Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups


  • This topic is locked This topic is locked
38 replies to this topic

#1 HIGHTOWER

HIGHTOWER

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 21 February 2008 - 06:54 PM

Here is my hijackthis log for my pop up problem which i posted on the AM I INFECTED forum and i am still getting 1 or 2 from CiD thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:06, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\Bags Mail.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mapi that] C:\DOCUME~1\gavin\APPLIC~1\TRUSTH~1\title link dash.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Fairway%20Solitaire/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202740371270
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202740600598
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/The%20Count%20Of%20Monte%20Cristo/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9139 bytes

Edited by HIGHTOWER, 21 February 2008 - 06:59 PM.


BC AdBot (Login to Remove)

 


#2 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 23 February 2008 - 07:58 PM

still getting them and are doing ma head in :blink: :thumbsup:

#3 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 25 February 2008 - 08:24 PM

Hi lads i know you are busy so i have ran another hijackthis log to keep you updated and we ran avg free edition earlier and found a WORM.DELF which i think is not good it came from LIMEWIRE.
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ContextAdvisor - {87E68009-29A8-D669-F7C2-B31D08635C50} - C:\Program Files\ContextAdvisor\ContextAdvisor-1.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\Bags Mail.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mapi that] C:\DOCUME~1\gavin\APPLIC~1\TRUSTH~1\title link dash.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Agatha%20Christie%20-%20Peril%20at%20End%20House/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202740371270
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202740600598
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/The%20Count%20Of%20Monte%20Cristo/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:01:21 AM

Posted 28 February 2008 - 05:36 AM

Hi,

Sorry for the delay.

The latest HijackThis log that you've posted is incomplete. Can you please run another scan with HijackThis and save a log and post it back.

In addition, please also do the following:
  • Please download and install CCleaner Slim.
  • Once installed, double click on the desktop shortcut created.
  • On the leftmost column, click on Tools.
  • On the middle column, click on Uninstall.
  • At the bottom right hand corner, click on the Save to text file... button.
  • By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
  • Close CCleaner.
Note: Doing this will not uninstall any programs. It will only produce a log of installed programs on your computer.

In your next reply, please post:
  • A new HijackThis log
  • CCleaner install.txt file

Posted Image

Done your best? Really?


#5 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 28 February 2008 - 06:08 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:57, on 28/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ContextAdvisor - {87E68009-29A8-D669-F7C2-B31D08635C50} - C:\Program Files\ContextAdvisor\ContextAdvisor-1.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\Bags Mail.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mapi that] C:\DOCUME~1\gavin\APPLIC~1\TRUSTH~1\title link dash.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1475859870-1791034012-3205403019-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'lorraine')
O4 - HKUS\S-1-5-21-1475859870-1791034012-3205403019-1006\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'lorraine')
O4 - HKUS\S-1-5-21-1475859870-1791034012-3205403019-1006\..\Run: [mapi that] C:\DOCUME~1\lorraine\APPLIC~1\TRUSTH~1\title link dash.exe (User 'lorraine')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Agatha%20Christie%20-%20Peril%20at%20End%20House/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202740371270
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202740600598
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/The%20Count%20Of%20Monte%20Cristo/Images/armhelper.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWire

Edited by HIGHTOWER, 28 February 2008 - 06:12 PM.


#6 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 28 February 2008 - 06:11 PM

ABBYY FineReader 5.0 Sprint Plus
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
Adssite Games Collection
ATI Control Panel
ATI Display Driver
AVG 7.5
Big Fish Games Client
blueyonder Instant Support Tool
Browser Optimizer Rightonadz
CCleaner (remove only)
ContextAdvisor
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Dell System Restore
FBrowsingAdvisor
Football Manager 2008
Google Toolbar for Internet Explorer
Google Updater
Great Secrets Da Vinci
Hardwood Solitaire Deluxe
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Intel® PROSafe for Wired Connections
Intel® PROSet for Wired Connections
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 3
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (2.0.0.12)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MySidesearch Search Assistant Adssite
PlayMP3z
PowerDVD 5.5
RealPlayer
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Socialnetworking Helper Adssite
SolSuite 2008 v8.2
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Sunset Studio Deluxe
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
ZoneAlarm
ZoneAlarm Spy Blocker

#7 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:01:21 AM

Posted 29 February 2008 - 08:58 AM

Hi,

You need to uninstall quite a few programs from your computer. These programs are known bad ones and display unwanted popup advertisements.

Step 1
  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate Adssite Games Collection and click on Change/Remove to uninstall it.
  • Repeat for the following programs:
    • Browser Optimizer Rightonadz
    • CiD Help
    • CiD Manager
    • ContextAdvisor
    • FBrowsingAdvisor
    • Lop.com
    • LOP SEARCH
    • Messenger Plus! Live & Sponsor (CiD)
    • PlayMP3z
    • Socialnetworking Helper Adssite
    • ZoneAlarm Spy Blocker --- highly recommended to be removed, but it's your choice. You may need to re-install ZoneAlarm Firewall. Read more about it here.
  • Close Add/Remove Programs and Control Panel. Restart your computer. This is important!
You may also want to consider either of these firewalls. Remember to just install only ONE firewall as having more than one will cause conflicts.

Online Armour
Comodo Personal Firewall
Sunbelt Kerio
Sygate Personal Firewall

Here's some things to read about:

1. Messenger Plus! Live:

Messenger Plus! Live comes with an optional sponsor program that you can decide to install or not during setup (the same setup is always run, whether it's downloaded from the site or by the auto-update feature of Messenger Plus!, you will always be prompted the same way). This program shows ads from time to time on your computer


If you want it back, remember to uncheck the I refuse to give my support, don't install the sponsor box during when re-installing it.

https://msmvps.com/blogs/spywaresucks/archi.../12/277195.aspx
http://www.ie-vista.com/graphics3.html
http://www.msgpluslive.net/help/faq/privacy/

2. PlayMP3z

http://www.playmp3z.biz/eula

The EULA is long, but it states clearly that it installs other programs, which I've asked you to uninstall earlier on.

3. ZoneAlarm Spy Blocker

http://securitygarden.blogspot.com/2007/12...-zonealarm.html

Step 2
  • Download deljob.exe and save it to your desktop.
  • Double click on Deljob.exe.
  • A log, (logit.txt) will open afterwards. If it doesn't, please locate this log on your C drive.
  • Please post the contents of the logfile in your next reply together with a new HijackThis log.
In your next reply, please post:
  • deljob log (C:\deljob.txt)
  • A new HijackThis log

Posted Image

Done your best? Really?


#8 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 29 February 2008 - 12:48 PM

--------------------------------------------------------
No LOP job-files found
--------------------------------------------------------
Files in Windows Tasks folder

--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is 64E6-6318

Directory of C:\Documents and Settings\gavin\Application Data

29/02/2008 17:34 <DIR> .
29/02/2008 17:34 <DIR> ..
19/02/2008 19:51 <DIR> Adobe
12/02/2008 17:39 <DIR> AdobeUM
29/02/2008 14:14 <DIR> AVG7
29/02/2008 17:34 <DIR> Comodo
11/02/2008 17:38 <DIR> Google
21/11/2005 11:35 <DIR> Gtek
10/08/2004 13:08 <DIR> IDENTI~1 Identities
21/11/2005 11:37 <DIR> JASCSO~1 Jasc Software Inc
11/02/2008 17:33 <DIR> MACROM~1 Macromedia
28/02/2008 15:36 <DIR> MICROS~1 Microsoft
11/02/2008 17:27 <DIR> Mozilla
25/02/2008 17:43 <DIR> Real
21/11/2005 11:29 <DIR> Sun
20/02/2008 23:51 <DIR> SUPERA~1.COM SUPERAntiSpyware.com
21/11/2005 11:38 <DIR> Symantec
11/02/2008 17:27 <DIR> Talkback
17/02/2008 16:27 <DIR> TRUSTH~1 TRUST HOLE
19/02/2008 18:20 <DIR> Yahoo!
0 File(s) 0 bytes
20 Dir(s) 140,606,238,720 bytes free
Volume in drive C has no label.
Volume Serial Number is 64E6-6318

Directory of C:\Documents and Settings\All Users\Application Data

29/02/2008 17:34 <DIR> .
29/02/2008 17:34 <DIR> ..
18/02/2008 00:34 <DIR> Adobe
29/02/2008 14:15 <DIR> Avg7
11/02/2008 21:09 <DIR> BIGFIS~1 BigFishGamesCache
29/02/2008 17:41 <DIR> comodo
13/02/2008 19:33 <DIR> EA
24/02/2008 17:40 <DIR> FLOODL~1 Flood Light Games
15/02/2008 13:21 <DIR> FRIEND~1 Friends Games
11/02/2008 12:34 <DIR> Google
28/02/2008 23:08 <DIR> GOOGLE~1 Google Updater
17/02/2008 21:26 <DIR> GREYAL~1 Grey Alien Games
28/02/2008 15:36 <DIR> Grisoft
21/11/2005 11:35 <DIR> GTek
21/11/2005 11:37 <DIR> INSTAL~1 InstallShield
17/02/2008 14:15 <DIR> INTERN~1 INTERNET SPAM SUPPORT AUDIO
11/02/2008 23:13 <DIR> JOLLYB~1 JollyBear
18/02/2008 19:18 <DIR> Lavasoft
11/02/2008 17:06 <DIR> MAILFR~1 MailFrontier
22/02/2008 23:54 <DIR> MICROS~1 Microsoft
14/02/2008 14:14 <DIR> MONTEC~1 MonteCristo
11/02/2008 09:45 <DIR> MOTIVE~1 MotiveSysIDs
15/02/2008 21:08 <DIR> N7-89-~1 n7-89-o9-3r-4t-r9
12/02/2008 12:38 <DIR> PLAYFI~1 PlayFirst
10/08/2004 13:13 <DIR> SBSI
26/02/2008 17:40 <DIR> SPINTO~1 SpinTop Games
21/02/2008 22:53 <DIR> SPYBOT~1 Spybot - Search & Destroy
20/02/2008 23:51 <DIR> SUPERA~1.COM SUPERAntiSpyware.com
11/02/2008 16:45 <DIR> Symantec
28/02/2008 17:59 <DIR> TEMP
22/02/2008 22:18 <DIR> TREECA~1 TreeCardGames
14/02/2008 20:58 <DIR> Trymedia
11/02/2008 14:46 <DIR> WINDOW~1 Windows Genuine Advantage
16/02/2008 15:42 <DIR> WLINST~1 WLInstaller
22/02/2008 22:57 <DIR> Zylom
0 File(s) 0 bytes
35 Dir(s) 140,606,238,720 bytes free
--------------------------------------------------------
All User Accounts

#9 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 29 February 2008 - 12:52 PM

my new hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:13, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\Bags Mail.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mapi that] C:\DOCUME~1\gavin\APPLIC~1\TRUSTH~1\title link dash.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Agatha%20Christie%20-%20Peril%20at%20End%20House/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202740371270
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202740600598
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/The%20Count%20Of%20Monte%20Cristo/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9729 bytes

#10 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:01:21 AM

Posted 01 March 2008 - 09:53 AM

Hi,

Step 1

Please uninstall this program and restart your computer. I've missed it earlier. :thumbsup:

MySidesearch Search Assistant Adssite

Please also uninstall ZoneAlarm Firewall as you now have Comodo Firewall.

Step 2

Please disable Spybot Teatimer temporarily as it may interfere with the fixes.
  • Right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
  • Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
  • Click on Mode > Advanced Mode. When it prompts you, click Yes.
  • On the left hand side, click on Tools.
  • Check (tick) this box if it is not yet ticked: Resident.
  • You will notice that Resident is now added under Tools. Click on Resident.
  • Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
  • Exit Spybot Search & Destroy.
  • Restart your computer for the changes to take effect.
Step 3

Please open HijackThis and select Do a system scan only.

Put a check (tick) next to these lines:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O4 - HKLM\..\Run: [Support audio cool poll] C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO\Bags Mail.exe
O4 - HKCU\..\Run: [mapi that] C:\DOCUME~1\gavin\APPLIC~1\TRUSTH~1\title link dash.exe

Click Fix checked. Close HijackThis.

Step 4

Please download OTMoveIt2.exe by OldTimer and save it to your desktop.

Double click on OTMoveIt2.exe to run it.

Copy and paste the following in the Code box into OTMoveIt (1).

Note: Do not type it out to minimize the risk of typo error.

C:\WINDOWS\system32\mysidesearch_sidebar.dll
C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO
C:\Documents and Settings\gavin\Application Data\TRUST HOLE

Click on MoveIt! (2).

Click on Exit (3).

Please refer to this picture for using OTMoveIt.

Posted Image

A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers.

Please copy and paste this log in your next reply.

Step 5
  • Please download Deckard's System Scanner from Tech Support Forum and save it to your desktop. Note: You must be logged onto an account with administrator privileges.
  • Save all your work and close all opened programs.
  • Double click on dss.exe to run it. Follow the prompts.
  • When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized.
  • Please post the contents of the 2 log files in your next reply. 1 log per reply please.
In your next reply, please post:
  • OTMoveIt2 log
  • The 2 DSS logs

Posted Image

Done your best? Really?


#11 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 01 March 2008 - 06:48 PM

[nobackups]
[deleteself]
avenger.zip <Avenger by Swandog46>
avenger.exe
Avenger
avenger.txt
bfu.zip <BFU by Merijn>
BFU
combofix.exe <ComboFix by sUBs>
Combo-Fix.sys
ComboFix
erdnt
QooBox
ComboFix*.txt
catchme.exe
fdsv.exe
grep.exe
moveex.exe
nircmd.exe
sed.exe
swreg.exe
Swsc.exe
Swxcacls.exe
VFind.exe
zip.exe
tmp.reg
dss.exe <Deckard's System Scanner by Deckard>
Deckard
deljob.exe <Author Unknown>
deljob
logit.txt
FindAWF.exe <FindAWF by noahdfear>
AWF.txt
fixwareout.exe <FixWareout by LonnyRJones>
fixwareout
fsbl.exe <F-Secure BlackLight>
fsbl*.log
gmer.exe <GMER by Gmer>
gmer.dll
gmer.ini
gmer.log
gmer_uninstall.cmd
gmer.sys
gmer <delete service>
haxfix.exe <Haxfix by Markie>
haxfix.txt
killbox.exe <Killbox by Option^Explicit>
!Killbox
NoLop.exe <NoLop by ?>
NoLop.txt
NoLopOLD.txt
delete.bat
OTMoveIt.exe <OTMoveIt by OldTimer>
OTMoveIt2.exe
_OTMoveIt
rustbfix.exe <Rustbfix by Ejvindh>
Rustbfix
sdfix.exe <SDFix by Andy_Manchesta>
SDFix
SmitfraudFix.exe <SmitfraudFix by S!Ri>
SmitfraudFix
rapport.txt
SysInsite <System Insite by Bobbi Flekman>
VundoFix.exe <VundoFix by Atribune>
VundoFix Backups
vundofix.txt
vundofix.vft
win32delfkil.exe <WinDelfKil by Markie>
_backupD
windelf.txt
winpfind.exe <WinPfind by OldTimer>
WinPfind
WinPFind3u.exe <WinPFind3 by OldTimer>
WinPFind3u
WinPFind35u.exe <WinPFind35 by OldTimer>
WinPFind35u
cleanup.txt

#12 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 01 March 2008 - 07:23 PM

s System Scanner v20071014.68
Run by gavin on 2008-03-02 00:21:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as gavin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:21:13, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\gavin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\gavin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [mapi that] C:\DOCUME~1\gavin\APPLIC~1\TRUSTH~1\title link dash.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Big%20City%20Adventure%20-%20Sydney,%20Australia/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202740371270
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202740600598
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/The%20Count%20Of%20Monte%20Cristo/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 8927 bytes

-- Files created between 2008-02-02 and 2008-03-02 -----------------------------

2008-03-01 16:20:15 0 --a------ C:\Program Files\temp01
2008-03-01 14:37:50 0 d-------- C:\Documents and Settings\lorraine\Application Data\Comodo
2008-03-01 12:37:58 0 d-------- C:\Documents and Settings\darren\Application Data\Comodo
2008-03-01 02:04:12 0 dr-h----- C:\Documents and Settings\gavin\Recent
2008-02-29 19:19:21 0 d-------- C:\Documents and Settings\ricki\Application Data\AVG7
2008-02-29 19:19:19 0 d-------- C:\Documents and Settings\ricki\Application Data\Comodo
2008-02-29 17:34:46 0 d-------- C:\Documents and Settings\gavin\Application Data\Comodo
2008-02-29 17:34:44 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-02-29 17:34:42 0 d-------- C:\Program Files\COMODO
2008-02-29 17:18:06 0 dr-h----- C:\$VAULT$.AVG
2008-02-29 16:41:33 0 d-------- C:\?
2008-02-28 23:02:28 0 d-------- C:\Program Files\CCleaner
2008-02-28 19:57:03 0 d-------- C:\Documents and Settings\gavin\Application Data\AVG7
2008-02-28 18:58:50 0 d-------- C:\Documents and Settings\darren\Application Data\AVG7
2008-02-28 17:59:51 0 d-------- C:\Documents and Settings\lorraine\Application Data\My Games
2008-02-28 16:33:08 0 d-------- C:\Program Files\Shockwave.com
2008-02-28 15:37:42 0 d-------- C:\Documents and Settings\lorraine\Application Data\AVG7
2008-02-28 15:37:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-28 15:36:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-28 15:25:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-27 14:50:20 0 d-------- C:\Program Files\GamesBar
2008-02-26 17:40:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-02-25 23:20:26 0 d-------- C:\Documents and Settings\ricki\Application Data\Google
2008-02-25 23:13:05 0 d-------- C:\Documents and Settings\ricki\Application Data\Macromedia
2008-02-25 23:13:03 0 d-------- C:\Documents and Settings\ricki\Application Data\Adobe
2008-02-25 23:12:18 0 d-------- C:\Documents and Settings\ricki\Application Data\TRUST HOLE
2008-02-25 23:11:38 0 d-------- C:\Documents and Settings\ricki\Contacts
2008-02-25 23:05:43 0 d-------- C:\Documents and Settings\ricki\Application Data\Real
2008-02-25 23:03:24 0 d-------- C:\Documents and Settings\ricki\Application Data\Jasc Software Inc
2008-02-25 23:03:24 0 d-------- C:\Documents and Settings\ricki\Application Data\Identities
2008-02-25 23:03:24 0 d--h----- C:\Documents and Settings\ricki\Application Data\Gtek
2008-02-25 23:03:23 0 d--h----- C:\Documents and Settings\ricki\Templates
2008-02-25 23:03:23 0 dr------- C:\Documents and Settings\ricki\Start Menu
2008-02-25 23:03:23 0 dr-h----- C:\Documents and Settings\ricki\SendTo
2008-02-25 23:03:23 0 dr-h----- C:\Documents and Settings\ricki\Recent
2008-02-25 23:03:23 0 d--h----- C:\Documents and Settings\ricki\PrintHood
2008-02-25 23:03:23 0 d--h----- C:\Documents and Settings\ricki\NetHood
2008-02-25 23:03:23 0 dr------- C:\Documents and Settings\ricki\My Documents
2008-02-25 23:03:23 0 d--h----- C:\Documents and Settings\ricki\Local Settings
2008-02-25 23:03:23 0 dr------- C:\Documents and Settings\ricki\Favorites
2008-02-25 23:03:23 0 d-------- C:\Documents and Settings\ricki\Desktop
2008-02-25 23:03:23 0 d--hs---- C:\Documents and Settings\ricki\Cookies
2008-02-25 23:03:23 0 dr-h----- C:\Documents and Settings\ricki\Application Data
2008-02-25 23:03:23 0 d-------- C:\Documents and Settings\ricki\Application Data\Symantec
2008-02-25 23:03:23 0 d-------- C:\Documents and Settings\ricki\Application Data\Sun
2008-02-25 23:03:23 0 d---s---- C:\Documents and Settings\ricki\Application Data\Microsoft
2008-02-25 23:03:22 2621440 --a------ C:\Documents and Settings\ricki\NTUSER.DAT
2008-02-25 20:58:56 0 d-------- C:\Documents and Settings\lorraine\Application Data\iWin
2008-02-25 00:17:57 0 d-------- C:\9b963531cd7f9b7c5049db61
2008-02-24 19:50:14 0 dr-h----- C:\Documents and Settings\darren\Application Data\SecuROM
2008-02-24 19:33:11 0 d--h----- C:\Program Files\Zero G Registry
2008-02-24 19:33:11 0 d-------- C:\Program Files\Sports Interactive
2008-02-24 19:32:28 0 d--h----- C:\Documents and Settings\darren\InstallAnywhere
2008-02-24 19:31:05 0 d-------- C:\Documents and Settings\darren\Application Data\Sports Interactive
2008-02-24 17:40:25 0 d-------- C:\Documents and Settings\lorraine\Saved Games
2008-02-24 17:40:25 0 d-------- C:\Documents and Settings\lorraine\Application Data\Flood Light Games
2008-02-24 17:40:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-02-24 09:47:09 0 d-------- C:\Documents and Settings\darren\Application Data\Real
2008-02-23 23:33:52 0 d-------- C:\Documents and Settings\gavin\Application Data\Real
2008-02-23 22:25:00 0 d-------- C:\Program Files\Common Files\xing shared
2008-02-23 22:24:22 0 d-------- C:\Program Files\Common Files\Real
2008-02-23 22:24:16 0 d-------- C:\Program Files\Real
2008-02-23 22:23:01 0 d-------- C:\Documents and Settings\lorraine\Application Data\Real
2008-02-23 22:00:58 0 d-------- C:\Program Files\Ahead
2008-02-23 21:38:21 0 d-------- C:\Program Files\uTorrent
2008-02-23 21:38:17 0 d-------- C:\Documents and Settings\lorraine\Application Data\uTorrent
2008-02-23 20:34:05 80090 --a------ C:\WINDOWS\system32\adssite-remove.exe
2008-02-23 18:08:16 0 d-------- C:\Documents and Settings\darren\Application Data\Mozilla
2008-02-23 18:08:13 0 d-------- C:\Program Files\FBrowserAdvisor
2008-02-23 17:56:19 0 d-------- C:\Documents and Settings\darren\Application Data\LimeWire
2008-02-22 23:54:10 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-22 23:52:58 0 d-------- C:\Program Files\MSBuild
2008-02-22 23:48:59 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-02-22 23:48:17 0 d-------- C:\Program Files\Reference Assemblies
2008-02-22 23:46:49 0 d-------- C:\40f3275c9ac9a0f484
2008-02-22 23:46:46 0 d-------- C:\Program Files\MSXML 6.0
2008-02-22 23:45:46 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-22 23:43:03 0 d-------- C:\WINDOWS\system32\LogFiles
2008-02-22 23:43:03 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-22 23:41:32 0 d-------- C:\WINDOWS\network diagnostic
2008-02-22 23:36:24 0 d-------- C:\WINDOWS\RegisteredPackages
2008-02-22 22:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-02-22 22:18:17 0 d-------- C:\Documents and Settings\lorraine\Application Data\SolSuite
2008-02-22 22:18:17 0 d-------- C:\Documents and Settings\All Users\Application Data\TreeCardGames
2008-02-22 22:18:11 0 d-------- C:\Program Files\SolSuite
2008-02-22 19:42:59 0 d-------- C:\Program Files\Sunset Studio Deluxe
2008-02-22 18:14:33 0 d-------- C:\Program Files\Great Secrets Da Vinci
2008-02-22 18:10:58 0 d-------- C:\Program Files\ReflexiveArcade
2008-02-21 22:55:02 0 d-------- C:\Documents and Settings\gavin\.housecall6.6
2008-02-21 18:36:19 0 d-------- C:\Documents and Settings\lorraine\Application Data\Mysteryville2
2008-02-20 23:51:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-20 23:51:45 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-20 23:51:44 0 d-------- C:\Documents and Settings\gavin\Application Data\SUPERAntiSpyware.com
2008-02-20 22:23:23 212 --a------ C:\delete.bat
2008-02-20 22:14:33 0 d-------- C:\NoLopBackups
2008-02-20 19:52:32 0 d-------- C:\Program Files\Trend Micro
2008-02-19 21:02:50 0 d-------- C:\Documents and Settings\darren\Application Data\Yahoo!
2008-02-19 18:20:39 0 d-------- C:\Documents and Settings\gavin\Application Data\Yahoo!
2008-02-19 16:50:27 0 d-------- C:\Documents and Settings\lorraine\Application Data\Goodsol
2008-02-19 15:12:22 0 d-------- C:\Program Files\Yahoo! Games
2008-02-19 14:59:50 0 d-------- C:\Program Files\TryMedia
2008-02-19 13:06:48 0 d-------- C:\Documents and Settings\lorraine\Application Data\Yahoo!
2008-02-19 13:06:47 0 d-------- C:\Program Files\Yahoo!
2008-02-19 13:05:36 0 d-------- C:\WINDOWS\cache
2008-02-18 19:19:00 0 d-------- C:\Program Files\Lavasoft
2008-02-18 19:17:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-18 15:15:12 0 d-------- C:\Program Files\Around the World in 80 Days
2008-02-18 14:38:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 21:26:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
2008-02-17 20:01:24 0 d-------- C:\Documents and Settings\lorraine\Application Data\TRUST HOLE
2008-02-17 16:10:28 0 d-------- C:\Documents and Settings\gavin\Application Data\TRUST HOLE
2008-02-17 14:16:10 0 d-------- C:\Documents and Settings\darren\Contacts
2008-02-17 14:15:43 0 d-------- C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO
2008-02-17 14:15:27 0 d-------- C:\Program Files\TRUST HOLE
2008-02-17 14:15:26 0 d-------- C:\Documents and Settings\darren\Application Data\TRUST HOLE
2008-02-17 12:29:32 0 d-------- C:\Documents and Settings\lorraine\Application Data\WinRAR
2008-02-16 15:43:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-16 15:42:53 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-16 15:38:53 0 d-------- C:\Documents and Settings\darren\Application Data\Macromedia
2008-02-16 15:37:19 0 d-------- C:\Documents and Settings\darren\Application Data\Adobe
2008-02-16 15:37:15 0 d-------- C:\Documents and Settings\darren\Application Data\Google
2008-02-16 15:33:39 0 d-------- C:\Documents and Settings\darren\Application Data\Jasc Software Inc
2008-02-16 15:33:39 0 d-------- C:\Documents and Settings\darren\Application Data\Identities
2008-02-16 15:33:39 0 d--h----- C:\Documents and Settings\darren\Application Data\Gtek
2008-02-16 15:33:38 0 d--h----- C:\Documents and Settings\darren\Application Data
2008-02-16 15:33:38 0 d-------- C:\Documents and Settings\darren\Application Data\Symantec
2008-02-16 15:33:38 0 d-------- C:\Documents and Settings\darren\Application Data\Sun
2008-02-16 15:33:38 0 d---s---- C:\Documents and Settings\darren\Application Data\Microsoft
2008-02-16 15:33:37 0 d--h----- C:\Documents and Settings\darren\Templates
2008-02-16 15:33:37 0 dr------- C:\Documents and Settings\darren\Start Menu
2008-02-16 15:33:37 0 dr-h----- C:\Documents and Settings\darren\SendTo
2008-02-16 15:33:37 0 dr-h----- C:\Documents and Settings\darren\Recent
2008-02-16 15:33:37 0 d--h----- C:\Documents and Settings\darren\PrintHood
2008-02-16 15:33:37 0 d--h----- C:\Documents and Settings\darren\NetHood
2008-02-16 15:33:37 0 dr------- C:\Documents and Settings\darren\My Documents
2008-02-16 15:33:37 0 d--h----- C:\Documents and Settings\darren\Local Settings
2008-02-16 15:33:37 0 dr------- C:\Documents and Settings\darren\Favorites
2008-02-16 15:33:37 0 d-------- C:\Documents and Settings\darren\Desktop
2008-02-16 15:33:37 0 d--hs---- C:\Documents and Settings\darren\Cookies
2008-02-16 15:33:36 2883584 --a------ C:\Documents and Settings\darren\NTUSER.DAT
2008-02-15 21:08:23 0 d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-02-15 21:08:00 0 d-------- C:\Documents and Settings\lorraine\Application Data\GameHouse
2008-02-15 13:41:12 0 d-------- C:\Documents and Settings\lorraine\Application Data\Pogo Games
2008-02-14 20:58:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-14 20:56:50 0 d-------- C:\GameFools
2008-02-14 14:14:30 0 d-------- C:\Documents and Settings\All Users\Application Data\MonteCristo
2008-02-14 13:39:13 0 d-------- C:\Documents and Settings\lorraine\Application Data\SpinTop
2008-02-13 23:16:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Friends Games
2008-02-13 23:14:58 0 d-------- C:\Program Files\Virgin Media Games
2008-02-13 19:33:47 0 d-------- C:\Documents and Settings\All Users\Application Data\EA
2008-02-13 19:04:34 0 d-------- C:\Documents and Settings\lorraine\Application Data\EA
2008-02-13 19:02:09 0 d-------- C:\Program Files\Oberon Media
2008-02-12 22:09:17 0 d-------- C:\Program Files\Windows Live
2008-02-12 22:02:04 0 d-------- C:\Documents and Settings\lorraine\Contacts
2008-02-12 22:00:37 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-02-12 22:00:06 0 d-------- C:\Program Files\MSN Messenger
2008-02-12 21:23:03 0 d-------- C:\Program Files\MSN Games
2008-02-12 19:20:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 17:39:24 0 d-------- C:\Documents and Settings\gavin\Application Data\AdobeUM
2008-02-12 12:38:15 0 d-------- C:\Documents and Settings\lorraine\Application Data\PlayFirst
2008-02-12 12:38:15 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-02-12 00:41:21 0 d-------- C:\WINDOWS\Downloaded Installations
2008-02-11 23:04:58 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2008-02-11 21:12:30 4096 --a------ C:\WINDOWS\d3dx.dat
2008-02-11 21:09:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 21:06:41 0 d-------- C:\Program Files\bfgclient
2008-02-11 21:06:41 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-02-11 20:31:46 0 d-------- C:\Documents and Settings\lorraine\Application Data\MSNInstaller
2008-02-11 19:01:13 0 d-------- C:\Documents and Settings\gavin\Application Data\Adobe
2008-02-11 17:33:19 0 d-------- C:\Documents and Settings\gavin\Application Data\Macromedia
2008-02-11 17:29:27 0 d-------- C:\Documents and Settings\gavin\Application Data\Google
2008-02-11 17:27:43 0 d-------- C:\Documents and Settings\gavin\Application Data\Talkback
2008-02-11 17:27:05 0 d-------- C:\Documents and Settings\gavin\Application Data\Mozilla
2008-02-11 17:24:18 0 d-------- C:\Documents and Settings\gavin\Application Data\Jasc Software Inc
2008-02-11 17:24:18 0 d-------- C:\Documents and Settings\gavin\Application Data\Identities
2008-02-11 17:24:18 0 d--h----- C:\Documents and Settings\gavin\Application Data\Gtek
2008-02-11 17:24:17 0 d--h----- C:\Documents and Settings\gavin\Templates
2008-02-11 17:24:17 0 dr------- C:\Documents and Settings\gavin\Start Menu
2008-02-11 17:24:17 0 dr-h----- C:\Documents and Settings\gavin\SendTo
2008-02-11 17:24:17 0 d--h----- C:\Documents and Settings\gavin\PrintHood
2008-02-11 17:24:17 4456448 --a------ C:\Documents and Settings\gavin\NTUSER.DAT
2008-02-11 17:24:17 0 d--h----- C:\Documents and Settings\gavin\NetHood
2008-02-11 17:24:17 0 dr------- C:\Documents and Settings\gavin\My Documents
2008-02-11 17:24:17 0 d--h----- C:\Documents and Settings\gavin\Local Settings
2008-02-11 17:24:17 0 dr------- C:\Documents and Settings\gavin\Favorites
2008-02-11 17:24:17 0 d-------- C:\Documents and Settings\gavin\Desktop
2008-02-11 17:24:17 0 d--hs---- C:\Documents and Settings\gavin\Cookies
2008-02-11 17:24:17 0 dr-h----- C:\Documents and Settings\gavin\Application Data
2008-02-11 17:24:17 0 d-------- C:\Documents and Settings\gavin\Application Data\Symantec
2008-02-11 17:24:17 0 d-------- C:\Documents and Settings\gavin\Application Data\Sun
2008-02-11 17:08:35 17201184 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-11 17:06:06 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-11 17:06:01 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-11 17:05:54 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-02-11 17:05:33 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-11 17:03:55 0 d-------- C:\WINDOWS\Internet Logs
2008-02-11 16:55:23 1167 --a------ C:\WINDOWS\mozver.dat
2008-02-11 15:07:18 0 d-------- C:\Program Files\MSXML 4.0
2008-02-11 15:05:29 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-11 14:46:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-02-11 14:41:27 0 d-------- C:\WINDOWS\system32\PreInstall
2008-02-11 14:33:39 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-02-11 12:36:52 0 d-------- C:\Documents and Settings\lorraine\Application Data\Talkback
2008-02-11 12:36:42 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-11 12:36:39 0 d-------- C:\Documents and Settings\lorraine\Application Data\Mozilla
2008-02-11 12:34:41 0 d-------- C:\Documents and Settings\lorraine\Application Data\Google
2008-02-11 12:34:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-02-11 12:34:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-11 11:27:21 0 d-------- C:\WINDOWS\Sun
2008-02-11 11:11:59 0 d-------- C:\Program Files\Dell Computer
2008-02-11 11:10:27 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-02-11 11:10:18 0 d-------- C:\Program Files\Dl_cats
2008-02-11 11:06:42 0 d-------- C:\Program Files\Dell Photo AIO Printer 922
2008-02-11 10:56:11 0 d-------- C:\Documents and Settings\lorraine\Application Data\Adobe
2008-02-11 10:56:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-11 10:41:15 0 d-------- C:\Program Files\Google
2008-02-11 10:00:02 0 d--hs---- C:\Documents and Settings\lorraine\UserData
2008-02-11 09:50:57 0 d-------- C:\Documents and Settings\lorraine\Application Data\Macromedia
2008-02-11 09:48:53 0 d-------- C:\WINDOWS\Motive
2008-02-11 09:48:42 0 d-------- C:\Program Files\Motive
2008-02-11 09:48:42 0 d-------- C:\Program Files\blueyonder IST
2008-02-11 09:45:33 0 d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-02-11 09:45:21 69632 --a------ C:\WINDOWS\system32\MCCDevice.dll <Not Verified; Motive Communications, Inc.; >
2008-02-11 09:45:21 6048 --a------ C:\WINDOWS\system32\mcc16.dll
2008-02-11 09:45:18 81920 --a------ C:\WINDOWS\system32\W32n50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-02-11 09:45:18 17162 --a------ C:\WINDOWS\system32\Pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-02-11 09:45:18 16848 --a------ C:\WINDOWS\system32\Pcandis4.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-02-11 09:37:53 0 d-------- C:\Program Files\Common Files\Motive
2008-02-11 09:37:40 0 d-------- C:\WINDOWS\Drivers
2008-02-11 09:35:27 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:27 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:27 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:26 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-02-11 09:35:26 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-11 09:35:22 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-02-11 09:35:22 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-02-11 09:35:22 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:22 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:22 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:21 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:21 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:21 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:21 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:21 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:20 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:20 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:35:19 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-02-11 09:22:32 0 dr------- C:\Documents and Settings\lorraine\Favorites
2008-02-11 09:22:32 0 d-------- C:\Documents and Settings\lorraine\Desktop
2008-02-11 09:22:32 0 d--hs---- C:\Documents and Settings\lorraine\Cookies
2008-02-11 09:22:32 0 dr-h----- C:\Documents and Settings\lorraine\Application Data
2008-02-11 09:22:32 0 d-------- C:\Documents and Settings\lorraine\Application Data\Symantec
2008-02-11 09:22:32 0 d-------- C:\Documents and Settings\lorraine\Application Data\Sun
2008-02-11 09:22:32 0 d---s---- C:\Documents and Settings\lorraine\Application Data\Microsoft
2008-02-11 09:22:32 0 d-------- C:\Documents and Settings\lorraine\Application Data\Jasc Software Inc
2008-02-11 09:22:32 0 d-------- C:\Documents and Settings\lorraine\Application Data\Identities
2008-02-11 09:22:32 0 d--h----- C:\Documents and Settings\lorraine\Application Data\Gtek
2008-02-11 09:22:31 0 d--h----- C:\Documents and Settings\lorraine\Templates
2008-02-11 09:22:31 0 dr------- C:\Documents and Settings\lorraine\Start Menu
2008-02-11 09:22:31 0 dr-h----- C:\Documents and Settings\lorraine\SendTo
2008-02-11 09:22:31 0 dr-h----- C:\Documents and Settings\lorraine\Recent
2008-02-11 09:22:31 0 d--h----- C:\Documents and Settings\lorraine\PrintHood
2008-02-11 09:22:31 4456448 --ah----- C:\Documents and Settings\lorraine\NTUSER.DAT
2008-02-11 09:22:31 0 d--h----- C:\Documents and Settings\lorraine\NetHood
2008-02-11 09:22:31 0 dr------- C:\Documents and Settings\lorraine\My Documents
2008-02-11 09:22:31 0 d--h----- C:\Documents and Settings\lorraine\Local Settings
2008-02-11 09:22:07 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-02-11 09:22:03 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2008-02-11 09:22:03 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2008-02-11 09:22:03 0 d-------- C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
2008-02-11 09:22:03 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities


-- Find3M Report ---------------------------------------------------------------

2008-02-28 00:47:40 209 --a------ C:\Documents and Settings\gavin\Application Data\urlredir.cfg
2008-02-27 16:12:40 0 d-------- C:\Program Files\Common Files
2008-02-18 00:26:25 0 d-------- C:\Program Files\Java
2008-02-11 17:08:32 0 d-------- C:\Program Files\Symantec
2008-02-11 16:47:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-11 11:13:16 0 d-------- C:\Program Files\Jasc Software Inc
2007-12-21 14:39:14 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"SigmatelSysTrayApp"="stsystra.exe" [23/03/2005 00:20 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/08/2005 21:05]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [23/02/2005 16:19]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [27/01/2005 01:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 01:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27/07/2004 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27/07/2004 16:50]
"Workflow"="D:\Workflow.exe" []
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [22/04/2005 12:45]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [09/11/2004 21:41]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [09/03/2007 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [23/02/2008 22:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [28/02/2008 15:36]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [29/02/2008 17:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [19/07/2004 07:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]
"mapi that"="C:\DOCUME~1\gavin\APPLIC~1\TRUSTH~1\title link dash.exe" [17/02/2008 14:15]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [11/02/2008 12:34:19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-03-02 00:21:53 ------------

#13 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 01 March 2008 - 07:25 PM

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 510.07 MiB / 172.48 MiB
Pagefile Memory (total/avail): 1245.25 MiB / 778.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.14 MiB

C: is Fixed (NTFS) - 145.95 GiB total, 130.34 GiB free.
D: is CDROM (UDF1.02)

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 62.72 MiB
\PARTITION1 (bootable) - Installable File System - 145.95 GiB - C:
\PARTITION2 - Unknown - 3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\gavin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D6MMGY1J
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\gavin
LOGONSERVER=\\D6MMGY1J
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\gavin\LOCALS~1\Temp
TMP=C:\DOCUME~1\gavin\LOCALS~1\Temp
USERDOMAIN=D6MMGY1J
USERNAME=gavin
USERPROFILE=C:\Documents and Settings\gavin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

lorraine (admin)
gavin (admin)
ricki (admin)
darren (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
blueyonder Instant Support Tool --> C:\WINDOWS\Motive\blueyonder\MCCUninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Photo AIO Printer 922 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support 5.0.0 (630) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hardwood Solitaire Deluxe --> C:\Program Files\Oberon Media\Hardwood Solitaire Deluxe\solitaire.exe -Uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SolSuite 2008 v8.2 --> "C:\Program Files\SolSuite\unins000.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sunset Studio Deluxe --> "C:\Program Files\Sunset Studio Deluxe\ReflexiveArcade\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type852 / Success
Event Submitted/Written: 03/01/2008 08:02:36 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type839 / Success
Event Submitted/Written: 03/01/2008 00:42:48 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type810 / Success
Event Submitted/Written: 02/29/2008 07:35:42 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type804 / Warning
Event Submitted/Written: 02/29/2008 05:38:31 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type798 / Error
Event Submitted/Written: 02/29/2008 05:07:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module iebrowserc.dll, version 1.0.0.0, fault address 0x0001c0a4.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

#14 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:01:21 AM

Posted 02 March 2008 - 11:04 AM

Hi,

You didn't follow the OTMoveIt instructions carefully. Please follow all the instructions carefully.

Step 1

Please open HijackThis and select Do a system scan only.

Put a check (tick) next to this line:
O4 - HKCU\..\Run: [mapi that] C:\DOCUME~1\gavin\APPLIC~1\TRUSTH~1\title link dash.exe
Click Fix checked. Close HijackThis.

Step 2

Please download OTMoveIt2.exe by OldTimer and save it to your desktop.

Double click on OTMoveIt2.exe to run it.

Copy and paste the following in the Code box into OTMoveIt (1).

Note: Do not type it out to minimize the risk of typo error.

C:\WINDOWS\system32\adssite-remove.exe
C:\Documents and Settings\ricki\Application Data\TRUST HOLE
C:\Program Files\TRUST HOLE
C:\Program Files\FBrowserAdvisor
C:\NoLopBackups
C:\Documents and Settings\darren\Application Data\TRUST HOLE
C:\Documents and Settings\lorraine\Application Data\TRUST HOLE
C:\Documents and Settings\gavin\Application Data\TRUST HOLE
C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO
C:\WINDOWS\system32\mysidesearch_sidebar.dll

Click on MoveIt! (2).

Click on Exit (3).

Please refer to this picture for using OTMoveIt.

Posted Image

A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers.

Please copy and paste this log in your next reply.

Step 3
  • Click on Start > Run again. Copy and paste in "%userprofile%\desktop\dss.exe" /config
  • Under Main Log section, check (tick) these boxes:
    • HijackThis
      System Restore
      File Associations
      Drivers
      Services
      Scheduled Tasks
      Files Created/Modify
      Registry Dump
  • Under Options section, check (tick) Backup Registry Hives box.
  • Under Extra Log, check (tick) Event Logs.
  • Click on Scan!.
  • When done, Notepad will open. Please post the contents of this Notepad file in your next reply.
Step 4

Please open Notepad and copy and paste the following in the Code box into Notepad:

dir /s C:\Program Files\temp01 >> C:\look1.txt
type C:\delete.bat >> C:\look2.txt
type C:\look*.txt >> C:\results.txt
del /q C:\look*.txt
start notepad C:\results.txt

Click on File > Save As....

In the File Name box, copy and paste in look.bat

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on look.bat to run it. Command Prompt will open and close quickly; this is normal. Notepad will open shortly afterwards. Please post the contents of this Notepad file in your next reply.

In your next reply, please post:
  • OTMoveIt2 log
  • The 2 DSS logs
  • Contents of Notepad file from Step 4

Posted Image

Done your best? Really?


#15 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 02 March 2008 - 04:56 PM

File/Folder CODE not found.
File/Folder C:\WINDOWS\system32\adssite-remove.exe not found.
File/Folder C:\Documents and Settings\ricki\Application Data\TRUST HOLE not found.
File/Folder C:\Program Files\TRUST HOLE not found.
File/Folder C:\Program Files\FBrowserAdvisor not found.
File/Folder C:\NoLopBackups not found.
File/Folder C:\Documents and Settings\darren\Application Data\TRUST HOLE not found.
File/Folder C:\Documents and Settings\lorraine\Application Data\TRUST HOLE not found.
File/Folder C:\Documents and Settings\gavin\Application Data\TRUST HOLE not found.
File/Folder C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO not found.
File/Folder C:\WINDOWS\system32\mysidesearch_sidebar.dll not found.

OTMoveIt2 v1.0.20 log created on 03022008_215420




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users