C:\Program Files\MySpeed PC Lite Edition"

(Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

Nero PhotoShow Express 3.0 (Nero PhotoShow Express)
version (major): 3
install location: C:\Program Files\Nero\Nero PhotoShow Express.exe
uninstall cmd: "C:\Program Files\Nero\data\Xtras\Uninstall.exe"
publisher: Simple Star, Inc.
help link: http://www.simplestar.com/support

(NeroBackItUp!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

(NeroMediaHome!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

(NeroRecode!UninstallKey)
uninstall cmd: C:\WINDOWS\UNRecode.exe /UNINSTALL

(NeroShowTime!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Pure Networks Port Magic 1.2.1393.0 (Port Magic)
install location: C:\PROGRA~1\PURENE~1\PORTMA~1
uninstall cmd: C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
publisher: Pure Networks
help link: http://aol-support.purenetworks.com

Intel® PRO Network Adapters and Drivers (PROSet)
uninstall cmd: Prounstl.exe

RealPlayer Basic (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

Adobe Flash Player 9 ActiveX 9.0.115.0 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
publisher: Adobe Systems
help link: http://www.adobe.com...player_support/

Steinberg Cubase LE (Steinberg Cubase LE)
uninstall cmd: "C:\Program Files\Steinberg\Cubase LE\Uninstall.exe" "C:\Program Files\Steinberg\Cubase LE\Install.log"

Learn2 Player (Uninstall Only) (StreetPlugin)
uninstall cmd: C:\Program Files\Learn2.com\StRunner\stuninst.exe

StumbleUpon IE Toolbar (StumbleUponIEToolbar)
uninstall cmd: C:\Program Files\StumbleUpon\uninstall.exe

USB Storage Adapter V2 (TPP) (TPP200)
uninstall cmd: tppun.exe TPP200

USB Storage Adapter V3 (TPP) (TPP300)
uninstall cmd: tppun.exe TPP300

USB Storage Adapter (TPP) (TPP725)
uninstall cmd: tppun.exe TPP725

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Symantec WinFax PRO 10.0 (WinFax)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Symantec\WinFax\WFXUNIST.ISU" -c"C:\Program Files\Symantec\WinFax\UNINSTUB.DLL"

WinSCP 4.1.2 beta 4.1.2 beta (winscp3_is1)
install date: 20080520
install location: C:\Program Files\WinSCP\
uninstall cmd: "C:\Program Files\WinSCP\unins000.exe"
publisher: Martin Prikryl
help link: http://winscp.net/forum/

2.5.2.10.30.06 (X-Image 2.5.2)
publisher: Dell Inc.
contact: Don Cannon
help link: http://support.dell.com
help telephone: 512-723-7504

ZoneAlarm 7.0.473.000 (ZoneAlarm)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Check Point, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Help\zaclients.chm

ZoneAlarm Spy Blocker (ZoneAlarmSB Uninstall)
uninstall cmd: rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
publisher: ZoneAlarm
help link: http://www.zonealarm...m...3&c=P100014

Apple Software Update 2.1.0.110 ({02DFF6B1-1654-411C-8D7B-FD6052EF016F})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 2196
install date: 20080425
install location: C:\Program Files\Apple Software Update\
install source: C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Macromedia Dreamweaver MX 2004 7.0 ({05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A})
version (major): 7
install location: C:\Program Files\Macromedia\Dreamweaver MX 2004
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
publisher: Macromedia
help link: http://www.macromedi...weaver_support/

QuickTime 7.4.5.67 ({1838C5A2-AB32-4145-85C1-BB9B8DFA24CD})
version: 117702661
version (major): 7
version (minor): 4
estimated size: 80580
install date: 20080425
install location: C:\Program Files\QuickTime\
install source: C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Google Earth 4.2.198.2451 ({1E04F83B-2AB9-4301-9EF7-E86307F79C72})
version: 67240134
version (major): 4
version (minor): 2
estimated size: 34084
install date: 20071024
install location: C:\Program Files\Google\Google Earth\
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{145C096A-C390-4C03-896E-80D80B953600}\
uninstall cmd: MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
publisher: Google

Rhapsody Player Engine 1.1.0 ({22DE1881-9D24-4981-B5CC-EC7E9F2F4D52})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 1240
install date: 20080614
install source: C:\Documents and Settings\Administrator\Desktop\
uninstall cmd: MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
publisher: RealNetworks
comments: The Rhapsody Player Engine is a web browser plugin used for Rhapsody on the web.
contact: RealNetworks
help link: http://www.rhapsody.com/

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

CloneMaster 4.0.0.0 ({24B4EFCF-6220-4AAF-ACD8-8750D662BCE9})
version: 67108864
install date: 20071110
install location: C:\Program Files\SoftByte Labs\CloneMaster
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bye1B.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24B4EFCF-6220-4AAF-ACD8-8750D662BCE9}\setup.exe" -l0x9 -removeonly
publisher: SoftByte Labs

Data Lifeguard Tools ({2C0A655C-61E7-428A-8ED2-23A3D20E7DD2})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"

Macromedia Flash MX 2004 7 ({2F353D44-73BB-4971-B31D-F7642E9E9531})
install location: C:\Program Files\Macromedia\Flash MX 2004
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
publisher: Macromedia
help link: http://www.macromedi...o/flash_support

J2SE Runtime Environment 5.0 Update 1 1.5.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0150010})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 120317
install date: 19981231
install source: http://java.sun.com/...8/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_01\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2456
install date: 20060728
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

VCRedistSetup 1.0.0 ({3921A67A-5AB1-4E48-9444-C71814CF3027})
version: 16777216
version (major): 1
estimated size: 4721
install date: 20071119
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NERO13899\Data\Redist\
uninstall cmd: MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
publisher: Nero AG
contact: Nero AG

Quicken 2008 17.1.2.2 ({3B0F52AC-EF5C-4831-B221-06C782E41280})
version: 285278210
version (major): 17
version (minor): 1
estimated size: 87477
install date: 20071022
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pft44C.tmp\DISK1\
uninstall cmd: MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
publisher: Intuit
comments: All URLs valid as of July 2006
contact: Customer Support Department
help link: http://www.intuit.com/support/quicken

Apple Mobile Device Support 1.1.4.7 ({44734179-8A79-4DEE-BB08-73037F065543})
version: 16842756
version (major): 1
version (minor): 1
estimated size: 34842
install date: 20080425
install location: C:\Program Files\Common Files\Apple\Mobile Device Support\
install source: C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

Virtual Sound Canvas DXi ({4E10E7FC-36CD-4C22-AC20-9E15692E8C2F})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}\setup.exe" UNINSTALL_XXX

neroxml 1.0.0 ({56C049BE-79E9-4502-BEA7-9754A3E60F9B})
version: 16777216
version (major): 1
estimated size: 3795
install date: 20071119
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NERO13899\Data\Redist\
uninstall cmd: MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
publisher: Nero AG
contact: Nero AG

ZD1211 802.11g Wireless LAN - USB ({581CE7EA-A30D-11D6-8496-000000120101})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-11D6-8496-000000120101}\setup.exe" -l0x9

iTunes 7.6.2.9 ({585776BC-4BD6-4BD2-A19A-1D6CB44A403B})
version: 117833730
version (major): 7
version (minor): 6
estimated size: 75104
install date: 20080425
install location: C:\Program Files\iTunes\
install source: C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

APC PowerChute Personal Edition 1.4 ({5A0C892E-FD1C-4203-941E-0956AED20A6A})
version (major): 1
version (minor): 4
install location: C:\Program Files\APC\APC PowerChute Personal Edition
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
publisher: American Power Conversion Corporation
help link: http://www.apc.com/s...m?Localize=true

OmniPage SE 11.00.0001 ({6249C22D-E6A8-407B-BA8B-40298848ED94})
version: 184549377
version (major): 11
estimated size: 53609
install date: 20071017
install source: E:\Omnipage\
uninstall cmd: MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
publisher: ScanSoft, Inc.
help link: http://www.scansoft.com/support

WeatherBug 6.8.1.1 ({70DECFBF-9119-4434-B2D3-A3C283D15E45})
version: 101187585
version (major): 6
version (minor): 8
estimated size: 4231
install date: 20071121
install location: C:\Program Files\AWS\
install source: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AVANMPYF\
uninstall cmd: MsiExec.exe /X

#3
Rorschach112

Posted 15 June 2008 - 01:50 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

#4
mlinva

Posted 15 June 2008 - 08:20 PM

Member

Topic Starter
Member
36 posts

HI, sorry its taken so long to respond but I couldn't get the DSS to run at alll, kept crashing. I tried to run the Kaspersky and with firefox it crashed as well. I tried at least 5 times with each thing. I switched browsers and redownloaded DSS and tried to run it, no go. I am currently re-running kaspersky which oddly disapeared just as it was finishing. At lease its running. I am trying again. Here is a current Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:11 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1178675955\ee\AOLSoftware.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1178675955\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\aol\1178675955\ee\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: 162123 helper - {95667A7A-03B3-4EE0-91AE-A4DE74D25729} - C:\WINDOWS\system32\162123\162123.dll
O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178675955\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13273 bytes

Thank you for looking, and just who does watch the watchers?

Mary Lou

#5
Rorschach112

Posted 16 June 2008 - 07:04 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {99BA268B-4021-4739-9945-3C774217FE75} - C:\Program Files\NetProject\sbmdl.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Can you try DSS in Safe Mode

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#6
mlinva

Posted 18 June 2008 - 10:08 AM

Member

Topic Starter
Member
36 posts

I am still trying to run DSS and am having trouble getting into safe mode. I ran the malbytes and will try DSS again. Sorry for the delay.

Mary Lou

mMalwarebytes' Anti-Malware 1.17
Database version: 867

12:03:13 PM 6/18/2008
mbam-log-6-18-2008 (12-03-13).txt

Scan type: Quick Scan
Objects scanned: 45108
Time elapsed: 12 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{95667a7a-03b3-4ee0-91ae-a4de74d25729} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdidrv32.sys (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tdidrv32.sys (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.

#7
Rorschach112

Posted 18 June 2008 - 10:12 AM

Ralphie

Retired Staff
47,710 posts

Do this if you cant

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg Mountpoints2, File - Additional Folder Scans, and File - Purity Scan.
Under Drivers change it to Non-Microsoft.
Under Files Created Within and Files Modified Within change it to 90 days.
Under Rootkit Search change it to Yes
Check the box at the top-left beside Scan All Users
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

#8
mlinva

Posted 19 June 2008 - 12:32 AM

Member

Topic Starter
Member
36 posts

Hi,

12 hours of homework and study and tomorrow providing sound for an outdoor music festival..I think I'm too old for this..I have run OTScanIt and am attaching the file. The malware software found a bunch of stuff and got rid of it. The DSS still crashes when it runs.

Thank you for your time

Mary Lou

Attached Files

OTScanIt.Txt 378.31KB 108 downloads

#9
Rorschach112

Posted 19 June 2008 - 06:38 AM

Ralphie

Retired Staff
47,710 posts

Hello

Start OTScanIt. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YY -> (AOLService) AOL Spyware Protection Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\AOL\AOL Spyware Protection\\aolserv.exe
[Registry - Non-Microsoft Only]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> StumbleUpon PhotoBlog It! ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-94265825-982960712-586011108-500\] > -> HKEY_USERS\S-1-5-21-94265825-982960712-586011108-500\Software\Microsoft\Internet Explorer\MenuExt\
YN -> StumbleUpon PhotoBlog It! ->
[Registry - Additional Scans - Non-Microsoft Only]
< MountPoints2 > ->
*~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ad7f569-7c66-11dc-b753-806d6172696f}\_Autorun\DefaultIcon\\
YY -> G:\setup.exe -> G:\setup.exe
< MountPoints2 > ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e03ecf7d-f6cf-11db-b578-806d6172696f}\_Autorun\DefaultIcon\\ -> D:\AutoRun.ico [D:\AutoRun.ico]
[Files/Folders - Created Within 90 days]
NY -> Deckard -> %SystemDrive%\Deckard
[Files/Folders - Modified Within 30 days]
NY -> Deckard -> %SystemDrive%\Deckard
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Then post a new HijackThis log

#10
mlinva

Posted 21 June 2008 - 01:53 PM

Member

Topic Starter
Member
36 posts

Here is the OTScanit log you requested and I will continue with your instructions and post the other things in the next reply.
Thanks
Mary Lou

Explorer killed successfully
[Win32 Services - Non-Microsoft Only]
Service AOLService stopped successfully.
Service AOLService deleted successfully.
File C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe not found.
[Registry - Non-Microsoft Only]
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\StumbleUpon PhotoBlog It!\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-94265825-982960712-586011108-500\Software\Microsoft\Internet Explorer\MenuExt\StumbleUpon PhotoBlog It!\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ad7f569-7c66-11dc-b753-806d6172696f}\_Autorun\DefaultIcon\\:G:\setup.exe deleted successfully.
File G:\setup.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e03ecf7d-f6cf-11db-b578-806d6172696f}\_Autorun\DefaultIcon\\ deleted successfully.
[Files/Folders - Created Within 90 days]
C:\Deckard\System Scanner\backup folder moved successfully.
C:\Deckard\System Scanner\20080619021247\backup folder moved successfully.
C:\Deckard\System Scanner\20080619021247 folder moved successfully.
C:\Deckard\System Scanner\20080616095708\backup folder moved successfully.
C:\Deckard\System Scanner\20080616095708 folder moved successfully.
C:\Deckard\System Scanner\20080615232208\backup folder moved successfully.
C:\Deckard\System Scanner\20080615232208 folder moved successfully.
C:\Deckard\System Scanner\20080615210449\backup folder moved successfully.
C:\Deckard\System Scanner\20080615210449 folder moved successfully.
C:\Deckard\System Scanner\20080615205420\backup folder moved successfully.
C:\Deckard\System Scanner\20080615205420 folder moved successfully.
C:\Deckard\System Scanner\20080615185741\backup folder moved successfully.
C:\Deckard\System Scanner\20080615185741 folder moved successfully.
C:\Deckard\System Scanner\20080615185541\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\010406212348 folder moved successfully.
C:\Deckard\System Scanner\20080615185541\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp folder moved successfully.
C:\Deckard\System Scanner\20080615185541\backup\DOCUME~1\ADMINI~1\LOCALS~1 folder moved successfully.
C:\Deckard\System Scanner\20080615185541\backup\DOCUME~1\ADMINI~1 folder moved successfully.
C:\Deckard\System Scanner\20080615185541\backup\DOCUME~1 folder moved successfully.
C:\Deckard\System Scanner\20080615185541\backup folder moved successfully.
C:\Deckard\System Scanner\20080615185541 folder moved successfully.
C:\Deckard\System Scanner folder moved successfully.
C:\Deckard folder moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\Deckard not found!
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_aOKSjT3nCVwpPjn scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_e8qbDqK114A8ZNc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_j7EPFRBNwqnaHY0 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_Ux3aKjivLyAQGzG scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_5xtoKvnY3jlM6N6 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_rNiFyg5vEGIep88 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_tr4vIWqrJmRDrA3 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_yknOYENJQ8BeTMw scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a90.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\vmware-vmount.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0013f.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0484a.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.15 fix logfile created on 06212008_154215

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\mcafee_aOKSjT3nCVwpPjn not found!
File C:\WINDOWS\temp\mcafee_e8qbDqK114A8ZNc not found!
File C:\WINDOWS\temp\mcafee_j7EPFRBNwqnaHY0 not found!
File C:\WINDOWS\temp\mcafee_Ux3aKjivLyAQGzG not found!
File C:\WINDOWS\temp\mcmsc_5xtoKvnY3jlM6N6 not found!
File C:\WINDOWS\temp\mcmsc_rNiFyg5vEGIep88 not found!
File C:\WINDOWS\temp\mcmsc_tr4vIWqrJmRDrA3 not found!
File C:\WINDOWS\temp\mcmsc_yknOYENJQ8BeTMw not found!
C:\WINDOWS\temp\Perflib_Perfdata_a90.dat moved successfully.
C:\WINDOWS\temp\vmware-vmount.log moved successfully.
File C:\WINDOWS\temp\ZLT0013f.TMP not found!
File C:\WINDOWS\temp\ZLT0484a.TMP not found!

#11
mlinva

Posted 21 June 2008 - 06:20 PM

Member

Topic Starter
Member
36 posts

here is the ESTOnline scan log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3206 (20080621)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=d6c3b2a263402b41b99824311e3649e8
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-06-21 11:50:38
# local_time=2008-06-21 07:50:38 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=387109
# found=7
# scan_time=8722
C:\Program Files\America Online 9.0\download\OTScanIt\OTScanIt.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
E:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application (deleted) 00000000000000000000000000000000
E:\AOL Instant Messenger\AIM.exe »WISE »WxBug.EXE Win32/Adware.WBug.A application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
E:\AOL Instant Messenger\AIM.exe »WISE »WxBug.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
E:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP16\A0001400.exe Win32/Adware.WBug.A application (deleted) 00000000000000000000000000000000
E:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP16\A0001400.exe »WISE »WxBug.EXE Win32/Adware.WBug.A application (error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
E:\System Volume Information\_restore{6B8BF05F-EEFE-4A41-96AD-B82E393DA7FC}\RP16\A0001400.exe »WISE »WxBug.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:44 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1178675955\ee\AOLSoftware.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\common files\aol\1178675955\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\aol\1178675955\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178675955\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell...iler/SysPro.CAB
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13148 bytes

#12
Rorschach112

Posted 22 June 2008 - 09:05 AM

Ralphie

Retired Staff
47,710 posts

Your logs are clean

Make sure you have an Internet Connection.
Double-click OTScanIt.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#13
Rorschach112

Posted 26 June 2008 - 02:56 PM

Ralphie

Retired Staff
47,710 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.