Logfile of HijackThis v1.99.1
Scan saved at 9:14:56 PM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\gearsec.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\ctfmon.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\drwtsn32.exe
C:\windows\system32\drwtsn32.exe
C:\windows\system32\taskmgr.exe
C:\windows\explorer.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141962591593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142570135828
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...90d11e55ab221c8
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Full Version: Hijackthis Log
Welcome to the BleepingComputer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.
I will have more instructions for you soon. This requires your attention: you may be using more than one firewall and more than one antivirus program.
Two firewalls?
The following HijackThis entries indicate that you may be using more than one firewall, ZoneAlarm and the CA Internet Security Suite which may contain a firewall.
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
Running multiple software firewalls is unnecessary for typical home computers, home networking, and small-business networking scenarios. Using two firewalls on the same connection could cause issues with connectivity to the Internet or other unexpected behavior. One firewall, whether it is the Windows XP Internet Connection Firewall or a different software firewall, can provide substantial protection for your computer. Microsoft specifically says not to use more than one firewall, because it can result in some programs not working correctly. There's even a Help and Support Center topic in XP SP2 called Why you should only use one firewall. In any event, having two firewalls running simultaneously is most certainly an unnecessary drain on system resources. I strongly suggest that you go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one firewall.
Two antivirus programs?
The entries below indicate that you may have two antivirus programs, Trend Micro Internet Security Suite which may contain an antivirus program and the CA Internet Security Suite\CA Anti-Virus, on your computer.
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
tmas.exe is a process belonging to which protects your computer against Internet-bound threats such as spyware and trojans which can be distributed through e-mail or attack directly to the computer allowing unauthorized access to your computer.
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
When you have more than one antivirus running at the same time, they conflict with each other rendering the computer vulnerable or unusable. It may even cause crashes. Please review this information:
Should you run more than one antivirus program at the same time?
Microsoft recommends that you have only one anti-virus program installed on your computer.
There are basically two types of antivirus programs:
On-Access and On-Demand
On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.
On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine
Antivirus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two antivirus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I notice that you are using more than one antivirus program. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. Running two antivirus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts. I strongly suggest you either (1) configure only one antivirus program to enable automatic realtime scanning and leave the rest disabled most of the time, or (2) go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one antivirus program.
Two firewalls?
The following HijackThis entries indicate that you may be using more than one firewall, ZoneAlarm and the CA Internet Security Suite which may contain a firewall.
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
Running multiple software firewalls is unnecessary for typical home computers, home networking, and small-business networking scenarios. Using two firewalls on the same connection could cause issues with connectivity to the Internet or other unexpected behavior. One firewall, whether it is the Windows XP Internet Connection Firewall or a different software firewall, can provide substantial protection for your computer. Microsoft specifically says not to use more than one firewall, because it can result in some programs not working correctly. There's even a Help and Support Center topic in XP SP2 called Why you should only use one firewall. In any event, having two firewalls running simultaneously is most certainly an unnecessary drain on system resources. I strongly suggest that you go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one firewall.
Two antivirus programs?
The entries below indicate that you may have two antivirus programs, Trend Micro Internet Security Suite which may contain an antivirus program and the CA Internet Security Suite\CA Anti-Virus, on your computer.
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
tmas.exe is a process belonging to which protects your computer against Internet-bound threats such as spyware and trojans which can be distributed through e-mail or attack directly to the computer allowing unauthorized access to your computer.
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
When you have more than one antivirus running at the same time, they conflict with each other rendering the computer vulnerable or unusable. It may even cause crashes. Please review this information:
Should you run more than one antivirus program at the same time?
Microsoft recommends that you have only one anti-virus program installed on your computer.
There are basically two types of antivirus programs:
On-Access and On-Demand
On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.
On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine
Antivirus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two antivirus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I notice that you are using more than one antivirus program. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. Running two antivirus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts. I strongly suggest you either (1) configure only one antivirus program to enable automatic realtime scanning and leave the rest disabled most of the time, or (2) go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one antivirus program.
Your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..
- Close any programs you may have running, ESPECIALLY your web browser
- Click Start > Control Panel.
- Click Add/Remove Programs.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove all versions of Java.
- Reboot your computer after all Java components are removed.
- Download the latest Java Runtime Environment
- Scroll down to where it says The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
- Click the Download button to the right.
- Check the box that says: Accept License Agreement.
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- On your desktop, double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.
You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
Step 1
Please download Ad-Aware SE.
Using Ad-Aware To Remove Spyware From Your Computer. Please check this link for instructions on how to download, install and use Ad-Aware. Run this program as soon as possible.
Step 2
To help prevent further infection, please download SpywareBlaster.
SpywareBlaster helps to:
Please download a-squared Free 2.1.
Step 4
ewido anti-spyware 4.0 guard has been replaced by AVG Anti-Spyware . Please uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs).
ewido anti-spyware 4.0
Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode.
Please download and install AVG Anti-Spyware (formerly Ewido).
In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
Step 6
Please download the ATF-Cleaner.
ATF-Cleaner features include:
Step 7
We need to disable the AVG Anti-Spyware Guard Realtime Monitor as it may interfere with the fixes that we need to make.
Please disable Spybot-Search and Destroy TeaTimer, as it will prevent HijackThis from fixing the infection. You can enable it after you're clean. To disable Spybot- S & D TeaTimer:
We need to disable Windows Defender's realtime protection as it may interfere with the fixes that we need to make.
Step 10
Now we will address the HijackThis fixes.
Please run HijackThis and click Scan. Place checks next to the following entries (make sure not to miss any):
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...90d11e55ab221c8
These are optional fixes. These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries.
hpsysdrv or hpsysdrv.exe process can be removed to free up resources without compromising system performance. hpsysdrv.exe is a utility from HP which monitors how many recoveries have been made in Microsoft Office suite. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
sgtray or sgtray.exe process can be removed to free up resources without compromising system performance. sgtray.exe is a utility from VERITAS Software Corporation which installs itself on the system tray bar, and serves to remind you to backup your files. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
motivesb.exe process can be removed to free up resources without compromising system performance. motivesb.exe is a process by AT&T which allows a user to submit files to the Internet for support. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
ISUSPM Startup ISUSPM.exe ( InstallShield Update Service Scheduler) process can be removed to free up resources without compromising system performance. It automatically searches for and performs any updates to the software so you’re always working with the most current version. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
issch.exe ISUSScheduler ( InstallShield Update Service Scheduler) process can be removed to free up resources without compromising system performance. It automatically searches for and performs any updates to the software so you’re always working with the most current version. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
WkUFind.exe (MS Works Update Detection) process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
FirstStart.exe (om_monitor - Olympus_Imaging America Inc.) process can be removed to free up resources without compromising system performance. FirstStart.exe (om_monitor - Olympus_Imaging America Inc.) is related to OLYMPUS Master combines an easy-to-use interface with the latest digital imaging tools. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
You have RealPlayer running at Startup. This is RealPlayer's autoupdate program and is not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in RealPlayer itself to keep it from resetting itself.. This is the item to fix in HijackThis:
O4 ‑ HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" ‑osboot
yop.exe (Dashboard Module for SBC Yahoo! Online_Protection) process can be removed to free up resources without compromising system performance. yop.exe is a process belonging to SBC Yahoo! Online Protection. It is a security suite that helps you make sure your system is completely protected. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
NMBgMonitor.exe (Nero_Home) process can be removed to free up resources without compromising system performance. NMBgMonitor.exe (Nero_Home) is rRelated to Nero_Home. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
mssysmgr.exe (PhotoShow Deluxe Media Manager) is a process associated with PhotoShow Deluxe. The process is the executable for the media manager within PhotoShow Deluxe. This is a non-essential process. Disabling or enabling it is down to user preference. This process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe
You have reader_sl.exe running at Startup. This is a process associated with the Adobe Reader. It is used to decrease the load time for the reader when a PDF document is selected. This is a non-essential process. You will still be able to start it manually if you need it. You can fix this with HijackThis. This is the item to fix in HijackThis:
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
osa.exe or Osa9.exe launches common MS Office components to help speed up the launch of Office programs. Some users claim there's no difference with or without it (Osa9.exe is the Office 2000 variant). This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 ‑ Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.
Step 11
Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.
Step 12
Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.
Please post the logs from AVG Anti-Spyware, a-squared Free, and the list of filenames and locations of any files that can’t be cleaned / deleted that were reported after you completed the online scans.
Please advise me of any problems you still have.
Step 1
Please download Ad-Aware SE.
Using Ad-Aware To Remove Spyware From Your Computer. Please check this link for instructions on how to download, install and use Ad-Aware. Run this program as soon as possible.
Step 2
To help prevent further infection, please download SpywareBlaster.
SpywareBlaster helps to:
- Prevent the installation of Active X-based spyware, Ad-Aware, browser hijackers, dialers, and other potentially unwanted software.
- Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
- Restrict the actions of potentially unwanted sites in Internet Explorer.
Please download a-squared Free 2.1.
- Follow all the instructions given by the installer.
- Once installed, the a-squared Updater will automatically start. Downloading updates will take some time.
- Please go to Start > Programs > a-squared Free and click a-squared StartCenter.
- Click Scan your computer for malware infections.
- Make sure all three setting options are checked. Click Scan selected folders. The scan will start.
- Click Save HTML-Report. Save the report to somewhere convenient for you to remember the location such as your desktop.
- If malware is found, click the button Remove Selected Malware.
- Please post the log from a-squared Free 2.1 in your next reply.
Step 4
ewido anti-spyware 4.0 guard has been replaced by AVG Anti-Spyware . Please uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs).
ewido anti-spyware 4.0
Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode.
Please download and install AVG Anti-Spyware (formerly Ewido).
- Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update successful message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
- If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates . - Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
- Close ALL open Windows / Programs / Folders. Reboot to safe mode. (without networking support !) If you don’t know how to boot in safe mode, here is a tutorial, How To Start Windows in Safe Mode.
- Please start AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All boxes should be checked.
- Under Possibly unwanted software:
- All boxes should be checked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Under How to act?
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
- Reboot in Normal Mode.
In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
- Detects and removes malware ( viruses, worms, trojans, etc. )
- Detects and removes grayware and spyware
- Restores damage caused by malware to your system.
- Notifies about vulnerabilities in installed programs and connected network services.
- Multi-platform support for: Windows, Linux, Solaris.
- Easy-to-use with the following browsers: Microsoft Internet Explorer, Mozilla Firefox
Step 6
Please download the ATF-Cleaner.
ATF-Cleaner features include:
- Cleaning of all user temp folders, administrator only can use this feature.
- Cleaning of the Java cache, which seems to be harboring more and more malware.
- Cleaning the cache, cookies, history, download history, visited links and saved passwords. (You have the option of checking no if you want to save your passwords)
- For Firefox or Opera
- Click Firefox or Opera at the top and choose: Select All.
- Click the Empty Selected button.
- NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
- If needed, Tutorial on ATF Cleaner with pictures
Step 7
We need to disable the AVG Anti-Spyware Guard Realtime Monitor as it may interfere with the fixes that we need to make.
- Open AVG Anti-Spyware by double-clicking the AVG Anti-Spyware icon in the system tray.
- In the Your security status section, toggle the AVG Anti-Spyware Guard realtime protection off by clicking active which will then change the protection status to inactive .
- When you reboot, AVG Anti-Spyware will prompt you to Restart the guard?.
- Reply no and set it to inactive for the duration of your cleanup.
Please disable Spybot-Search and Destroy TeaTimer, as it will prevent HijackThis from fixing the infection. You can enable it after you're clean. To disable Spybot- S & D TeaTimer:
- Open Spybot – S & D
- Click on Mode and check Advanced Mode
- Check yes to next window.
- Click on Tools in bottom left hand corner.
- Click on System Startup icon.
- Uncheck Teatimer box.
- Click Allow Change box.
- If needed, How To Disable Spybot S&D TeaTimer.
We need to disable Windows Defender's realtime protection as it may interfere with the fixes that we need to make.
- Open Windows Defender
- Click on Tools
- Click on General Settings
- Scroll down to Real-time protection options
- Uncheck Turn on Real-time protection (recommended)
- Click Save
- Exit the program.
Step 10
Now we will address the HijackThis fixes.
Please run HijackThis and click Scan. Place checks next to the following entries (make sure not to miss any):
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...90d11e55ab221c8
These are optional fixes. These programs are not required to start automatically as you can start them manually if you need them. It is advised that you disable these programs so that they do not take up necessary resources. Many users have reported these processes slow their boot time. Please run HijackThis and click Scan. Place checks next to the following entries.
hpsysdrv or hpsysdrv.exe process can be removed to free up resources without compromising system performance. hpsysdrv.exe is a utility from HP which monitors how many recoveries have been made in Microsoft Office suite. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
sgtray or sgtray.exe process can be removed to free up resources without compromising system performance. sgtray.exe is a utility from VERITAS Software Corporation which installs itself on the system tray bar, and serves to remind you to backup your files. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
motivesb.exe process can be removed to free up resources without compromising system performance. motivesb.exe is a process by AT&T which allows a user to submit files to the Internet for support. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
ISUSPM Startup ISUSPM.exe ( InstallShield Update Service Scheduler) process can be removed to free up resources without compromising system performance. It automatically searches for and performs any updates to the software so you’re always working with the most current version. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
issch.exe ISUSScheduler ( InstallShield Update Service Scheduler) process can be removed to free up resources without compromising system performance. It automatically searches for and performs any updates to the software so you’re always working with the most current version. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
WkUFind.exe (MS Works Update Detection) process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
FirstStart.exe (om_monitor - Olympus_Imaging America Inc.) process can be removed to free up resources without compromising system performance. FirstStart.exe (om_monitor - Olympus_Imaging America Inc.) is related to OLYMPUS Master combines an easy-to-use interface with the latest digital imaging tools. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
You have RealPlayer running at Startup. This is RealPlayer's autoupdate program and is not necessary for the program to function properly. It is considered to be a resource hog. You will still be able to start it manually if you need it. You can fix this with HijackThis, but you will need to change the setting in RealPlayer itself to keep it from resetting itself.. This is the item to fix in HijackThis:
O4 ‑ HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" ‑osboot
yop.exe (Dashboard Module for SBC Yahoo! Online_Protection) process can be removed to free up resources without compromising system performance. yop.exe is a process belonging to SBC Yahoo! Online Protection. It is a security suite that helps you make sure your system is completely protected. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
NMBgMonitor.exe (Nero_Home) process can be removed to free up resources without compromising system performance. NMBgMonitor.exe (Nero_Home) is rRelated to Nero_Home. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
mssysmgr.exe (PhotoShow Deluxe Media Manager) is a process associated with PhotoShow Deluxe. The process is the executable for the media manager within PhotoShow Deluxe. This is a non-essential process. Disabling or enabling it is down to user preference. This process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe
You have reader_sl.exe running at Startup. This is a process associated with the Adobe Reader. It is used to decrease the load time for the reader when a PDF document is selected. This is a non-essential process. You will still be able to start it manually if you need it. You can fix this with HijackThis. This is the item to fix in HijackThis:
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
osa.exe or Osa9.exe launches common MS Office components to help speed up the launch of Office programs. Some users claim there's no difference with or without it (Osa9.exe is the Office 2000 variant). This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. This is the item to fix in HijackThis:
O4 ‑ Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.
Step 11
Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.
Step 12
Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.
Please post the logs from AVG Anti-Spyware, a-squared Free, and the list of filenames and locations of any files that can’t be cleaned / deleted that were reported after you completed the online scans.
Please advise me of any problems you still have.
Thank you so much Suebaby41 for looking at my log. I have been wanting to do what you list for a long time but was afraid that I might mess things up. I do have another topic going about the YOP program. It came free with my DSL. It froze on me one day and the only way I could get it off was to uninstall it. I did it through add/remove programs and then tried to redownload it. It would not download and said it was already on my computer. I could not figure out how to get it off. I even searched for it and could not find it. That is when I went to Computer Associates and downloaded just the antivirus. I would like to have the dashboard back but, I will try the other programs that you gave me.
I will print out all of your instructions and start on them right away. I didn't know I had 2 firewalls running at the same time. This is why I sent the log to you. I appreciate all your help and will probably come back with more questions. I will start and take it one step at a time. I have a lot of pics and music on here and would hate to loose any of it. Hopefully I will be able to do all this the right way and get this system running right. As you can probably tell I am new to computers and I have no one to talk to around here for help. They all think I am a freak for even being on the computer. THANK YOU AGAIN Please check in on me as I will probably need help.
I will print out all of your instructions and start on them right away. I didn't know I had 2 firewalls running at the same time. This is why I sent the log to you. I appreciate all your help and will probably come back with more questions. I will start and take it one step at a time. I have a lot of pics and music on here and would hate to loose any of it. Hopefully I will be able to do all this the right way and get this system running right. As you can probably tell I am new to computers and I have no one to talk to around here for help. They all think I am a freak for even being on the computer. THANK YOU AGAIN Please check in on me as I will probably need help.
Important:
It is possible that the entries were left over from uninstalling one of the programs and you do not have two antivirus programs or two firewalls. Check your Start > Control Panel > Add/Remove Programs to see what you do have installed.
Before you uninstall a firewall, make sure that the CA Internet Security Suite does or does not contain a firewall. Also check to see if the Trend Micro Internet Security Suite does or does not contain a firewall. If the programs do NOT contain a firewall, then you are OK because ZoneAlarm is a good firewall. If either program does have a firewall, then you need to uninstall one of them. You only need one firewall.
Before you uninstall an antivirus program, make sure that you have the Trend Micro Internet Security Suite with an antivirus program AND the CA Internet Security Suite with an antivirus program. If both have antivirus protection then you need to uninstall one of them.
The CA Internet Security Suite WITH an antivirus program AND a firewall should be sufficient. Then you would need to uninstall ZoneAlarm.
It is possible that the entries were left over from uninstalling one of the programs and you do not have two antivirus programs or two firewalls. Check your Start > Control Panel > Add/Remove Programs to see what you do have installed.
Before you uninstall a firewall, make sure that the CA Internet Security Suite does or does not contain a firewall. Also check to see if the Trend Micro Internet Security Suite does or does not contain a firewall. If the programs do NOT contain a firewall, then you are OK because ZoneAlarm is a good firewall. If either program does have a firewall, then you need to uninstall one of them. You only need one firewall.
Before you uninstall an antivirus program, make sure that you have the Trend Micro Internet Security Suite with an antivirus program AND the CA Internet Security Suite with an antivirus program. If both have antivirus protection then you need to uninstall one of them.
The CA Internet Security Suite WITH an antivirus program AND a firewall should be sufficient. Then you would need to uninstall ZoneAlarm.
I went back and checked on the firewall and anti-virus programs. Right now I only have CA Anti-virus and Zone Alarm firewall. The others are leftover from programs I tried to uninstall. I do however, have several spyware programs running at the same time. The one thing is Spybot keeps asking me to allow or not programs I have no idea about. As soon as the computer came back on those files I removed were trying to download themselves again. I denied the downloads. I hope.
YOP dashboard is still on this computer somewhere though. I tried to download the dashboard module again and it stated I already have it. It is not in the add/remove list. How do I completely remove all componants of that program and the others?
I am getting ready to download the new Java Runtime, I hope, and then start on all that other stuff. It is really intimidating, I hope I don't mess it up.
THANKS AGAIN
YOP dashboard is still on this computer somewhere though. I tried to download the dashboard module again and it stated I already have it. It is not in the add/remove list. How do I completely remove all componants of that program and the others?
I am getting ready to download the new Java Runtime, I hope, and then start on all that other stuff. It is really intimidating, I hope I don't mess it up.
THANKS AGAIN
QUOTE
I went back and checked on the firewall and anti-virus programs. Right now I only have CA Anti-virus and Zone Alarm firewall.
Great!
QUOTE
The others are leftover from programs I tried to uninstall. I do however, have several spyware programs running at the same time.
As far as I know, the spyware programs, Trend Micro Anti-Spyware, ewido anti-spyware 4.0 which has been replaced by AVG Anti-Spyware, and Windows Defender that you have on your computer have no conflict problems.
QUOTE
The one thing is Spybot keeps asking me to allow or not programs I have no idea about. As soon as the computer came back on those files I removed were trying to download themselves again. I denied the downloads. I hope.
Spybot's TeaTimer is asking you to allow or not allow programs. This is what TeaTimer does:
The Resident TeaTimer perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future: You can set TeaTimer to:
- be informed, when the process tries to start again
- automatically kill the process
- generally allow the process to run
- There is also an option to delete the file associated with this process.
If you are unsure about what you want to Allow or Deny or if what TeaTimer tells you does not make sense to you, there are other programs that will do the work for you. If you want to disable TeaTimer, see this tutorial: How To Disable Spybot S&D TeaTimer
I use WinPatrol and Prevx1.
- Please download WinPatrol.
- Save the wpsetup.exe program to your hard drive and run it locally instead of opening it from the web page.
- Follow the prompts to install WinPatrol.
- Note: Some fire walls including the newest Zone Alarm are blocking the execution of WinPatrolEx.exe. When you click on the Scotty icon, we actually launch WinPatrolEx.exe but Zone Alarm's protection prevents one program from launching another but doesn't necessarily let you know. You'll need to tell Zone Alarm that WinPatrol.exe and WinPatrolEx.exe are your friends.
Prevx1 has been designed to work in the background with minimal user intervention. It will work alongside existing security software such as anti-virus, anti-spyware and so on. However, Prevx1 will work equally well as a powerful standalone security tool in its own right. You can use Prevx1 completely free of charge to monitor your PC for infection. Prevx1 will even defend and clean up your PC for free for up to 28 days following your first infection. Thereafter, you can choose to pay as you go or to buy a year's full protection and clean up for $24.95.
QUOTE
YOP dashboard is still on this computer somewhere though. I tried to download the dashboard module again and it stated I already have it. It is not in the add/remove list. How do I completely remove all componants of that program and the others?
When you scan with HijackThis and place check marks by the Optional Fixes entries, the programs will no longer load at StartUp. The YOP program is located in C:\Program Files\Yahoo\YOP. It appears to be an antivirus program which you do not need if you keep the CA Antivirus program.
For more information about YOP, see SBC Yahoo! Online Protection Software
QUOTE
I am getting ready to download the new Java Runtime, I hope, and then start on all that other stuff. It is really intimidating, I hope I don't mess it up.
You are doing a great job. Just take your time and follow the instructions carefully.
Hello suebaby41. I am starting step 7. Everything I have run so far has tried to delete my homepage. I have att, sbc, dsl home page and yahoo search and google search with add ons. I like having the google for looking up model numbers. I work on electronics and it helps. I hope these are not causing a problem together. Everytime I have to restart, spybot will come up with 20 changes and I allow them, but then I try to open IE and it states that my homepage has been changed and do I want it fixed. I have to click yes to get my page to load.
I am saving all the reports for you. Hopefully it will help you so you can help me. On the spyware, I have spybot, spysubract, trendmicro antispyware and xoftspy. Trentmicro and Spysubtract look exactly the same. I bought spysubtract. I don't know where I got trendmicro from. I might have too many running at once and they are stumbling over each other. The Panda activescan took 4 hours to do. I will keep working on it though. Thanks for checking in.
I am saving all the reports for you. Hopefully it will help you so you can help me. On the spyware, I have spybot, spysubract, trendmicro antispyware and xoftspy. Trentmicro and Spysubtract look exactly the same. I bought spysubtract. I don't know where I got trendmicro from. I might have too many running at once and they are stumbling over each other. The Panda activescan took 4 hours to do. I will keep working on it though. Thanks for checking in.
Don't worry about your homepage changing warning. After you complete the steps, then you can reset it. The Optional Fixes are just things that might speed up your startup time; you do not have to do them. You decide what is best for you.
Logfile of HijackThis v1.99.1
Scan saved at 11:07:14 PM, on 11/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\windows\system32\cidaemon.exe
C:\windows\explorer.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Documents and Settings\Roger\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141962591593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142570135828
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
AVG Report Log---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:16:17 PM 11/23/2006
+ Scan result:
C:\Documents and Settings\Roger\Cookies\roger@cnetaustralia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@libertymutual.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@e-2dj6wjkyeldjgdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@e-2dj6wjliemd5wcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
A-SQUARED
a-squared Free - Version 2.1
Scan settings:
Objects: Memory, Traces, Cookies, C:\windows\, C:\Program Files
Scan archives: On
Heuristics: On
ADS Scan: On
Scan start: 11/23/2006 6:08:06 AM
C:\Program Files\adwarealert detected: Trace.Directory.AdwareAlert
C:\Program Files\mail passview detected: Trace.Directory.Mail PassView
C:\Documents and Settings\Roger\Start Menu\Programs\mail passview detected: Trace.Directory.Mail PassView
C:\Documents and Settings\All Users\Start Menu\Programs\spysubtract detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract\help detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract\sounds detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract\themes detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default detected: Trace.Directory.SpySubtract
C:\Program Files\aws\weatherbug detected: Trace.Directory.WeatherBug
C:\Program Files\adwarealert\databasenew.ref detected: Trace.File.AdwareAlert
C:\Program Files\mail passview\mailpv.chm detected: Trace.File.Mail PassView
C:\Program Files\mail passview\readme.txt detected: Trace.File.Mail PassView
C:\Documents and Settings\Roger\Start Menu\Programs\mail passview\mail passview help.lnk detected: Trace.File.Mail PassView
C:\Documents and Settings\Roger\Start Menu\Programs\mail passview\mail passview.lnk detected: Trace.File.Mail PassView
C:\Documents and Settings\Roger\Start Menu\Programs\mail passview\readme.lnk detected: Trace.File.Mail PassView
C:\Documents and Settings\All Users\Desktop\spysubtract.lnk detected: Trace.File.SpySubtract
C:\Documents and Settings\All Users\Start Menu\Programs\spysubtract\cwshredder.lnk detected: Trace.File.SpySubtract
C:\Documents and Settings\All Users\Start Menu\Programs\spysubtract\readme.lnk detected: Trace.File.SpySubtract
C:\Documents and Settings\All Users\Start Menu\Programs\spysubtract\spysubtract help.lnk detected: Trace.File.SpySubtract
C:\Documents and Settings\All Users\Start Menu\Programs\spysubtract\spysubtract.lnk detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\en-us.dll detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\help\en-us.chm detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\install.log detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\readme.txt detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\cl2.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\cl3.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\cl4.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\cld.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc1.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc11.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc2.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc3.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc4.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc5.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc6.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\scd.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\cl2.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\cl3.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\cl4.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\cld.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc1.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc10.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc11.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc12.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc3.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc4.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc6.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc7.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc8.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\scd.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\spuninst.exe detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\spysub.exe detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\spysubtract.log detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\spyware.dat detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\ssengine.dll detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sshook.dll detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\bg_common.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\bg_main.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\bg_messagedlg.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_activate.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_add.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_allow.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_bigdelete.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_bighelp.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_bigupdates.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_buy.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_cancel.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_clean.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_cleanprivacy.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_clear.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_config.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_cws.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_dbupdate.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_deny.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_details.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_feedback.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_help.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_home.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_ok.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_options.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_remove.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_restore.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_save.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_scan.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_selecttoggle.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_start.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_stop.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_updates.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_viewlog.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\copyright.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\detailstemplate.htm detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_check_blank.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_check_finished.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_check_off.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_check_on.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_check_working.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_adv_scanners.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_cleaning.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_general.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_scanner.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_scanners.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_scheduling.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_sounds.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_bad.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_error.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_good.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_info.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_question.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_uncertain.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_verybad.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_warning.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_cookie.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_folder.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_none.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_process.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_regykey.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_regyval.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_shortcutlink.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_suspect.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_winfile.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_threat_3.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\productlogo.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\splash.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\splashbasic.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\splashpro.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\theme.ini detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\webregister.exe detected: Trace.File.SpySubtract
C:\Program Files\aws\weatherbug\remove.exe detected: Trace.File.WeatherBug
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mail PassView --> Description detected: Trace.Registry.Mail PassView
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mail PassView --> DisplayName detected: Trace.Registry.Mail PassView
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mail PassView --> DisplayVersion detected: Trace.Registry.Mail PassView
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mail PassView --> InstallLocation detected: Trace.Registry.Mail PassView
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mail PassView --> Publisher detected: Trace.Registry.Mail PassView
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mail PassView --> UninstallString detected: Trace.Registry.Mail PassView
Value: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpyOnThis --> Order detected: Trace.Registry.SpyOnThis
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> app-access-scan detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> auto-backup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> check-network-integrity detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> clean-privacy-on-startup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ConfigDir detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ConnectionType detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> current-theme detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Days-remaining detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> db-message-on-startup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> debug-messages detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Email detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Evaluation detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> first-run detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> language detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Message detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> monitor-ms detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Oem detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> periodic-browser-settings-scan detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> periodic-process-scan detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ProductTag detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ProductVersion detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Pushcount detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> scan-quick-on-win-startup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> show-splash detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> sound-scheme detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Trial-days detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> app-access-scan detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> auto-backup detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> check-network-integrity detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> clean-privacy-on-startup detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> ConfigDir detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> ConnectionType detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> current-theme detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> db-message-on-startup detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> debug-messages detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> Email detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> Evaluation detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> first-run detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> language detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> monitor-ms detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> Oem detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> periodic-browser-settings-scan detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> periodic-process-scan detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> ProductTag detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> ProductVersion detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> scan-quick-on-win-startup detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> show-splash detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> sound-scheme detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> Trial-days detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> DisplayIcon detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> DisplayName detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> HelpLink detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> InstallLocation detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> Publisher detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> UninstallString detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> URLInfoAbout detected: Trace.Registry.SpySubtract
Key: HKEY_CLASSES_ROOT\.vnc detected: Trace.Registry.VNC.CommonComponents
Key: HKEY_CLASSES_ROOT\vncviewer.config detected: Trace.Registry.VNC.CommonComponents
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run --> winvnc detected: Trace.Registry.VNC.CommonComponents
Key: HKEY_LOCAL_MACHINE\software\orl\winvnc3 detected: Trace.Registry.VNC.CommonComponents
Key: HKEY_CLASSES_ROOT\.vnc detected: Trace.Registry.VNC
Value: HKEY_CLASSES_ROOT\CLSID\{62289CBE-3BE2-4ba9-AC20-A911C900039A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{66A21AEA-5A05-46b5-B7CD-C1AAAF4770CD}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{795514CB-A81C-48f6-87AB-5B22D433D5D8}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{B195FE25-16D9-4d1b-AD10-0701F9A5E277}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{BA8C584B-209C-4d54-8BB1-8AB5F1DCA18E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{D1698320-77BD-4776-96FD-C3C8D71E57E2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{E28DD8A6-E9BC-4d3e-A7F7-BC9644138CE2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{EC2EC911-E047-4810-9535-6CAFE1ADC3AD}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{EDBA2AAC-8A00-4eed-A2E4-74BFB760BE10}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00F442C2-5C9E-4ae5-AF7D-FB4E0350C2E3}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13AFA3A3-5687-487c-93F2-63D5DA468F4E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32239586-29DE-4268-8AF3-CE7658D3D672}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AAECB3B-3D56-47c7-8706-77899E73802A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62289CBE-3BE2-4ba9-AC20-A911C900039A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66A21AEA-5A05-46b5-B7CD-C1AAAF4770CD}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{795514CB-A81C-48f6-87AB-5B22D433D5D8}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B195FE25-16D9-4d1b-AD10-0701F9A5E277}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA8C584B-209C-4d54-8BB1-8AB5F1DCA18E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1698320-77BD-4776-96FD-C3C8D71E57E2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E28DD8A6-E9BC-4d3e-A7F7-BC9644138CE2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC2EC911-E047-4810-9535-6CAFE1ADC3AD}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDBA2AAC-8A00-4eed-A2E4-74BFB760BE10}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
C:\Documents and Settings\Roger\Cookies\roger@com[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Roger\Cookies\roger@com[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Roger\Cookies\roger@media.adrevolver[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Roger\Cookies\roger@zedo[2].txt detected: Trace.TrackingCookie
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\runner.exe detected: Adware.BackWeb.a
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe detected: Adware.BackWeb.a
C:\Program Files\Online Services\PeoplePC\Utilities\PPCODIAG.exe detected: Heuristic.Dialer
C:\Program Files\Online Services\PeoplePC\Utilities\PPCODUN.exe detected: Heuristic.Dialer
PANDA ACTIVESCAN
Scanned
Files: 92779
Traces: 84342
Cookies: 157
Processes: 53
Found
Files: 4
Traces: 221
Cookies: 4
Processes: 0
Registry keys: 0
Scan end: 11/23/2006 8:27:44 AM
Scan time: 2:19:38 AM
[size=4]BITDEFENDER
Quarantined
Files: 0
Traces: 0
Cookies: 0BitDefender Online Scanner
Scan report generated at: Thu, Nov 23, 2006 - 21:05:53
Scan path: A:\;C:\;D:\;E:\;H:\;I:\;J:\;K:\;
Statistics
Time
03:10:46
Files
1104427
Folders
10295
Boot Sectors
4
Archives
22230
Packed Files
87192
Results
Identified Viruses
1
Infected Files
1
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
1
Engines Info
Virus Definitions
318462
Engine build
AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\mailpv_setup.exe=>(ZIP Sfx o)=>mailpv.exe
Infected with: Backdoor.Delf.Agf.28.E
C:\Program Files\mailpv_setup.exe=>(ZIP Sfx o)=>mailpv.exe
Disinfection failed
C:\Program Files\mailpv_setup.exe=>(ZIP Sfx o)=>mailpv.exe
Deleted
C:\Program Files\mailpv_setup.exe=>(ZIP Sfx o)
Updated
C:\Program Files\mailpv_setup.exe
Update failed
I am pretty sure I messed up on some of this. I don't know of any problems yet, I wanted to get this to you as soon as possible. It looks like a lot of reading. I know I put too much on here but I didn't want to leave anything out. I hope I at least took care of most of it. I had a couple of problems getting things to work just right but I tried. If there is something I need to redo please let me know. Thank you for taking your time to do all of this. You don't know how much I appreciate it.
Scan saved at 11:07:14 PM, on 11/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\windows\system32\cidaemon.exe
C:\windows\explorer.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Documents and Settings\Roger\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141962591593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142570135828
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
AVG Report Log---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:16:17 PM 11/23/2006
+ Scan result:
C:\Documents and Settings\Roger\Cookies\roger@cnetaustralia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@libertymutual.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@e-2dj6wjkyeldjgdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@e-2dj6wjliemd5wcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Roger\Cookies\roger@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
A-SQUARED
a-squared Free - Version 2.1
Scan settings:
Objects: Memory, Traces, Cookies, C:\windows\, C:\Program Files
Scan archives: On
Heuristics: On
ADS Scan: On
Scan start: 11/23/2006 6:08:06 AM
C:\Program Files\adwarealert detected: Trace.Directory.AdwareAlert
C:\Program Files\mail passview detected: Trace.Directory.Mail PassView
C:\Documents and Settings\Roger\Start Menu\Programs\mail passview detected: Trace.Directory.Mail PassView
C:\Documents and Settings\All Users\Start Menu\Programs\spysubtract detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract\help detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract\sounds detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract\themes detected: Trace.Directory.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default detected: Trace.Directory.SpySubtract
C:\Program Files\aws\weatherbug detected: Trace.Directory.WeatherBug
C:\Program Files\adwarealert\databasenew.ref detected: Trace.File.AdwareAlert
C:\Program Files\mail passview\mailpv.chm detected: Trace.File.Mail PassView
C:\Program Files\mail passview\readme.txt detected: Trace.File.Mail PassView
C:\Documents and Settings\Roger\Start Menu\Programs\mail passview\mail passview help.lnk detected: Trace.File.Mail PassView
C:\Documents and Settings\Roger\Start Menu\Programs\mail passview\mail passview.lnk detected: Trace.File.Mail PassView
C:\Documents and Settings\Roger\Start Menu\Programs\mail passview\readme.lnk detected: Trace.File.Mail PassView
C:\Documents and Settings\All Users\Desktop\spysubtract.lnk detected: Trace.File.SpySubtract
C:\Documents and Settings\All Users\Start Menu\Programs\spysubtract\cwshredder.lnk detected: Trace.File.SpySubtract
C:\Documents and Settings\All Users\Start Menu\Programs\spysubtract\readme.lnk detected: Trace.File.SpySubtract
C:\Documents and Settings\All Users\Start Menu\Programs\spysubtract\spysubtract help.lnk detected: Trace.File.SpySubtract
C:\Documents and Settings\All Users\Start Menu\Programs\spysubtract\spysubtract.lnk detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\en-us.dll detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\help\en-us.chm detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\install.log detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\readme.txt detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\cl2.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\cl3.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\cl4.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\cld.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc1.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc11.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc2.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc3.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc4.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc5.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\sc6.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\pinball\scd.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\cl2.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\cl3.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\cl4.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\cld.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc1.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc10.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc11.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc12.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc3.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc4.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc6.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc7.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\sc8.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sounds\tomcat\scd.wav detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\spuninst.exe detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\spysub.exe detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\spysubtract.log detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\spyware.dat detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\ssengine.dll detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\sshook.dll detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\bg_common.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\bg_main.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\bg_messagedlg.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_activate.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_add.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_allow.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_bigdelete.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_bighelp.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_bigupdates.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_buy.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_cancel.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_clean.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_cleanprivacy.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_clear.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_config.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_cws.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_dbupdate.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_deny.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_details.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_feedback.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_help.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_home.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_ok.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_options.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_remove.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_restore.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_save.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_scan.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_selecttoggle.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_start.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_stop.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_updates.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\btn_viewlog.ico detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\copyright.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\detailstemplate.htm detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_check_blank.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_check_finished.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_check_off.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_check_on.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_check_working.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_adv_scanners.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_cleaning.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_general.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_scanner.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_scanners.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_scheduling.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_config_sounds.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_bad.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_error.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_good.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_info.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_question.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_uncertain.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_verybad.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_msg_warning.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_cookie.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_folder.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_none.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_process.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_regykey.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_regyval.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_shortcutlink.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_suspect.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_scanner_winfile.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\icon_threat_3.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\productlogo.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\splash.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\splashbasic.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\splashpro.bmp detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\themes\default\theme.ini detected: Trace.File.SpySubtract
C:\Program Files\intermute\spysubtract\webregister.exe detected: Trace.File.SpySubtract
C:\Program Files\aws\weatherbug\remove.exe detected: Trace.File.WeatherBug
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mail PassView --> Description detected: Trace.Registry.Mail PassView
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mail PassView --> DisplayName detected: Trace.Registry.Mail PassView
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mail PassView --> DisplayVersion detected: Trace.Registry.Mail PassView
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mail PassView --> InstallLocation detected: Trace.Registry.Mail PassView
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mail PassView --> Publisher detected: Trace.Registry.Mail PassView
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mail PassView --> UninstallString detected: Trace.Registry.Mail PassView
Value: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpyOnThis --> Order detected: Trace.Registry.SpyOnThis
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> app-access-scan detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> auto-backup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> check-network-integrity detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> clean-privacy-on-startup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ConfigDir detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ConnectionType detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> current-theme detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Days-remaining detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> db-message-on-startup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> debug-messages detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Email detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Evaluation detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> first-run detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> language detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Message detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> monitor-ms detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Oem detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> periodic-browser-settings-scan detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> periodic-process-scan detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ProductTag detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> ProductVersion detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Pushcount detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> scan-quick-on-win-startup detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> show-splash detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> sound-scheme detected: Trace.Registry.SpySubtract
Value: HKEY_CURRENT_USER\Software\interMute\SpySubtract --> Trial-days detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> app-access-scan detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> auto-backup detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> check-network-integrity detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> clean-privacy-on-startup detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> ConfigDir detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> ConnectionType detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> current-theme detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> db-message-on-startup detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> debug-messages detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> Email detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> Evaluation detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> first-run detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> language detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> monitor-ms detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> Oem detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> periodic-browser-settings-scan detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> periodic-process-scan detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> ProductTag detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> ProductVersion detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> scan-quick-on-win-startup detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> show-splash detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> sound-scheme detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\interMute\SpySubtract --> Trial-days detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> DisplayIcon detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> DisplayName detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> HelpLink detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> InstallLocation detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> Publisher detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> UninstallString detected: Trace.Registry.SpySubtract
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySubtract --> URLInfoAbout detected: Trace.Registry.SpySubtract
Key: HKEY_CLASSES_ROOT\.vnc detected: Trace.Registry.VNC.CommonComponents
Key: HKEY_CLASSES_ROOT\vncviewer.config detected: Trace.Registry.VNC.CommonComponents
Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run --> winvnc detected: Trace.Registry.VNC.CommonComponents
Key: HKEY_LOCAL_MACHINE\software\orl\winvnc3 detected: Trace.Registry.VNC.CommonComponents
Key: HKEY_CLASSES_ROOT\.vnc detected: Trace.Registry.VNC
Value: HKEY_CLASSES_ROOT\CLSID\{62289CBE-3BE2-4ba9-AC20-A911C900039A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{66A21AEA-5A05-46b5-B7CD-C1AAAF4770CD}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{795514CB-A81C-48f6-87AB-5B22D433D5D8}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{B195FE25-16D9-4d1b-AD10-0701F9A5E277}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{BA8C584B-209C-4d54-8BB1-8AB5F1DCA18E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{D1698320-77BD-4776-96FD-C3C8D71E57E2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{E28DD8A6-E9BC-4d3e-A7F7-BC9644138CE2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{EC2EC911-E047-4810-9535-6CAFE1ADC3AD}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_CLASSES_ROOT\CLSID\{EDBA2AAC-8A00-4eed-A2E4-74BFB760BE10}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00F442C2-5C9E-4ae5-AF7D-FB4E0350C2E3}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13AFA3A3-5687-487c-93F2-63D5DA468F4E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32239586-29DE-4268-8AF3-CE7658D3D672}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AAECB3B-3D56-47c7-8706-77899E73802A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62289CBE-3BE2-4ba9-AC20-A911C900039A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66A21AEA-5A05-46b5-B7CD-C1AAAF4770CD}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{795514CB-A81C-48f6-87AB-5B22D433D5D8}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B195FE25-16D9-4d1b-AD10-0701F9A5E277}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA8C584B-209C-4d54-8BB1-8AB5F1DCA18E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1698320-77BD-4776-96FD-C3C8D71E57E2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E28DD8A6-E9BC-4d3e-A7F7-BC9644138CE2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC2EC911-E047-4810-9535-6CAFE1ADC3AD}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDBA2AAC-8A00-4eed-A2E4-74BFB760BE10}\InprocServer32 --> ThreadingModel detected: Trace.Registry.YourKeyloggerProgramName
C:\Documents and Settings\Roger\Cookies\roger@com[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Roger\Cookies\roger@com[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Roger\Cookies\roger@media.adrevolver[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Roger\Cookies\roger@zedo[2].txt detected: Trace.TrackingCookie
C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\runner.exe detected: Adware.BackWeb.a
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe detected: Adware.BackWeb.a
C:\Program Files\Online Services\PeoplePC\Utilities\PPCODIAG.exe detected: Heuristic.Dialer
C:\Program Files\Online Services\PeoplePC\Utilities\PPCODUN.exe detected: Heuristic.Dialer
PANDA ACTIVESCAN
Scanned
Files: 92779
Traces: 84342
Cookies: 157
Processes: 53
Found
Files: 4
Traces: 221
Cookies: 4
Processes: 0
Registry keys: 0
Scan end: 11/23/2006 8:27:44 AM
Scan time: 2:19:38 AM
[size=4]BITDEFENDER
Quarantined
Files: 0
Traces: 0
Cookies: 0BitDefender Online Scanner
Scan report generated at: Thu, Nov 23, 2006 - 21:05:53
Scan path: A:\;C:\;D:\;E:\;H:\;I:\;J:\;K:\;
Statistics
Time
03:10:46
Files
1104427
Folders
10295
Boot Sectors
4
Archives
22230
Packed Files
87192
Results
Identified Viruses
1
Infected Files
1
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
1
Engines Info
Virus Definitions
318462
Engine build
AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\mailpv_setup.exe=>(ZIP Sfx o)=>mailpv.exe
Infected with: Backdoor.Delf.Agf.28.E
C:\Program Files\mailpv_setup.exe=>(ZIP Sfx o)=>mailpv.exe
Disinfection failed
C:\Program Files\mailpv_setup.exe=>(ZIP Sfx o)=>mailpv.exe
Deleted
C:\Program Files\mailpv_setup.exe=>(ZIP Sfx o)
Updated
C:\Program Files\mailpv_setup.exe
Update failed
I am pretty sure I messed up on some of this. I don't know of any problems yet, I wanted to get this to you as soon as possible. It looks like a lot of reading. I know I put too much on here but I didn't want to leave anything out. I hope I at least took care of most of it. I had a couple of problems getting things to work just right but I tried. If there is something I need to redo please let me know. Thank you for taking your time to do all of this. You don't know how much I appreciate it.
You are doing a good job. Your HijackThis log is looking good.
You may want to scan with HijackThis and place a check mark by this entry.
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
AlcxMonitor Alcxmntr.exe
Description: Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers
Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entry you checked.
You may want to scan with HijackThis and place a check mark by this entry.
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
AlcxMonitor Alcxmntr.exe
Description: Realtek AC97 Audio - Event Monitor. Sypware file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but is being used by Realtek to gather data about customers
Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entry you checked.
Here is my latest log after cleaning the alcxmonitor. I also removed yahoo music engine because it wouldn't work and I couldn't download it because it said I already had it. It seems like some of the stuff are already back on here. So far everything appears to be working normally.
Logfile of HijackThis v1.99.1
Scan saved at 8:26:22 AM, on 11/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Documents and Settings\Roger\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141962591593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142570135828
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 8:26:22 AM, on 11/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Documents and Settings\Roger\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141962591593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142570135828
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Step 1
I think Spybot- S&D's TeaTimer may be stopping some fixes. I suggest you uninstall Spybot- S&D via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs). You can reinstall it after you are done.
Step 2
We need to disable the AVG Anti-Spyware Guard Realtime Monitor as it may interfere with the fixes that we need to make.
We need to disable Windows Defender's realtime protection as it may interfere with the fixes that we need to make.
Step 4
Please run HijackThis and click [b[Scan[/b] Place checks next to the following entries (make sure not to miss any):
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.
Since I see some of the Optional Fixes still in your HijackThis log, I assume you made the decision to keep them. I want to make sure that you understand that when you scan with HijackThis and place check marks by the Optional Fixes entries, the programs will no longer load at StartUp but are still available whenever you need them. Having a lot of StartUp programs may slow down your computer boot time.
Please post a new HijackThis log. Let me know if you still have any problems.
I think Spybot- S&D's TeaTimer may be stopping some fixes. I suggest you uninstall Spybot- S&D via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs). You can reinstall it after you are done.
Step 2
We need to disable the AVG Anti-Spyware Guard Realtime Monitor as it may interfere with the fixes that we need to make.
- Open AVG Anti-Spyware by double-clicking the AVG Anti-Spyware icon in the system tray.
- In the Your security status section, toggle the AVG Anti-Spyware Guard realtime protection to off by clicking active which will then change the protection status to inactive .
- When you reboot, AVG Anti-Spyware will prompt you to Restart the guard?, reply no and set it to inactive for the duration of your cleanup.
We need to disable Windows Defender's realtime protection as it may interfere with the fixes that we need to make.
- Open Windows Defender
- Click on Tools
- Click on General Settings
- Scroll down to Real-time protection options
- Uncheck Turn on Real-time protection (recommended)
- Click Save
- Exit the program.
Step 4
Please run HijackThis and click [b[Scan[/b] Place checks next to the following entries (make sure not to miss any):
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.
Since I see some of the Optional Fixes still in your HijackThis log, I assume you made the decision to keep them. I want to make sure that you understand that when you scan with HijackThis and place check marks by the Optional Fixes entries, the programs will no longer load at StartUp but are still available whenever you need them. Having a lot of StartUp programs may slow down your computer boot time.
Please post a new HijackThis log. Let me know if you still have any problems.
Hello,
I am getting ready to start your latest entry. I just wanted to let you know I did put check marks next to all the optional fixes. That is what I meant by some things looked as if they were already back on my computer. I hate it when it takes all that time to load everything at startup. I don't need all of it to start up every time. I don't know if I did something wrong or if something is keeping them from deleting. If I did something wrong I don't know what it is. I will now start on the latest fix. Thank you.
I am getting ready to start your latest entry. I just wanted to let you know I did put check marks next to all the optional fixes. That is what I meant by some things looked as if they were already back on my computer. I hate it when it takes all that time to load everything at startup. I don't need all of it to start up every time. I don't know if I did something wrong or if something is keeping them from deleting. If I did something wrong I don't know what it is. I will now start on the latest fix. Thank you.
You haven't done anything wrong. Your protection programs are preventing the HijackThis fixes.
Make sure you have uninstalled Spybot-S&D. TeaTimer keeps preventing HijackThis from fixing anything. Sometimes, disabling TeaTimer is not enough. You have to uninstall Spybot -S&D. You can reinstall it when you are finished.
Make sure you disable the protection programs, Windows Defender, AVG Anti-Spyware, and the Trend Anti-Spyware. Their resident protection will stop HijackThis from fixing anything.
Then Scan with HijackThis and check the entries again. Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.
Make sure you have uninstalled Spybot-S&D. TeaTimer keeps preventing HijackThis from fixing anything. Sometimes, disabling TeaTimer is not enough. You have to uninstall Spybot -S&D. You can reinstall it when you are finished.
Make sure you disable the protection programs, Windows Defender, AVG Anti-Spyware, and the Trend Anti-Spyware. Their resident protection will stop HijackThis from fixing anything.
Then Scan with HijackThis and check the entries again. Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.
Well I tried again. I hope it came out right. I will post the log. I also have been noticing when I reboot and when I print I get this "time executable pop up window". I don't know what it is or if it has something to do with startup. Please let me know if I got it this time. Thank you.
Logfile of HijackThis v1.99.1
Scan saved at 5:04:55 PM, on 11/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\wuauclt.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\cidaemon.exe
C:\Documents and Settings\Roger\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141962591593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142570135828
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Time Executable
I sent the info to Microsoft and was told not to send it unles I was asked to. I just added this in case you know what it is. It comes up every time I boot up. Thanks
Time Executable has encountered a problem and needs to close. We are sorry for the inconvenience.
If you were in the middle of something the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
Send Error Report Don’t Send
Logfile of HijackThis v1.99.1
Scan saved at 5:04:55 PM, on 11/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\wuauclt.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\cidaemon.exe
C:\Documents and Settings\Roger\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141962591593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142570135828
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Time Executable
I sent the info to Microsoft and was told not to send it unles I was asked to. I just added this in case you know what it is. It comes up every time I boot up. Thanks
Time Executable has encountered a problem and needs to close. We are sorry for the inconvenience.
If you were in the middle of something the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
Send Error Report Don’t Send
Let's try this.
Step 1
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
The above entries indicate that you have not disabled the protection programs. You need to disable all of them so that HijackThis can do the fixes.
Step 2
If you have an always on connection to the Internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
Step 3
Next, please reboot your computer in Safe Mode by doing the following :
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
Reboot to Normal Mode. Please post a new HijackThis log.
Please post your question in the Operating Systems > Windows XP Home and Professional Forum on BleepingComputer
Step 1
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
The above entries indicate that you have not disabled the protection programs. You need to disable all of them so that HijackThis can do the fixes.
Step 2
If you have an always on connection to the Internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
Step 3
Next, please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, ( without networking support !) then press Enter.
- Choose your usual account.
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
Reboot to Normal Mode. Please post a new HijackThis log.
QUOTE
Time Executable
I sent the info to Microsoft and was told not to send it unles I was asked to. I just added this in case you know what it is. It comes up every time I boot up. Thanks
Time Executable has encountered a problem and needs to close. We are sorry for the inconvenience.
If you were in the middle of something the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
Send Error Report Don’t Send
I sent the info to Microsoft and was told not to send it unles I was asked to. I just added this in case you know what it is. It comes up every time I boot up. Thanks
Time Executable has encountered a problem and needs to close. We are sorry for the inconvenience.
If you were in the middle of something the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
Send Error Report Don’t Send
Please post your question in the Operating Systems > Windows XP Home and Professional Forum on BleepingComputer
I hope it worked this time.
Logfile of HijackThis v1.99.1
Scan saved at 6:45:32 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Documents and Settings\Roger\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: SpySubtract.lnk.disabled
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk.disabled
O4 - Global Startup: Trend Micro Anti-Spyware.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141962591593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142570135828
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 6:45:32 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Documents and Settings\Roger\My Documents\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: SpySubtract.lnk.disabled
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk.disabled
O4 - Global Startup: Trend Micro Anti-Spyware.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.5.0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141962591593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142570135828
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Great job!
Your log appears to be clean. Please advise me of any problems you still have. Please take the time to read my All Clean Post.
Please follow these simple steps in order to keep your computer clean and secure:
Good luck!
Your log appears to be clean. Please advise me of any problems you still have. Please take the time to read my All Clean Post.
Please follow these simple steps in order to keep your computer clean and secure:
- Disable and Enable System Restore. If you are using Windows XP then you should disable and enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to disable and enable system restore here:
Windows XP System Restore Guide - Make your Internet Explorer more secure This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it asks you if you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
- Use IE-SPYAD Install IE SPYAD. Add another level of protection to your Internet Explorer browser by blocking certain sites that are known to contain malware. IE SPYAD puts several thousand sites in your restricted zone so you'll be protected when you visit innocent looking sites that aren't actually innocent at all. If you happen on a site within its list, they can't hijack you or install anything. Program is free and is updated about once a month. Please follow readme instructions for install; it is a little different. Single user PC use IE Spyad1. Multi user XP PC use IE Spyad2.
- Use a Firewall - I cannot stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
Computer Safety On line - Software Firewalls - Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out. For an article on antivirus programs and a listing of some available ones see the link below:
Computer Safety On line - Anti-Virus - Visit Microsoft's Windows Update Site Frequently It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware from Your Computer - You should scan your computer with Ad-Aware as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer - Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
Computer Safety on line Anti Malware - Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
- Click the start button on the task bar at the bottom of your screen
- Click run
- In the dialog box, type services.msc
- hit enter, then locate dns client
- Highlight it, then doubleclick it.
- On the dropdown box, change the setting from automatic to manual.
- Click ok..
- Use an alternative instant messenger program.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
- Please read Tony Klein's excellent article: How I got Infected in the First Place
- Please read Understanding Spyware, Browser Hijackers, and Dialers
- Please read Simple and easy ways to keep your computer safe and secure on the Internet
- If you are using Internet Explorer, please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from HERE
- Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
- If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Good luck!
Thank you for all your help. It seems my computer is running a little faster now. I will print out what you suggest and follow all your steps. I was begining to wander if I was going to be able to do it. At last it worked. Thanks again. 
You are welcome. I am glad we could help.
Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.