Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown spyware/adware [CLOSED]

Started by Dimmae , Jul 05 2005 03:09 PM

  • This topic is locked This topic is locked

#16
Excal
Posted 19 July 2005 - 08:19 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Open HiJack this and put a check next to the following item:

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

Click FIXED CHECKED


Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Media Gateway

Please remove the following folders using Windows Explorer (if present):

C:\Program Files\Media Gateway



Can you go to this folder:C:\Windows\Prefetch folder and clear all the files out of it. Please do not delete the folder, just the files in it.


Reboot


Can you please let me know who you have for a internet service provider.

THanks,

:tazz:

Excal

Edited by Excal, 19 July 2005 - 08:42 AM.

  • 0

Advertisements

#17
Dimmae
Posted 19 July 2005 - 01:10 PM

Dimmae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
:tazz: My ISP is verizon (formerly gte). Another curious thing about my browsers is that they won't automatically dial up any longer...I think the settings are all messed up, and I probably need to get a current version of the browsers anyway... I can double-click on IE or Netscape and it starts and just says that the page is not available or not accesible. I then have to go to Network Places and double-click my ISP profile to get the dial up screeen (yes, dial up...).

Anyway, I'll complete this stuff tonight. Thanks, Excal!!

Dimmae
  • 0

#18
Excal
Posted 19 July 2005 - 01:32 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
When you do the HiJackthis portion, check this off also please:

O17 - HKLM\System\CCS\Services\Tcpip\..\{D914E769-35D4-4FE0-BE77-36EEFB10E0C5}: NameServer = 198.6.100.140 198.6.1.140


Thanks,

:tazz:

Excal
  • 0

#19
Dimmae
Posted 20 July 2005 - 12:23 AM

Dimmae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
:tazz: PC is still not quite right, but getting better.

Ran HJT and fixed Media Gateway as well as the other item in your last note: O17 - HKLM\System\CCS\Services\Tcpip\...
Removed Media Gateway in the Add/Remove Programs function
Deleted Media Gateway folder
Cleaned out the Windows\Prefetch folder
Rebooted
Ran HJT - here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:15:40 PM, on 7/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\desktop\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www.yahoo.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zjx0h2km.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zjx0h2km.slt\prefs.js)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MusicMatch\MusicMatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0DC0D258-FC70-456F-8F79-83D7DC20F0AC} (MPChWrapper.Util) - http://instantsuppor...MPChWrapper.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.subs...ve/makeover.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117517844765
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon....3.1/ttinst.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O20 - AppInit_DLLs:
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\desktop\ewido\security suite\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

Thanks so much!!
Dimmae
  • 0

#20
Excal
Posted 20 July 2005 - 12:27 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Dimmae,

Everythig looks good. What sort of problems are you having?

How many AntiVirus programs do you have running?

:tazz:

Excal
  • 0

#21
Dimmae
Posted 20 July 2005 - 04:40 PM

Dimmae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
:tazz: I think I only have one antivirus program -- but I'll check on that. I have McAfee (it's probably way out of date), and I'm almost positive that I haven't added any others. I know I'm not supposed to have more than one at a time... Did you see any others in the HJT log?

I have LOTS of antispyware - Spybot, AdAware, Microsoft Antispyware Beta, NoAdware, Spyware Blaster, Spywareguard... Probably should get rid of a couple.

So...my PC still hangs up...usually when it is left alone -- kind of like when the CPU usage is down, something fills up it's capacity. It does OK (at least for a short while) if I keep it busy. It's particularly noticeable when I'm logged onto the internet - last night it actually hung up and would not respond, so I had to literally flip the power off. If it is NOT on the internet and is just left sitting, it will take a long time to respond (kind of like it's busy doing something else), and I usually end up turning it off and rebooting. When it hangs up, it usually leaves some menus half on the screen and then stops responding altogether.

Is there anything else I should do tonight or is it supposedly clean? I'm sure I need to go and update my antivirus, install the service pack 2, maybe a bunch of other MS updates, and maybe download new browser versions...but I'll wait for you to advise me. If I don't hear from you, I intend to run Spybot and AdAware and just generally see how it is working. Then I will run another HJT log and post it -- unless you tell me differently.

Thanks,
Dimmae
  • 0

#22
Excal
Posted 20 July 2005 - 05:51 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts

s there anything else I should do tonight or is it supposedly clean? I'm sure I need to go and update my antivirus, install the service pack 2, maybe a bunch of other MS updates, and maybe download new browser versions...but I'll wait for you to advise me. If I don't hear from you, I intend to run Spybot and AdAware and just generally see how it is working. Then I will run another HJT log and post it -- unless you tell me differently.


Go ahead and do that, cause everything I can see is clean. We will take it from there,

:tazz:

Excal
  • 0

#23
Dimmae
Posted 21 July 2005 - 12:44 AM

Dimmae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
:tazz: OK, Excal... Things are still not right. Better, but not right. The PC doesn't want to log off the internet - had to turn it off the power again tonight to get it to let go. Just a minute ago I was posting a reply and suddenly it says "the system is shutting down"...and it did. Gives me a timer for something like 60 seconds and then shuts down and restarts. It's done this before.

I looked for Virus files, but didn't see any other than McAfee. Is there a way I can tell for sure?

Ran AdAware - it found a bunch of stuff:
MRU List
Hijacker.TopConverting
Windupdates
Zango
VX2
Tracking Cookie
I fixed them all and saved a log to my desktop(long) - can send it to you if you want.

Then ran Spybot - it also found several things:
MediaPlex
Advertising.com
Avenue A, Inc
DoubleClick
HitBox
Funny -- I have Spybot set to Immunize, but these things keep popping up. I also saved a log of this one to my desktop and can send it to you if you want.

Lastly, I ran HJT. Here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 11:31:18 PM, on 7/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\desktop\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
C:\HijackThis\HijackThis.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www.yahoo.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zjx0h2km.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zjx0h2km.slt\prefs.js)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MusicMatch\MusicMatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0DC0D258-FC70-456F-8F79-83D7DC20F0AC} (MPChWrapper.Util) - http://instantsuppor...MPChWrapper.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.subs...ve/makeover.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117517844765
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon....3.1/ttinst.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O20 - AppInit_DLLs:
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\desktop\ewido\security suite\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

Help Me, Excal!!
Dimmae
  • 0

#24
Excal
Posted 21 July 2005 - 12:48 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Dimmae,


Its ok we will beat this thing ;)

Go ahead and post that log here. If for some reason it doesn't allow u 2, click on my name and there is an option for email.

I got to get some sleep, but I will be back tommorrow and I will work something up for you.


Thanks,

:tazz:

Excal
  • 0

#25
Excal
Posted 21 July 2005 - 08:26 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Open notepad and copy and paste next bold in it:

regedit /e look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows"
start notepad look.txt

Save this as look.bat , choose to save as *all files and place it on your desktop.
This is how the batch must look after you created it: Posted Image
Doubleclick look.bat and notepad will open with some txt in it. Copy and paste this in your next reply.
  • 0

Advertisements

#26
Dimmae
Posted 24 July 2005 - 10:43 PM

Dimmae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
PC is still running weird - locking up frequently....
Ran the look.bat batch file. Here is the results:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

Here is the Spybot log from the other day (before I fixed the files):
MediaPlex: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Mozilla: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Mozilla: default) (Cookie, nothing done)


HitBox: Tracking cookie (Mozilla: default) (Cookie, nothing done)


HitBox: Tracking cookie (Mozilla: default) (Cookie, nothing done)


HitBox: Tracking cookie (Mozilla: default) (Cookie, nothing done)


HitBox: Tracking cookie (Mozilla: default) (Cookie, nothing done)


HitBox: Tracking cookie (Mozilla: default) (Cookie, nothing done)


HitBox: Tracking cookie (Mozilla: default) (Cookie, nothing done)

Here is the AdAware log also from the other day (7/20):
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, July 20, 2005 10:45:19 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R51 21.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hijacker.TopConverting(TAC index:5):2 total references
MRU List(TAC index:0):12 total references
Tracking Cookie(TAC index:3):1 total references
WindUpdates(TAC index:8):24 total references
VX2(TAC index:10):4 total references
Zango(TAC index:6):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R51 21.06.2005
Internal build : 59
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 483435 Bytes
Total size : 1461660 Bytes
Signature data size : 1429955 Bytes
Reference data size : 31193 Bytes
Signatures total : 40756
Fingerprints total : 906
Fingerprints size : 31253 Bytes
Target categories : 15
Target families : 694


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:60 %
Total physical memory:523808 kb
Available physical memory:312448 kb
Total page file size:1277612 kb
Available on page file:1116932 kb
Total virtual memory:2097024 kb
Available virtual memory:2047212 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-20-2005 10:45:19 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-3825228898-315636210-488748980-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-3825228898-315636210-488748980-1003\software\microsoft\office\8.0\excel\recent file list
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-3825228898-315636210-488748980-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-3825228898-315636210-488748980-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-3825228898-315636210-488748980-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-3825228898-315636210-488748980-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-3825228898-315636210-488748980-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-3825228898-315636210-488748980-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 360
ThreadCreationTime : 7-21-2005 5:42:57 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 416
ThreadCreationTime : 7-21-2005 5:42:59 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\System32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 440
ThreadCreationTime : 7-21-2005 5:42:59 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 484
ThreadCreationTime : 7-21-2005 5:42:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 496
ThreadCreationTime : 7-21-2005 5:42:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 660
ThreadCreationTime : 7-21-2005 5:43:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 684
ThreadCreationTime : 7-21-2005 5:43:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 828
ThreadCreationTime : 7-21-2005 5:43:02 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 868
ThreadCreationTime : 7-21-2005 5:43:02 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1052
ThreadCreationTime : 7-21-2005 5:43:04 AM
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1140
ThreadCreationTime : 7-21-2005 5:43:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [packethsvc.exe]
ModuleName : C:\WINDOWS\System32\PackethSvc.exe
Command Line : C:\WINDOWS\System32\PackethSvc.exe
ProcessID : 1244
ThreadCreationTime : 7-21-2005 5:43:05 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 6
ProductVersion : 6, 0, 0, 6
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Virtual Adapter Service
InternalName : Virtual Adapter Service
LegalCopyright : Copyright © America Online, Inc. 1999 - 2001
OriginalFilename : PackethSvc.exe

#:13 [avsynmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\avsynmgr.exe"
ProcessID : 1260
ThreadCreationTime : 7-21-2005 5:43:05 AM
BasePriority : Normal


#:14 [ewidoctrl.exe]
ModuleName : C:\desktop\ewido\security suite\ewidoctrl.exe
Command Line : "C:\desktop\ewido\security suite\ewidoctrl.exe"
ProcessID : 1284
ThreadCreationTime : 7-21-2005 5:43:05 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:15 [netmdsb.exe]
ModuleName : C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
Command Line : "C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe"
ProcessID : 1324
ThreadCreationTime : 7-21-2005 5:43:05 AM
BasePriority : Normal
FileVersion : 2.0.01.13180
ProductVersion : 2.0.01.13180
ProductName : MD Simple Burner
CompanyName : Sony Corporation
FileDescription : MD Simple Burner
InternalName : MD Simple Burner
LegalCopyright : Copyright 2001, 2002, 2003 Sony Corporation
OriginalFilename : NetMDSB.exe
Comments : MD Simple Burner

#:16 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1356
ThreadCreationTime : 7-21-2005 5:43:06 AM
BasePriority : Normal
FileVersion : 6.14.10.4403
ProductVersion : 6.14.10.4403
ProductName : NVIDIA Driver Helper Service, Version 44.03
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 44.03
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:17 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1416
ThreadCreationTime : 7-21-2005 5:43:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1444
ThreadCreationTime : 7-21-2005 5:43:06 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:19 [vsstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\VsStat.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\VsStat.exe"
ProcessID : 1612
ThreadCreationTime : 7-21-2005 5:43:08 AM
BasePriority : Normal


#:20 [vshwin32.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Vshwin32.exe"
ProcessID : 1640
ThreadCreationTime : 7-21-2005 5:43:09 AM
BasePriority : Normal


#:21 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 1796
ThreadCreationTime : 7-21-2005 5:43:10 AM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe

#:22 [sgtray.exe]
ModuleName : C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
Command Line : "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
ProcessID : 2020
ThreadCreationTime : 7-21-2005 5:43:12 AM
BasePriority : Normal
FileVersion : 1.01.02a
CompanyName : VERITAS Software, Inc.
FileDescription : VERITAS Update Manager
LegalCopyright : Copyright © 2000-2002 VERITAS Software, Inc.

#:23 [kbd.exe]
ModuleName : C:\HP\KBD\KBD.EXE
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 132
ThreadCreationTime : 7-21-2005 5:43:25 AM
BasePriority : High


#:24 [avconsol.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Avconsol.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Avconsol.exe"
ProcessID : 168
ThreadCreationTime : 7-21-2005 5:43:25 AM
BasePriority : Normal


#:25 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 180
ThreadCreationTime : 7-21-2005 5:43:25 AM
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:26 [sm1bg.exe]
ModuleName : C:\WINDOWS\SM1BG.EXE
Command Line : "C:\WINDOWS\SM1BG.EXE"
ProcessID : 200
ThreadCreationTime : 7-21-2005 5:43:26 AM
BasePriority : Normal
FileVersion : 6.01.1000.0
ProductVersion : 6.01.1000.0
ProductName : Cypress USB Mass Storage Adapter
CompanyName : Cypress Semiconductor
FileDescription : Cypress USB Mass Storage Driver Background Application
InternalName : SM1BG.EXE
LegalCopyright : Copyright © 1998-2003 Cypress Semiconductor
OriginalFilename : SM1BG.EXE

#:27 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\RUNDLL32.EXE
Command Line : "C:\WINDOWS\System32\RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
ProcessID : 280
ThreadCreationTime : 7-21-2005 5:43:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:28 [mcshield.exe]
ModuleName : C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
Command Line : "C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe"
ProcessID : 292
ThreadCreationTime : 7-21-2005 5:43:33 AM
BasePriority : High


#:29 [sgmain.exe]
ModuleName : C:\Program Files\SpywareGuard\sgmain.exe
Command Line : "C:\Program Files\SpywareGuard\sgmain.exe"
ProcessID : 332
ThreadCreationTime : 7-21-2005 5:43:37 AM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SpywareGuard
FileDescription : SpywareGuard
InternalName : sgmain
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC
OriginalFilename : sgmain.exe
Comments : SpywareGuard

#:30 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 912
ThreadCreationTime : 7-21-2005 5:43:46 AM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:31 [sgbhp.exe]
ModuleName : C:\Program Files\SpywareGuard\sgbhp.exe
Command Line : "C:\Program Files\SpywareGuard\sgbhp.exe"
ProcessID : 1068
ThreadCreationTime : 7-21-2005 5:43:49 AM
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SG Browser Hijacking Protection
FileDescription : SG Browser Hijacking Protection
InternalName : sgbhp
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC.
OriginalFilename : sgbhp.exe
Comments : SG Browser Hijacking Protection

#:32 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[2ac]SUSDS24b57aa8a2033845ada464d69f43890b
ProcessID : 1280
ThreadCreationTime : 7-21-2005 5:43:54 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:33 [mim.exe]
ModuleName : C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
Command Line : "C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe" -Embedding
ProcessID : 948
ThreadCreationTime : 7-21-2005 5:44:06 AM
BasePriority : Normal
FileVersion : 10.00.1025
ProductVersion : 10.00.1025
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mim
InternalName : mim
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mim.exe

#:34 [mmdiag.exe]
ModuleName : C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
Command Line : MMDiag.exe
ProcessID : 1700
ThreadCreationTime : 7-21-2005 5:44:09 AM
BasePriority : Normal
FileVersion : 10.00.1025
ProductVersion : 10.00.1025
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE

#:35 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2296
ThreadCreationTime : 7-21-2005 5:44:53 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9}

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}
Value :

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value :

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}
Value : AppID

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}
Value :

Zango Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}

Zango Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}
Value :

Zango Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}

Zango Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}
Value :

Zango Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\aurora
Value : AUI3d5OfSDist

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\aurora
Value : AUI3d5OfSDist

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adservice

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adservice
Value : param

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adservice
Value : track

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adservice
Value : LastUpdate

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adservice
Value : Updating

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adservice
Value : DownloadPath

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adservice
Value : Language

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adservice
Value : SoftwareTable

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windows adservice
Value : Request

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows adservice

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows adservice
Value : UninstallString

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows adservice
Value : DisplayName

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 31
Objects found so far: 43


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@xxxtoolbar[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\LocalService\Cookies\system@xxxtoolbar[2].txt

WindUpdates Object Recognized!
Type : File
Data : D4F2C4D1-D8D9-4DCC-8105-EBD7DC
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\84F2995A-6195-4CE1-AE5D-B49B13\



WindUpdates Object Recognized!
Type : File
Data : A0021940.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP252\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 46


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 46




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



Zango Object Recognized!
Type : File
Data : clientax.inf
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 49

11:02:32 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:12.453
Objects scanned:147398
Objects identified:37
Objects ignored:0
New critical objects:37


Thanks,
Dimmae :tazz:
  • 0

#27
Dimmae
Posted 24 July 2005 - 10:49 PM

Dimmae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
...also for what it's worth, here is a HJT log from tonite:

Logfile of HijackThis v1.99.1
Scan saved at 9:31:32 PM, on 7/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\desktop\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\WINDOWS\System32\notepad.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www.yahoo.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zjx0h2km.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zjx0h2km.slt\prefs.js)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MusicMatch\MusicMatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0DC0D258-FC70-456F-8F79-83D7DC20F0AC} (MPChWrapper.Util) - http://instantsuppor...MPChWrapper.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.subs...ve/makeover.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117517844765
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon....3.1/ttinst.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O20 - AppInit_DLLs:
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\desktop\ewido\security suite\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

Thanks,
Dimmae
  • 0

#28
Excal
Posted 25 July 2005 - 09:09 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg (make sure that Save as Type is set at "All Files") on your Desktop. Ensure there is no space at above REGEDIT 4.


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""



Locate fixme.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully".


Reboot and let me know.


Thanks,

:tazz:

Excal
  • 0

#29
Dimmae
Posted 25 July 2005 - 11:47 PM

Dimmae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
:tazz: Hmmm. That seemed to do something. The PC is not refusing to log off the internet now. I ran Spybot and it found a few things - here is the log:
MediaPlex: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Mozilla: default) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Mozilla: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Mozilla: default) (Cookie, nothing done)


FastClick: Tracking cookie (Mozilla: default) (Cookie, nothing done)


FastClick: Tracking cookie (Mozilla: default) (Cookie, nothing done)


FastClick: Tracking cookie (Mozilla: default) (Cookie, nothing done)


FastClick: Tracking cookie (Mozilla: default) (Cookie, nothing done)


FastClick: Tracking cookie (Mozilla: default) (Cookie, nothing done)


FastClick: Tracking cookie (Mozilla: default) (Cookie, nothing done)


FastClick: Tracking cookie (Mozilla: default) (Cookie, nothing done)



--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-04-27 Includes\Dialer.sbi
2005-05-12 Includes\Hijackers.sbi
2005-04-15 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-05-11 Includes\Malware.sbi
2003-03-16 Includes\plugin-ignore.ini
2005-05-11 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-05-11 Includes\Spybots.sbi
2003-03-16 Includes\Temporary.sbi
2005-02-16 Includes\Tracks.uti
2005-05-11 Includes\Trojans.sbi

Also ran AdAware - it only found 8 "non-threats" or something like that - tracking cookies and stuff. I deleted them anyway.

Ran HJT - here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 10:45:22 PM, on 7/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\desktop\ewido\security suite\ewidoctrl.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zjx0h2km.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\zjx0h2km.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MusicMatch\MusicMatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0DC0D258-FC70-456F-8F79-83D7DC20F0AC} (MPChWrapper.Util) - http://instantsuppor...MPChWrapper.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.subs...ve/makeover.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117517844765
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon....3.1/ttinst.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D914E769-35D4-4FE0-BE77-36EEFB10E0C5}: NameServer = 198.6.100.140 198.6.1.140
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\desktop\ewido\security suite\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

Still not sure what is the best way to get my browsers to dial up and disconnect without me doing it through Network Connections. I plan to try to log on using IE and see if the bugs stay away...do you recommend that?

Thanks,
Dimmae
  • 0

#30
Excal
Posted 26 July 2005 - 08:44 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Run this online virus scan: ActiveScan - Save the results from the scan!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP