Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ad yieldmanager... [RESOLVED]

Started by dpape , Jun 22 2008 11:20 PM

  • This topic is locked This topic is locked

#1
dpape
Posted 22 June 2008 - 11:20 PM

dpape

    Member

  • Member
  • PipPip
  • 24 posts
Like so many others, I'm getting redirected from yahoo articles to "ad yieldmanager" It occurs most frequently with yahoo music and yahoo email.
If anyone could help, that would be great!

First time posting. I think I've followed all of the steps (hopefully!) .... so here we go.

______________________________________________________________
Malwarebytes' Anti-Malware 1.18
Database version: 881

10:36:31 PM 6/22/2008
mbam-log-6-22-2008 (22-36-31).txt

Scan type: Quick Scan
Objects scanned: 35921
Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

______________________________________________________
SUPERAntiSpyware Scan Log
Generated 06/22/2008 at 10:59 PM

Application Version : 3.6.1000

Core Rules Database Version : 3487
Trace Rules Database Version: 1478

Scan type : Complete Scan
Total Scan Time : 00:19:47

Memory items scanned : 729
Memory threats detected : 0
Registry items scanned : 6733
Registry threats detected : 0
File items scanned : 620
File threats detected : 0

___________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:41 PM, on 6/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=MT6707
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=MT6707
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TB&M=MT6707
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Odds Maker - b3cab7b9-eb43-46a2-8e15-02cc298dec71 - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUplden-us.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://vpn.rockhurs...SetupClient.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IFA_Moore Service - Unknown owner - C:\Program Files\Common Files\Primal Pictures Shared\Service\IFA_Moore Service File.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 12456 bytes

______________________________________________________
Uninstall list

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
Bejeweled 2 Deluxe
BigFix
Blackhawk Striker 2
Blasterball 3
Browser Address Error Redirector
Cisco Clean Access Agent
Diner Dash
FATE
Full Tilt Poker
Gateway Game Console
Gateway Recovery Center Installer
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
IFA_Moore (Shared Components)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java™ SE Runtime Environment 6
Juniper Networks Secure Application Manager
Linkit_eBay
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
McAfee VirusScan Enterprise
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 Parser and SDK
Napster
Napster Burn Engine
Nikon Message Center
Panda ActiveScan 2.0
Penguins!
PictureProject
PictureProject In Touch Downloader 1.0
Poker Tracker Version 2.16.03d
Polar Bowler
Polar Golfer
Power2Go 5.0
Primal 3D Anatomy - Moore and Dalley
QuickTime
RealPlayer
REALTEK RTL8187 Wireless LAN Driver
Rhapsody Player Engine
SCRABBLE
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Visio 2007 (KB947590)
SigmaTel Audio
Spelling Dictionaries Support For Adobe Reader 8
Spyware Doctor 5.5
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Tradewinds
Update for Office 2007 (KB946691)
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
  • 0

Advertisements

#2
Mike
Posted 01 July 2008 - 07:31 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Sorry for the delay - we are swamped with logs.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.

Then,

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
dpape
Posted 01 July 2008 - 09:58 AM

dpape

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks for getting back to me. No problem with the delay, I know you guys are busy.
I will say before we start that my computer is running very fast lately, but I'm still getting redirected some of the time.
Here are my new scans.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2060 @ 1.60GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 2037.56 MiB / 1153.51 MiB
Pagefile Memory (total/avail): 4290.16 MiB / 2876.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.62 MiB

C: is Fixed (NTFS) - 139.31 GiB total, 95.53 GiB free.
D: is Fixed (NTFS) - 9.74 GiB total, 4.24 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600BEVS-22RST0 - 149.05 GiB - 2 partitions
\PARTITION0 - Installable File System - 9.74 GiB - D:
\PARTITION1 (bootable) - Installable File System - 139.31 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: McAfee VirusScan Enterprise v8.5.0.781 (McAfee, Inc.)
AS: Spyware Doctor v5.5.1.322 (PC Tools)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\User\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-PC
ComSpec=C:\Windows\system32\cmd.exe
DEFLOGDIR=C:\ProgramData\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\User
LOCALAPPDATA=C:\Users\User\AppData\Local
LOGONSERVER=\\USER-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\User\AppData\Local\Temp
TMP=C:\Users\User\AppData\Local\Temp
USERDOMAIN=User-PC
USERNAME=User
USERPROFILE=C:\Users\User
VSEDEFLOGDIR=C:\ProgramData\McAfee\DesktopProtection
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

User


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
Bejeweled 2 Deluxe --> "C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
BigFix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Blackhawk Striker 2 --> "C:\Program Files\Gateway Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 3 --> "C:\Program Files\Gateway Games\Blasterball 3\Uninstall.exe"
Browser Address Error Redirector --> regsvr32 /u /s "c:\google\BAE.dll"
Cisco Clean Access Agent --> MsiExec.exe /X{04010300-6D72-4D54-8686-91D884A27B5C}
Diner Dash --> "C:\Program Files\Gateway Games\Diner Dash\Uninstall.exe"
FATE --> "C:\Program Files\Gateway Games\FATE\Uninstall.exe"
Full Tilt Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Gateway Game Console --> "C:\Program Files\Gateway Games\Gateway Game Console\Uninstall.exe"
Gateway Recovery Center Installer --> MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IFA_Moore (Shared Components) --> C:\Program Files\Common Files\Primal Pictures Shared\Uninstall\IFAMoore\B2FF9000\UninstApplet.exe /uninstall
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Juniper Networks Host Checker --> "C:\Users\User\AppData\Roaming\Juniper Networks\Host Checker\uninstall.exe"
Juniper Networks Secure Application Manager --> C:\Program Files\Juniper Networks\Secure Application Manager\UninstallSAM.exe
Juniper Networks Setup Client --> "C:\Users\User\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe"
Linkit_eBay --> MsiExec.exe /I{91B3BEC8-748B-4912-82ED-29D38E140B2A}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6261\uninstall.exe
McAfee VirusScan Enterprise --> MsiExec.exe /X{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=12
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
Move Networks Media Player for Internet Explorer --> C:\Users\User\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Odds Maker --> C:\Program Files\Odds Maker\uninstall.exe
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Penguins! --> "C:\Program Files\Gateway Games\Penguins!\Uninstall.exe"
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PictureProject In Touch Downloader 1.0 --> C:\Program Files\PictureProject In Touch Downloader\uninst.exe
Poker Tracker Version 2.16.03d --> "C:\Program Files\Poker Tracker V2\unins000.exe"
Polar Bowler --> "C:\Program Files\Gateway Games\Polar Bowler\Uninstall.exe"
Polar Golfer --> "C:\Program Files\Gateway Games\Polar Golfer\Uninstall.exe"
Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Primal 3D Anatomy - Moore and Dalley --> C:\Program Files\Primal 3D Anatomy\Primal 3D Anatomy - Moore and Dalley\uninst.exe
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK RTL8187 Wireless LAN Driver --> C:\Program Files\InstallShield Installation Information\{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SCRABBLE --> "C:\Program Files\Gateway Games\SCRABBLE\Uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{0E0479F8-180F-4054-B4F7-17EE657F90BF}\setup.exe -runfromtemp -l0x0409
Tradewinds --> "C:\Program Files\Gateway Games\Tradewinds\Uninstall.exe"
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}


-- Application Event Log -------------------------------------------------------

Event Record #/Type27400 / Success
Event Submitted/Written: 06/30/2008 05:42:10 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type27399 / Success
Event Submitted/Written: 06/30/2008 05:42:09 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type27397 / Success
Event Submitted/Written: 06/30/2008 05:41:57 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type27387 / Warning
Event Submitted/Written: 06/30/2008 02:58:04 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3279558924-335556314-1092122470-1000_Classes:
Process 916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3279558924-335556314-1092122470-1000_CLASSES

Event Record #/Type27386 / Warning
Event Submitted/Written: 06/30/2008 02:58:03 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3279558924-335556314-1092122470-1000:
Process 916 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3279558924-335556314-1092122470-1000



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type176063 / Warning
Event Submitted/Written: 07/01/2008 10:43:32 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%User-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %User-PC27 can't undo changes that you allow.

For more information please see the following:
%User-PC275

Scan ID: {F1CD30DF-E53D-4F53-BD6C-70A9E71F068D}

User: User-PC\User

Name: %User-PC271

ID: %User-PC272

Severity ID: %User-PC273

Category ID: %User-PC274

Path Found: %User-PC276

Alert Type: %User-PC278

Detection Type: 1.1.1505.02

Event Record #/Type176062 / Warning
Event Submitted/Written: 07/01/2008 10:43:32 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%User-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %User-PC27 can't undo changes that you allow.

For more information please see the following:
%User-PC275

Scan ID: {0A08F378-AAF7-4CD7-8BD0-02329E2CC079}

User: User-PC\User

Name: %User-PC271

ID: %User-PC272

Severity ID: %User-PC273

Category ID: %User-PC274

Path Found: %User-PC276

Alert Type: %User-PC278

Detection Type: 1.1.1505.02

Event Record #/Type176057 / Error
Event Submitted/Written: 07/01/2008 09:08:25 AM
Event ID/Source: 4321 / netbt
Event Description:
The name "USER-PC :20" could not be registered on the interface with IP address 172.25.192.82.
The computer with the IP address 172.16.5.10 did not allow the name to be claimed by
this computer.

Event Record #/Type176056 / Error
Event Submitted/Written: 07/01/2008 09:08:25 AM
Event ID/Source: 4321 / netbt
Event Description:
The name "USER-PC :0" could not be registered on the interface with IP address 172.25.192.82.
The computer with the IP address 172.16.5.10 did not allow the name to be claimed by
this computer.

Event Record #/Type176055 / Warning
Event Submitted/Written: 07/01/2008 09:08:25 AM
Event ID/Source: 3033 / mrxsmb
Event Description:
The redirector was unable to register the address for transport NetBT_Tcpip_{C479D844-734D-4225-9024 for the following reason: %%52. Transport has been taken offline.



-- End of Deckard's System Scanner: finished at 2008-07-01 10:46:40 ------------
  • 0

#4
dpape
Posted 01 July 2008 - 10:00 AM

dpape

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
And the Main txt from Deckards

Deckard's System Scanner v20071014.68
Run by User on 2008-07-01 10:39:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
17: 2008-06-26 07:05:20 UTC - RP337 - Windows Update
16: 2008-06-25 13:39:41 UTC - RP336 - Windows Update
15: 2008-06-24 01:48:24 UTC - RP335 - Scheduled Checkpoint
14: 2008-06-23 03:29:47 UTC - RP334 - Installed SUPERAntiSpyware Free Edition
13: 2008-06-23 03:23:00 UTC - RP333 - Before fixing yahoo


-- First Restore Point --
1: 2008-05-30 15:33:06 UTC - RP321 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:17 AM, on 7/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Users\User\Desktop\dss.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=MT6707
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=MT6707
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TB&M=MT6707
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Odds Maker - b3cab7b9-eb43-46a2-8e15-02cc298dec71 - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUplden-us.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://vpn.rockhurs...SetupClient.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IFA_Moore Service - Unknown owner - C:\Program Files\Common Files\Primal Pictures Shared\Service\IFA_Moore Service File.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 12272 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 IFA_Moore Service - "c:\program files\common files\primal pictures shared\service\ifa_moore service file.exe"


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-30 20:00:00 544 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - User.job


-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-06-22 23:50:16 0 d-------- C:\Program Files\Trend Micro
2008-06-22 23:03:22 0 d-------- C:\Program Files\Panda Security
2008-06-22 22:30:25 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-22 22:30:11 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-22 22:25:45 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-22 22:25:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 09:19:52 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-09 09:26:33 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-09 09:26:14 0 d-------- C:\Program Files\Windows Live
2008-06-09 09:25:25 0 d-------- C:\Users\All Users\WLInstaller
2008-06-02 16:12:33 0 d-------- C:\Program Files\iPod
2008-06-02 16:12:27 0 d-------- C:\Program Files\iTunes
2008-06-02 16:10:14 0 d-------- C:\Program Files\QuickTime
2008-06-02 15:41:49 0 d-------- C:\Program Files\Apple Software Update


-- Find3M Report ---------------------------------------------------------------

2008-06-30 04:53:39 0 d-------- C:\Program Files\Spyware Doctor
2008-06-23 19:35:37 0 d-------- C:\Users\User\AppData\Roaming\SiteAdvisor
2008-06-22 22:30:11 0 d-------- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2008-06-22 22:29:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-22 22:25:49 0 d-------- C:\Users\User\AppData\Roaming\Malwarebytes
2008-06-22 22:25:26 0 d-------- C:\Users\User\AppData\Roaming\Download Manager
2008-06-18 10:29:16 0 d-------- C:\Program Files\Google
2008-06-18 09:19:52 0 d-------- C:\Program Files\Common Files
2008-06-18 09:19:36 0 d-------- C:\Program Files\Common Files\Real
2008-06-17 17:13:28 0 d-------- C:\Users\User\AppData\Roaming\Juniper Networks
2008-06-16 10:17:53 0 d-------- C:\Users\User\AppData\Roaming\Move Networks
2008-06-11 22:40:00 0 d-------- C:\Program Files\Windows Mail
2008-05-24 11:43:36 0 d-------- C:\Program Files\SiteAdvisor
2008-05-13 16:52:30 0 d-------- C:\Program Files\Full Tilt Poker


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/15/2007 12:43 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [09/29/2006 03:39 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [12/11/2006 09:02 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [12/11/2006 09:03 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [12/11/2006 09:02 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/17/2006 12:58 AM]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [01/17/2007 01:34 AM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 08:50 AM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 01:39 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [03/30/2007 10:42 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/26/2008 12:42 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/18/2008 09:18 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 07:35 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 5:45:42 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [12/7/2007 6:12:50 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/10/2008 10:30:04 AM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [12/29/2007 1:44:48 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
c:\program files\Bigfix\bigfix.exe /atstartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af480594-1131-11dd-9306-00e0b8c52d33}]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dddefdf0-1435-11dc-b362-00e0b8c52d33}]
AutoRun\command- G:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7902 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-01 10:46:40 ------------
  • 0

#5
dpape
Posted 01 July 2008 - 11:22 AM

dpape

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Running the Kaspersky Scan now. Taking quite awhile. I will get it up as soon as I can
  • 0

#6
Mike
Posted 01 July 2008 - 12:24 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
It takes a long time, go out and have a drink and it should be done :)

No rush,

Mike
  • 0

#7
dpape
Posted 01 July 2008 - 01:16 PM

dpape

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I'm a little confused by the Kaspersky Scan....saying "object is locked" and it was "skipped". Here it is though

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 01, 2008 2:10:42 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/07/2008
Kaspersky Anti-Virus database records: 902137
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 129086
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:58:51

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Users\User\AppData\Local\Temp\WER-101525-0.sysdata.xml Object is locked skipped
C:\Deckard\System Scanner\backup\Users\User\AppData\Local\Temp\WER-217948-0.sysdata.xml Object is locked skipped
C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.ilg Object is locked skipped
C:\Program Files\McAfee\Common Framework\CmdAgent.exe Object is locked skipped
C:\ProgramData\McAfee\Common Framework\Db\Agent_USER-PC.log Object is locked skipped
C:\ProgramData\McAfee\Common Framework\Db\PrdMgr_USER-PC.log Object is locked skipped
C:\ProgramData\McAfee\DesktopProtection\AccessProtectionLog.txt Object is locked skipped
C:\ProgramData\McAfee\DesktopProtection\OnAccessScanLog.txt Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9cf35cd54af14bae7e8dd327f79d447e_8f398213-6d05-404b-b59f-31f3b5ad7b43 Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\3193176429.jpg.4676dc3b.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\7542W.jpg.46673ec4.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam1.jpg.4766afbb.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam11.jpg.4766b1c7.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam12.jpg.4766b1cd.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam13.jpg.4766b08e.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam14.jpg.4766b241.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam15.jpg.4766b0ba.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam16.jpg.4766b0be.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam17.jpg.4766b26a.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam18.jpg.4766b286.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam19.jpg.4766b11e.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam2.jpg.4766b29d.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam20.jpg.4766b124.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam21.jpg.4766b139.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam22.jpg.4766b13e.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam3.jpg.4766affd.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam4.jpg.4766b02c.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam5.jpg.4766b2ba.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam6.jpg.4766b030.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam7.jpg.4766b04b.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam8.jpg.4766b2d1.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Adam9.jpg.4766b2e3.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\bloodcells.jpg.468034db.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Brent1.jpg.4766b4d8.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Flower1.JPG.412a6cac.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Flower2.JPG.412a6cee.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Flower3.JPG.412a6d06.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Flower4.JPG.412a6d18.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Flower5.JPG.412a66d8.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Frog 5.jpg.4765b8f9.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Frog 6.jpg.4765b91c.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Frog 7.jpg.4765b950.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Frog1.jpg.4765b8b4.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Frog2.jpg.4765b8cc.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Frog3.jpg.4765b8d9.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Frog4.jpg.4765b8f5.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Frog8.jpg.4765b981.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Hypercalcemia.jpg.4670c1e4.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\isu4094_highlight.jpg.46e70a23.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Jim1.jpg.4766c233.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\KramerTurkey.jpg.47463604.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Kyle 1.jpg.47729abc.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\midsize_photo47530a2c61450607705695.jpg.4753bb0d.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\midsize_photo47530a2cafcb4528181299.jpg.4753bb12.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\midsize_photo475342030f835253388251.jpg.47549ad4.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\mitochondria.jpg.466737af.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\n165400997_30001990_2360.jpg.46f9c819.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\n165401511_30254567_7283.jpg.46958619.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\n17201161_33866571_8845.jpg.47042bcf.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\n17208740_34176341_8336.jpg.4764d539.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\n57002568_31668972_4708.jpg.4731fe50.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Nature1.JPG.412a6d56.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Nature2.JPG.412a6d6a.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Nature3.JPG.412a6d7c.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Nature4.JPG.412a6d90.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Nature5.JPG.412a6792.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\ncf_u_osborne_200.jpg.4718e694.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\nebraska.jpg.4714d709.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\plyo pic.jpg.4666cac0.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Saddam-statue.jpg.4713d1be.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Travel1.JPG.406d8fda.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Travel2.JPG.412a67ca.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Travel3.JPG.412a6808.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Travel4.JPG.412a6820.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\dscrp\Travel5.JPG.412a6838.mpd Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\3193176429.jpg.4676dc3b.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\7542W.jpg.46673ec4.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam1.jpg.4766afbb.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam11.jpg.4766b1c7.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam12.jpg.4766b1cd.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam13.jpg.4766b08e.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam14.jpg.4766b241.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam15.jpg.4766b0ba.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam16.jpg.4766b0be.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam17.jpg.4766b26a.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam18.jpg.4766b286.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam19.jpg.4766b11e.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam2.jpg.4766b29d.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam20.jpg.4766b124.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam21.jpg.4766b139.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam22.jpg.4766b13e.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam3.jpg.4766affd.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam4.jpg.4766b02c.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam5.jpg.4766b2ba.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam6.jpg.4766b030.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam7.jpg.4766b04b.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam8.jpg.4766b2d1.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Adam9.jpg.4766b2e3.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\bloodcells.jpg.468034db.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Brent1.jpg.4766b4d8.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Flower1.JPG.412a6cac.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Flower2.JPG.412a6cee.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Flower3.JPG.412a6d06.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Flower4.JPG.412a6d18.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Flower5.JPG.412a66d8.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Frog 5.jpg.4765b8f9.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Frog 6.jpg.4765b91c.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Frog 7.jpg.4765b950.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Frog1.jpg.4765b8b4.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Frog2.jpg.4765b8cc.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Frog3.jpg.4765b8d9.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Frog4.jpg.4765b8f5.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Frog8.jpg.4765b981.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Hypercalcemia.jpg.4670c1e4.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\isu4094_highlight.jpg.46e70a23.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Jim1.jpg.4766c233.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\KramerTurkey.jpg.47463604.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Kyle 1.jpg.47729abc.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\midsize_photo47530a2c61450607705695.jpg.4753bb0d.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\midsize_photo47530a2cafcb4528181299.jpg.4753bb12.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\midsize_photo475342030f835253388251.jpg.47549ad4.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\mitochondria.jpg.466737af.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\n165400997_30001990_2360.jpg.46f9c819.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\n165401511_30254567_7283.jpg.46958619.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\n17201161_33866571_8845.jpg.47042bcf.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\n17208740_34176341_8336.jpg.4764d539.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\n57002568_31668972_4708.jpg.4731fe50.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Nature1.JPG.412a6d56.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Nature2.JPG.412a6d6a.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Nature3.JPG.412a6d7c.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Nature4.JPG.412a6d90.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Nature5.JPG.412a6792.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\ncf_u_osborne_200.jpg.4718e694.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\nebraska.jpg.4714d709.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\plyo pic.jpg.4666cac0.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Saddam-statue.jpg.4713d1be.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Travel1.JPG.406d8fda.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Travel2.JPG.412a67ca.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Travel3.JPG.412a6808.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Travel4.JPG.412a6820.jpg Object is locked skipped
C:\ProgramData\muvee Technologies\030625\preview\Travel5.JPG.412a6838.jpg Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008070120080702\index.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat{298485fe-019d-11dc-b762-00e0b8c52d33}.TM.blf Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat{298485fe-019d-11dc-b762-00e0b8c52d33}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat{298485fe-019d-11dc-b762-00e0b8c52d33}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows Defender\FileTracker\{5B5FA781-5151-40B8-A821-D86B498597AD} Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\dbc2e.ht1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\dbdam Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\dbdao Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\dbeam Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\dbeao Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\dbm Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\dbu2d.ht1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\dbvm.cf1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\dbvmh.ht1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\fii.cf1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\fiih.ht1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\hp Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\hpt2i.ht1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\rpm.cf1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\rpm1m.cf1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\rpm1mh.ht1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\rpmh.ht1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Users\User\AppData\Local\Google\Google Desktop\4a8f1229637a\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\nugltl5h.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\nugltl5h.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\nugltl5h.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\nugltl5h.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\User\AppData\Local\Temp\Low\~DF34AA.tmp Object is locked skipped
C:\Users\User\AppData\Local\Temp\Low\~DF6B72.tmp Object is locked skipped
C:\Users\User\AppData\Local\Temp\Low\~DF6B81.tmp Object is locked skipped
C:\Users\User\AppData\Local\Temp\NAILogs\UpdaterUI_USER-PC.log Object is locked skipped
C:\Users\User\AppData\Local\Temp\~DF390.tmp Object is locked skipped
C:\Users\User\AppData\Local\Temp\~DFF7ED.tmp Object is locked skipped
C:\Users\User\AppData\Roaming\microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\User\AppData\Roaming\microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\User\AppData\Roaming\CiscoCAA\event.log Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nugltl5h.default\cert8.db Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nugltl5h.default\fastdial\fastdial.sqlite Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nugltl5h.default\history.dat Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nugltl5h.default\key3.db Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nugltl5h.default\parent.lock Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nugltl5h.default\search.sqlite Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nugltl5h.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Users\User\NTUSER.DAT Object is locked skipped
C:\Users\User\ntuser.dat.LOG1 Object is locked skipped
C:\Users\User\ntuser.dat.LOG2 Object is locked skipped
C:\Users\User\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\User\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\User\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Installer\MSI7E43.tmp Object is locked skipped
C:\Windows\Installer\MSIFEE9.tmp Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\MSFWSVC.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Windows OneCare.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.
  • 0

#8
dpape
Posted 01 July 2008 - 01:25 PM

dpape

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
a drink sounds good...just got done with class...I think I'll take your advice. :)
  • 0

#9
Mike
Posted 01 July 2008 - 02:32 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Drinks are always nice :)

Nothing really to fix, could you tell me the website you are being redirected to?

Are you familiar with this --> IFA_Moore Service -- It apparently comes with Primal Pictures, I couldn't fnd anything definate as to wether it is good or bad, if you installed primal pictures it should be fine.

Your Java is outdated, Download the latest version of Java Runtime Environment (JRE) 6 Update 6

Then uninstall this old version
Java™ SE Runtime Environment 6

If you didn't install this yourself please uninstall it as well: Full Tilt Poker

Look through your programs and tell me any that you don't recognize.

You have both Norton Firewall and Windows Firewall enabled, you'll need to disable one.

Lastly, you can fix this line with Hijack This, Do a "System Scan Only" put a check next to this item:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Click on "Fix Checked" and exit the program.

Post back with the answers to my questions and a new Hijack This log please.
  • 0

#10
dpape
Posted 01 July 2008 - 04:21 PM

dpape

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I get redirected to http://www.google.co...e...ype&rdr=afe
when sending an email from yahoo or listening to yahoo music. I also get it once in a while when I click on an article from yahoo.com.
I thought it was getting better, but I just tried to send an email from my yahoo account and it just did it again.

1) I'm having difficulty downloading the Java update. I clicked on the site, went to Java Runtime Environment (JRE) 6 Update 6, hit download. It then asked for my platform and language. I put in Windows for platform. Should I do Windows 64?? (Sorry, I'm sure that is a dumb question). Then I checked the "online installation" and went to the "download selected with Sun Download Manager" Then, once I hit start download, it says "failed to create file destination." I tried to go to options and select a new directory, but couldn't. I'm confused. :)

2) I believe IFA Moore Service is something from one of my Anatomy text books. A cd perhaps with anatomy pictures, videos, etc. I can deleted it, I don't need it anymore.

3) I did install Full Tilt Poker...it should be there.

4) I used to run Norton, but the college I go to know made us use McAfee. I thought they uninstalled Norton, but I guess not. I didn't see it on the uninstall list, how should I go about getting rid of the firewall?

5) I deleted the O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) from my Hijack this log. My new Hijack log is below

6) What is O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll??
I don't recognize this and it looks similar to what I'm getting redirected to. I have a feeling this is the problem...what do you think?
The only other thing I don't recognize is the "site advisor service." I have a feeling this is part of McAfee, but not sure.

Thanks again for all the help. Sorry I'm a bit slow with all this...trying to learn.
  • 0

Advertisements

#11
dpape
Posted 01 July 2008 - 04:22 PM

dpape

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ooops, forgot my new Hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:56 PM, on 7/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=MT6707
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=MT6707
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TB&M=MT6707
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Odds Maker - b3cab7b9-eb43-46a2-8e15-02cc298dec71 - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUplden-us.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://vpn.rockhurs...SetupClient.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 12347 bytes
  • 0

#12
dpape
Posted 01 July 2008 - 04:49 PM

dpape

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ignore the problem with the JAVA download. I got it :)
  • 0

#13
dpape
Posted 01 July 2008 - 04:54 PM

dpape

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I just noticed it doesn't happen when I use Firefox....only IE. Only problem is yahoo music (which I like using) isn't supported by Firefox.
  • 0

#14
Mike
Posted 02 July 2008 - 02:18 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

For Norton go to this page here - download and run the Norton Removal Tool.

If you uninstall it please keep the windows firewall running as Mcafee seems to only be a AntiVirus solution.

Don't worry about that BHO it is legitimate. "Google.com Search related, found on Dell computers. Responsible for redirecting 404s to a Google/Dell placeholder web page". This gives you that Gateway/google error page rather than a normal one, but there is nothing wrong with it.

SiteAdvisor is part of McAfee, I use it myself :)

Well, I'm not seeing anything still, ad.yieldmanager doesn't necesarily need to come from an infection - it is a site that custom hosts block and this may be the reason your are being redirected.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Let's restore your hosts to default and see if that fixes the issue.

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Hows it going?
  • 0

#15
dpape
Posted 02 July 2008 - 10:50 AM

dpape

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hey,
Good news! The redirecting problem appears to be fixed :)
However...a slight problem. Now when I use Firefox some of the pages aren't loading correctly. For example, when I go to Geeks to Go and login, it puts the text in really large format and spreads everything out funny. Also, I can't login into my yahoo email from firefox. It says...

Yahoo email login error:
name: Type Error
messages: shortalias has no properties
line number: 638
file name: us.mg2.mail.yahoo.com/dc/launch.rand=dncllcs633ki

and then brings me to a site this site http://us.mg2.mail.y...leLoa...&log=1
and says "oops, cant load. You may want to check your firewall settings, etc..... :) :)

I'm guessing some setting on firefox got switched somewhere along the line.

Besides that, everything is running great. Norton is gone, I ran ATF cleaner, and restoring the hosts is what I think fixed it.

Any idea on the firefox thing?

Thanks again :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP