Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Securepccleaner And Other Infections


  • This topic is locked This topic is locked
3 replies to this topic

#1 sj0120

sj0120

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 09 September 2007 - 05:38 PM

For about a month now I have been getting pop-ups saying "Windows has detected an Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection," or "Security Warning! Trojan.W32.Looksky detected on your machine. This virus is distributed via the Internet through e-mail and Active-X objects. The worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process should be removed from your system. Type: Virus System Affected: Windows 2000, NT, ME, XP, Vista Security Risk (0-5): 5 Recomendations: Click Yes to remove it from your PC immediately" (yes, 'recomendations' is spelled wrong on the pop-up...) Once the alert box is closed by any means (even using the End Task feature in the Windows Task Manager), it opens an internet explorer page, linking directly to the following URL:

//www.safewebnavigate.com/index.php?s...;pn=2&pid=1

It also installed three internet shortcuts on my desktop; The first is titled "Error Cleaner," the second is called "Privacy Protector," and the third is called "Spyware&Malware Protector," and all three link to //virusprotectionproonline.com/shandl...p;pn=2&sg=1

Over the last few days I have downloaded and run completely Spy Bot S&D, Mcafee Stinger, and Ad-Aware SE, all a few times apiece until they say comepletley cleared, but when I reboot, I get the same thing. The pop ups are getting out of control and I really need to figure this out, so any help is appreciated.

Ive also got a SecurePCCleaner error box that act exactly like others when you exit it in any way, just brings you to its website, it tends to freeze my computer if left logged in for more than 15 minutes.

Upon finding this site, I downloaded HJT and ran a scan with logfile... here's what I got:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:11 PM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis\HijackThis.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.253.151.209 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {804F9BC5-0EAB-4150-8065-0DF485420670} (InstallShield Setup Player V11.5) - http://www.noobforums.com/G2/setup.exe
O21 - SSODL: msmhost - {4F5204CE-860B-479D-8206-8C6DF93B87FD} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {34E2918E-EEB1-4E14-88A7-AA944F8B33CA} - C:\WINDOWS\msmdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9238 bytes


PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!!

Edited by KoanYorel, 09 September 2007 - 07:04 PM.
To disable hot link URLs above


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:07 AM

Posted 11 September 2007 - 12:24 AM

Hello sj0120,

I am SifuMike and I will be helping you. Sorry for the delay. We are swamped with logs.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log. Make sure you run Hijackthis in the normal mode, not the Safe Mode. I cant see all the running processes when you run it in the Safe Mode.
************************

This will take some time to run.

Download SUPERantispyware
  • Load SUPERantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log to this thread, regardless of what it finds.

Edited by SifuMike, 11 September 2007 - 12:53 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 sj0120

sj0120
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:07 AM

Posted 11 September 2007 - 04:22 PM

Here is what you asked for. First is the SDFix Report. The 2nd set is the HJT report.



SDFix: Version 1.103

Run by Sean on Tue 09/11/2007 at 04:55 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\~GLHTTP1.TMP - Deleted
C:\Documents and Settings\Sean\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Sean\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Sean\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Sean\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Sean\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Sean\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\msmdev.dll - Deleted
C:\WINDOWS\msmhost.dll - Deleted
C:\WINDOWS\nsduo.dll - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\wmpenv.dll - Deleted


Folder C:\WINDOWS\privacy_danger - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
:dvdsantas 40996
:dvdsantas.exe 77824
Total size: 118820 bytes.

system32: deleted 118820 bytes in 2 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\DISC\\myFTP.exe:*:Enabled:DISCover FTP"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"F:\\LimeWire\\LimeWire.exe"="F:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\All Users\Documents\My Music\Kanye_West-Graduation-(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\All Users\Documents\My Music\Kanye_West-Graduation-(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\AC-This_Is_AC_Pt[1].2_Staten_Lives__RapGodFathers.com_\AC-This Is AC Pt.2(Staten Lives)(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\AC-This_Is_AC_Pt[1].2_Staten_Lives__RapGodFathers.com_\AC-This Is AC Pt.2(Staten Lives)(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Akon-In_My_Ghetto_RapGodFathers[1].com_\Akon-In My Ghetto(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Akon-In_My_Ghetto_RapGodFathers[1].com_\Akon-In My Ghetto(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Andre 3000 - Whole Foods-(RapGodFathers[1].com)\Andre 3000 - Whole Foods-(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Andre 3000 - Whole Foods-(RapGodFathers[1].com)\Andre 3000 - Whole Foods-(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Chamillionaire_-_Mixtape__Messiah_3-RapGodFathers[1].com\Chamillionaire - Mixtape Messiah 3-RapGodFathers.com\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Chamillionaire_-_Mixtape__Messiah_3-RapGodFathers[1].com\Chamillionaire - Mixtape Messiah 3-RapGodFathers.com\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Common-Finding Forever-(RapGodFathers[1].com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Common-Finding Forever-(RapGodFathers[1].com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJK-WTB(RapGodFathers.com)\DJ_Khaled-We_The_Best-(Retail)-2007-(RapGodFathers.com)\Thumbs.db
C:\Documents and Settings\Sean\My Documents\My Music\DJ_Drama-Gangsta_Grillz_16_The_Streetz_Been_Waitin__RapGodFathers[1].com_\DJ Drama-Gangsta Grillz 16(The Streetz Been Waitin)(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_Drama-Gangsta_Grillz_16_The_Streetz_Been_Waitin__RapGodFathers[1].com_\DJ Drama-Gangsta Grillz 16(The Streetz Been Waitin)(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_Kool_Kid_Presents_Freeway-Mr[1]._Big_Spender\DJ_Kool_Kid_Presents_Freeway-Mr._Big_Spender(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_Kool_Kid_Presents_Freeway-Mr[1]._Big_Spender\DJ_Kool_Kid_Presents_Freeway-Mr._Big_Spender(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_L_Gee-R[1].Kelly_VS_Usher_Part_2_Make_It_Rain_Edition__RapGodFathers.com_\DJ L Gee-R.Kelly VS Usher Part 2(Make It Rain Edition)(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_L_Gee-R[1].Kelly_VS_Usher_Part_2_Make_It_Rain_Edition__RapGodFathers.com_\DJ L Gee-R.Kelly VS Usher Part 2(Make It Rain Edition)(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_Scope-South_Of_The_Border_Pt[1].2_RapGodFathers.com_\DJ Scope-South Of The Border Pt.2(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_Scope-South_Of_The_Border_Pt[1].2_RapGodFathers.com_\DJ Scope-South Of The Border Pt.2(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_Smallz-Smokin_RnB_Vol[1].2_RapGodFathers.com_\DJ Smallz-Smokin RnB Vol.2(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_Smallz-Smokin_RnB_Vol[1].2_RapGodFathers.com_\DJ Smallz-Smokin RnB Vol.2(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_Smallz-The_Best_Thing_Smokin_Vol[1].3_RapGodFathers.com_\DJ Smallz-The Best Thing Smokin Vol.3(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_Smallz-The_Best_Thing_Smokin_Vol[1].3_RapGodFathers.com_\DJ Smallz-The Best Thing Smokin Vol.3(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_White_Owl-Beef_Classics_Who_Wants_Some__RapGodFathers[1].com_\DJ White Owl-Beef Classics(Who Wants Some)(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\DJ_White_Owl-Beef_Classics_Who_Wants_Some__RapGodFathers[1].com_\DJ White Owl-Beef Classics(Who Wants Some)(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Evil_Empire_PSC_And_DJ_Drama-Down_With_The_King-(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Evil_Empire_PSC_And_DJ_Drama-Down_With_The_King-(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Ghetto_Revival-Hallelujah_Holla_Back\Ghetto_Revival-Hallelujah_Holla_Back(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Ghetto_Revival-Hallelujah_Holla_Back\Ghetto_Revival-Hallelujah_Holla_Back(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Gucci Mane-Trap Happy(RapGodFathers.com)\Gucci Mane-Trap Happy(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Gucci Mane-Trap Happy(RapGodFathers.com)\Gucci Mane-Trap Happy(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Joell_Ortiz-The_Brick_Bodega_Chronicles_RapGodFathers[1].com_\Joell Ortiz-The Brick Bodega Chronicles(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Joell_Ortiz-The_Brick_Bodega_Chronicles_RapGodFathers[1].com_\Joell Ortiz-The Brick Bodega Chronicles(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Keyz_Presents_Jay-Z-Inventing_The_Remix_14_I_Make_This_bleep_Hot_\Keyz_Presents_Jay-Z-Inventing_The_Remix_14(I_Make_This_bleep_Hot)(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Keyz_Presents_Jay-Z-Inventing_The_Remix_14_I_Make_This_bleep_Hot_\Keyz_Presents_Jay-Z-Inventing_The_Remix_14(I_Make_This_bleep_Hot)(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Lil Wayne\DJ_Drama_And_Lil__Wayne_-_The_Pre-Carter_3-RapGodFathers[1].com\Thumbs.db
C:\Documents and Settings\Sean\My Documents\My Music\Lil Wayne\DJ_Drama_And_Lil__Wayne_-_The_Pre-Carter_3-RapGodFathers[1].com\DJ Drama And Lil' Wayne - The Pre-Carter 3-RapGodFathers.com\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Lil Wayne\DJ_Drama_And_Lil__Wayne_-_The_Pre-Carter_3-RapGodFathers[1].com\DJ Drama And Lil' Wayne - The Pre-Carter 3-RapGodFathers.com\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Lil Wayne\Suge_White_Presents_Lil_Wayne-The_Dapper_Don(East_Coast_Mob_Ties)(RapGodFathers[1].com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Lil Wayne\Suge_White_Presents_Lil_Wayne-The_Dapper_Don(East_Coast_Mob_Ties)(RapGodFathers[1].com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Lil Wayne\Suge_White_Presents_Lil_Wayne-The_Dapper_Don(East_Coast_Mob_Ties)(RapGodFathers[1].com)\Thumbs.db
C:\Documents and Settings\Sean\My Documents\My Music\Pastor_Troy-Tool_Musiq_RapGodFathers[1].com_\Pastor Troy-Tool Musiq(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Pastor_Troy-Tool_Musiq_RapGodFathers[1].com_\Pastor Troy-Tool Musiq(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Pitbull-Chapter_1_Mixed_By_DJ_Ideal__RapGodFathers[1].com_\Pitbull-Chapter 1(Mixed By DJ Ideal)(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Pitbull-Chapter_1_Mixed_By_DJ_Ideal__RapGodFathers[1].com_\Pitbull-Chapter 1(Mixed By DJ Ideal)(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Plies-The_Countdown\Plies-The Countdown(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Plies-The_Countdown\Plies-The Countdown(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Plies-The_Real_Testament (RapGodFathers[1].com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Plies-The_Real_Testament (RapGodFathers[1].com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Rick_Ross-Still_Hustlin (RapGodFathers[1].com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Rick_Ross-Still_Hustlin (RapGodFathers[1].com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Sean_Kingston-Sean_Kingston-(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Sean_Kingston-Sean_Kingston-(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Shop_Boyz-Rockstar_Mentality-(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Shop_Boyz-Rockstar_Mentality-(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\SP-HA-RGF\Sean Paul Of The Young Bloodz-Hood Anthems(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\SP-HA-RGF\Sean Paul Of The Young Bloodz-Hood Anthems(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\T-Pain-Epiphany (RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\T-Pain-Epiphany (RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\T-SLAP-RGF\Tank-Sex,Love and Pain(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\T-SLAP-RGF\Tank-Sex,Love and Pain(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\T.I.vs.T.I.P\TIPIT_RGF\T.I. - T.I. Vs T.I.P.-RapGodFathers.com\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\T.I.vs.T.I.P\TIPIT_RGF\T.I. - T.I. Vs T.I.P.-RapGodFathers.com\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\The_Empire-Southern_Slang_5_RapGodFathers[1].com_\The Empire-Southern Slang 5(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\The_Empire-Southern_Slang_5_RapGodFathers[1].com_\The Empire-Southern Slang 5(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\The_Empire-Southern_Slang_6\The_Empire-Southern_Slang_6(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\The_Empire-Southern_Slang_6\The_Empire-Southern_Slang_6(RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\UGK-Underground_Kingz (RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\UGK-Underground_Kingz (RapGodFathers.com)\Folder.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Young_Jeezy_Presents_U.S.D.A.-Cold_Summer__The_Authentic_Mixtape-(RapGodFathers.com)\AlbumArtSmall.jpg
C:\Documents and Settings\Sean\My Documents\My Music\Young_Jeezy_Presents_U.S.D.A.-Cold_Summer__The_Authentic_Mixtape-(RapGodFathers.com)\Folder.jpg
C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll
C:\Program Files\Online Services\Aol\United States\AOL90\ACST4.DLL
C:\Program Files\Online Services\Aol\United States\AOL90\AOLFIREWALLMGR.DLL
C:\Program Files\Online Services\Aol\United States\AOL90\AOLINSTALLERFW.DLL
C:\Program Files\Online Services\Aol\United States\AOL90\INSTPH.DLL
C:\Program Files\Online Services\Aol\United States\AOL90E\ACST4.DLL
C:\Program Files\Online Services\Aol\United States\AOL90E\AOLFIREWALLMGR.DLL
C:\Program Files\Online Services\Aol\United States\AOL90E\AOLINSTALLERFW.DLL
C:\Program Files\Online Services\Aol\United States\AOL90E\INSTPH.DLL
C:\Program Files\Online Services\Canada\KOL\comps\acs\AcsInstN.dll
C:\Program Files\Online Services\Canada\KOL\comps\asp\aspcheck.dll
C:\Program Files\Online Services\Canada\KOL\comps\fw\NISChk.dll
C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpchk.dll
C:\Program Files\Online Services\Canada\KOL\comps\qt\QTInsInf.dll
C:\Program Files\Online Services\Canada\KOL\comps\rp\RealChk.dll
C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SiNdInst.dll
C:\Program Files\Online Services\Canada\KOL\comps\tb\tbinst.dll
C:\Program Files\Online Services\Canada\KOL\comps\tpspd\tsverchk.dll
C:\Program Files\Online Services\Canada\KOL\comps\vwpt\AOLVPChk.dll
C:\Program Files\Online Services\Canada\KOL\client.exe
C:\Program Files\Online Services\Canada\KOL\comps\acs\acssetup.exe
C:\Program Files\Online Services\Canada\KOL\comps\asp\aspsetup.exe
C:\Program Files\Online Services\Canada\KOL\comps\deskbar\deskbr.exe
C:\Program Files\Online Services\Canada\KOL\comps\flash\FlashAX.exe
C:\Program Files\Online Services\Canada\KOL\comps\fw\nisale.exe
C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpinst.exe
C:\Program Files\Online Services\Canada\KOL\comps\qt\qt.exe
C:\Program Files\Online Services\Canada\KOL\comps\rp\RealPl8.EXE
C:\Program Files\Online Services\Canada\KOL\comps\rp\real_upd.exe
C:\Program Files\Online Services\Canada\KOL\comps\rp\rp9codec.exe
C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SinfInst.exe
C:\Program Files\Online Services\Canada\KOL\comps\tb\tbsetup.exe
C:\Program Files\Online Services\Canada\KOL\comps\toolbar\toolbr.exe
C:\Program Files\Online Services\Canada\KOL\comps\tpspd\TSsetup.exe
C:\Program Files\Online Services\Canada\KOL\comps\vwpt\VPPrePop.exe
C:\Program Files\Online Services\Canada\KOL\comps\vwpt\Vwpt.exe
C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\nsb-install-8-0.exe
C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\webutil8.exe
C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\WinsockFix.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\BIT18.tmp
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\BIT5.tmp
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\BIT55.tmp
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\BIT58.tmp
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\BIT5B.tmp
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\BIT6A.tmp
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\BIT6B.tmp
C:\Program Files\Online Services\Canada\KOL\comps\acs\acsnet.zip
C:\Program Files\Online Services\Canada\KOL\comps\autoit\autoit-v3.zip

Finished!


Here is the HJT Report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:40 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {804F9BC5-0EAB-4150-8065-0DF485420670} (InstallShield Setup Player V11.5) - http://www.noobforums.com/G2/setup.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10476 bytes


Now I'm going to do the rest of the sencond part of the instructions.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:07 AM

Posted 20 September 2007 - 04:05 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users