Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure Of Infection -- Ie Runs Very Slowly


  • Please log in to reply
17 replies to this topic

#1 Bike Psycho

Bike Psycho

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 14 January 2007 - 12:48 PM

Hi, my IE is running EXTREMELY slowly, especially at start and page loading. I ran HJ and here is the log file. Any/all help is greatly appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 12:41:25 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\mstlsapi.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\HijackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [1:] c:\hp\bin\hpdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S2E8.tmp" /EF "HKLM"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\RunOnce: [Shockwave 10] "C:\WINDOWS\system32\Macromed\Shockwave 10\swinit.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://ps.theport.com/xmlplayer/english/isetup.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} -
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} -
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O20 - AppInit_DLLs:
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mstlsapi - Unknown owner - C:\WINDOWS\mstlsapi.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 14 January 2007 - 01:06 PM

You have no active AntiVirus and are infected

Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/


======================
Click on http://noahdfear.geekstogo.com/FindAWF.exe to download FindAWF.exe and save it to your desktop.
· Double-click on the FindAWF.exe file to run it.
· It will open a command prompt and ask you to "Press any key to continue".
· Press any key and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
· It may take a few minutes to complete so be patient.
· When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or whatever location you ran the file from.
· Come back here to this thread and copy and paste the contents of the AWF.txt file in your next reply.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 Bike Psycho

Bike Psycho
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 15 January 2007 - 01:05 AM

Hi,

Thank you for the assistance! I downloaded AVG and ran the scan, then downloaded AWF.exe and ran that. Here's the notepad file it produced:


Find AWF report by noahdfear ©2006


21504 byte files found
~~~~~~~~~~~~~



21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~



25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~


Directory of C:\HP\BIN\BAK

02/19/2002 05:17 PM 313,344 hpdrv.exe
1 File(s) 313,344 bytes

Directory of C:\HP\KBD\BAK

07/06/2001 11:56 PM 61,440 KBD.EXE
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\MICROS~3\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/05/2003 06:16 PM 77,824 qttask.exe
1 File(s) 77,824 bytes

Directory of C:\PROGRA~1\SPYBOT~1\BAK

05/12/2004 01:03 AM 1,038,336 TeaTimer.exe
1 File(s) 1,038,336 bytes

Directory of C:\WINDOWS\SMINST\BAK

06/16/2001 01:34 AM 212,992 RECGUARD.EXE
1 File(s) 212,992 bytes

Directory of C:\WINDOWS\SYSTEM\BAK

05/07/1998 07:04 PM 52,736 hpsysdrv.exe
1 File(s) 52,736 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 02:56 AM 15,360 ctfmon.exe
08/08/2001 02:36 AM 90,112 hkcmd.exe
11/29/2001 10:49 PM 32,768 HpSrvUI.exe
08/08/2001 03:25 AM 143,360 igfxtray.exe
07/03/2001 11:13 PM 81,920 ps2.exe
5 File(s) 363,520 bytes

Directory of C:\HP\DRIVERS\SCANNERS\BAK

12/13/2001 09:24 PM 20,480 scannerfb.exe
1 File(s) 20,480 bytes

Directory of C:\PROGRA~1\HPSELECT\FRONTEND\BAK

08/13/2001 10:23 PM 45,056 ct.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\ULEADS~1\ULEADP~1\BAK

01/12/2004 08:40 PM 69,632 calcheck.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\ULEADS~1\ULEADP~1.0SE\BAK

11/18/2003 05:20 PM 45,056 Monitor.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\12908~1.500\BAK

10/16/2006 07:12 PM 163,576 GoogleToolbarNotifier.exe
1 File(s) 163,576 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~2.0_0\BIN\BAK

11/10/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\BAK

08/04/2004 02:56 AM 158,208 MSConfig.exe
1 File(s) 158,208 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

313344 Feb 19 2002 "C:\hp\bin\bak\hpdrv.exe"
61440 Jul 6 2001 "C:\hp\KBD\bak\KBD.EXE"
77824 Jan 5 2003 "C:\Program Files\QuickTime\bak\qttask.exe"
1038336 May 12 2004 "C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe"
212992 Jun 16 2001 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
52736 May 7 1998 "C:\WINDOWS\SYSTEM\bak\hpsysdrv.exe"
15360 Aug 4 2004 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
90112 Aug 8 2001 "C:\hp\drivers\video\HKCMD.EXE"
90112 Aug 8 2001 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"
32768 Nov 29 2001 "C:\WINDOWS\SYSTEM32\bak\HpSrvUI.exe"
143360 Aug 8 2001 "C:\hp\drivers\video\IGFXTRAY.EXE"
143360 Aug 8 2001 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"
81920 Jul 3 2001 "C:\hp\drivers\keyboard\PS2.EXE"
81920 Jul 3 2001 "C:\WINDOWS\SYSTEM32\bak\ps2.exe"
20480 Dec 13 2001 "C:\hp\drivers\scanners\bak\scannerfb.exe"
45056 Aug 13 2001 "C:\Program Files\HPSelect\frontend\bak\ct.exe"
69632 Jan 12 2004 "C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\bak\calcheck.exe"
45056 Nov 18 2003 "C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\bak\Monitor.exe"
1507328 Aug 6 2006 "C:\Program Files\Real\RealArcade\GoogleInstApp.exe"
163576 Oct 16 2006 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe"
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
158208 Aug 4 2004 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe"
158208 Aug 4 2004 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe"


end of report

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 15 January 2007 - 10:07 AM

This is a strange virus that copyies the valid file to a bak directory and then drops the infected file into the proper location

Go to safe mode and delete the first file of the pairs and then COPY the file from the bak location to the proper location



15360 Aug 4 2004 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"

90112 Aug 8 2001 "C:\hp\drivers\video\HKCMD.EXE"
90112 Aug 8 2001 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"

143360 Aug 8 2001 "C:\hp\drivers\video\IGFXTRAY.EXE"
143360 Aug 8 2001 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"

81920 Jul 3 2001 "C:\hp\drivers\keyboard\PS2.EXE"
81920 Jul 3 2001 "C:\WINDOWS\SYSTEM32\bak\ps2.exe"

158208 Aug 4 2004 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe"
158208 Aug 4 2004 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe"
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 Bike Psycho

Bike Psycho
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 15 January 2007 - 11:29 AM

For the 5 files indicated, (from safe mode) I deleted the files, then copied the corresponding file in \bak and then pasted it in the original location of the deleted files. Then I restarted.

Is there anything else I need to do?

Thank you!

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 15 January 2007 - 12:02 PM

Post a new hijack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 Bike Psycho

Bike Psycho
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 15 January 2007 - 12:58 PM

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:56:13 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\HijackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S2E8.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://ps.theport.com/xmlplayer/english/isetup.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} -
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} -
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O20 - AppInit_DLLs:
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mstlsapi - Unknown owner - C:\WINDOWS\mstlsapi.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 15 January 2007 - 02:53 PM

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)

O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -

O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} –

O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} -

O20 - AppInit_DLLs:

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 Bike Psycho

Bike Psycho
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 15 January 2007 - 04:36 PM

OK, I've performed all the steps you advised. During the HJT "fix" I got a prompt requesting information about the deletion of 020 - AppInit_DLLs:. It requested that I send the reason for deleting this line to merjin@spywareinfor.com.

That was the only unexpected thing that occurred while I was following the instrux.

Here is the new HJT log. And again, thanks!

Logfile of HijackThis v1.99.1
Scan saved at 4:31:45 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\HijackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S2E8.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://ps.theport.com/xmlplayer/english/isetup.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mstlsapi - Unknown owner - C:\WINDOWS\mstlsapi.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 15 January 2007 - 06:16 PM

Should have warned you - it does that on O20's

Sorry I overlooked a couple things

Fix these with HiJackThis – mark them, close IE, click fix checked

O23 - Service: mstlsapi - Unknown owner - C:\WINDOWS\mstlsapi.exe (file missing)

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
=================
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

mstlsapi

Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

Repeat for this - System Startup Service
====================
START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system


===============

What is disabled in msconfig
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 Bike Psycho

Bike Psycho
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 15 January 2007 - 11:45 PM

OK, this is what happened when I did this (the new HJT log is below). And thanks again!

1) I ran HJT and checked:

O23 - Service - mstlsapi - Unknown owner - C:\WINDOWS\MSTLSAPI.EXE (file missing)
and
O23 - Service: System Startup Service(SvxProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing).

Then I clicked on Fix.

I got a warning that I was altering the system processes and that the changes would not take effect until a restart, then I got a prompt for restart, which I clicked yes.

2) The computer restarted, and I followed your instructions re: services.msc.

a. Under mstlsapi properties the startup type alreadly was "disabled" and the service already was listed as "stopped."

b. Under System Startup Service the startup type was listed as "automatic." I changed that to "disabled." The service already was stopped.

3) When I ran START -- RUN -- %temp% - OK - Edit - Select all - File - Delete I got this message:

"The folder Temporary Internet Files contains items whose name is too long for the Recycle Bin. Do you want to permanantly delete?"

I clicked "Yes." It began to delete the files then I got the prompt:

"The file desktop.ini is a system file. If you delete it, your computer or one of your programs may no longer work correctly. Are you sure you want to delete it?"

I clicked "no."

Then I got the exact same message again and I clicked "no" again. At that time I got his message:

"Cannot remove folder WT2BCC2B. The directory is not empty."

4) I deleted the single file in the c:\Windows\Temp folder.

5) Here is the HJT log (list of what is disabled in msconfig is after this).

Logfile of HijackThis v1.99.1
Scan saved at 11:21:23 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3apphk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\HijackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S2E8.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://ps.theport.com/xmlplayer/english/isetup.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

6) Items disabled in msconfig (this list is long -- the computer is old)

AOLLaunch
nthrcl32
imnewkn
bxmwqtn
cvggncyp
DeadAim
GSM2
AOLSoftware
otyjdq
MediaAcck
Money Express
msmsgs
Rundll32
paufwt
pxbudwix
ntv2disp
RealPlay
Skype
TBPS
Virtual Bouncer
ViewMgr
cdaEngine0400
WToolsA
Game Channel
ypager
yfgrofc
AutostarterR
HOTSYNCSHORTCUTNAME
hu center UI
hp center
Syp Subtract
Palm Registration
RegFreeze

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 16 January 2007 - 09:14 AM

Your version of Ewido is very old and has been replaced by AVG AS 7.5

delete Ewido in add/remove and then get the new one

http://www.ewido.net/en/download/
==================================

Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.

=================================

You have some nasties in that list - after running SuperAnti enable everything in msconfig and then we can clear the bad one
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 Bike Psycho

Bike Psycho
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 17 January 2007 - 08:28 AM

Here's the SAS report:

SUPERAntiSpyware Scan Log
Generated 01/17/2007 at 02:51 AM

Application Version : 3.5.1016

Core Rules Database Version : 3165
Trace Rules Database Version: 1176

Scan type : Complete Scan
Total Scan Time : 02:22:18

Memory items scanned : 334
Memory threats detected : 0
Registry items scanned : 5459
Registry threats detected : 16
File items scanned : 144407
File threats detected : 417

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@www.searchingbooth[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.buddyprofile[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.vnuemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ientry[1].txt
C:\Documents and Settings\Owner\Cookies\owner@windowsmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a.websponsors[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adcentriconline[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.hbmediapro[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eboz[2].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@banners[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.keepmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@roiservice[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dealtime[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.zanox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adecn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.businessweek[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[2].txt
C:\Documents and Settings\Owner\Cookies\owner@searchingbooth[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bannerads[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bannerspace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@icc.intellisrv[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.gimmesex[3].txt
C:\Documents and Settings\Owner\Cookies\owner@partypoker.touchclarity[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.stephensmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@metareward[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.belointeractive[2].txt
C:\Documents and Settings\Owner\Cookies\owner@partypoker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.dgm2[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ssmark1[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cliks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.top-banners[1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.realcastmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@banners.searchingbooth[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.yfdmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@a[3].txt
C:\Documents and Settings\Owner\Cookies\owner@stats-tracking[2].txt
C:\Documents and Settings\Owner\Cookies\owner@350[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt
C:\Documents and Settings\Owner\Cookies\owner@a[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@centralmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.screensavers[1].txt
C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner\Cookies\owner@creativeby.viewpoint[1].txt
C:\Documents and Settings\Owner\Cookies\owner@campaigns.top-banners[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickability[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.drivecleaner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.euniverseads[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adknowledge[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@888[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[2].txt
C:\Documents and Settings\Owner\Cookies\owner@rightmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@498[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dw06[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.adultplayersclub[1].txt
C:\Documents and Settings\Owner\Cookies\owner@yfdmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.jackpot[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www1.claxonmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads2.newtimes[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.thestar[1].txt
C:\Documents and Settings\Owner\Cookies\owner@feed.validclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www3.claxonmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.xxxcenter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addesktop[3].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[4].txt
C:\Documents and Settings\Owner\Cookies\owner@56972651[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.contactmusic[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.integraclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ysbweb[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cz9.clickzs[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaonenetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.mediainfo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dcstxd2sjqljwp0whdwfqvi44_5o9o[1].txt
C:\Documents and Settings\Owner\Cookies\owner@publishers.clickbooth[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.apn.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@login.tracking101[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.realcastmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www2.claxonmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.vegas[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1.primaryads[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cassava[1].txt
C:\Documents and Settings\Owner\Cookies\owner@onlinerewardcenter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.fark[2].txt
C:\Documents and Settings\Owner\Cookies\owner@38298[1].txt
C:\Documents and Settings\Owner\Cookies\owner@qnsr[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hpm002[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ath.belnk[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.myfirstdatesex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nandomedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cz3.clickzs[1].txt
C:\Documents and Settings\Owner\Cookies\owner@c2.gostats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@banner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.reunion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hardcore[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.telegraph.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@57209033[1].txt
C:\Documents and Settings\Owner\Cookies\owner@click2houston[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads1.rodale[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statsgold[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cnt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@easy-hit-counters[1].txt
C:\Documents and Settings\Owner\Cookies\owner@btg.btgrab[2].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.sparklit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hurricanedigitalmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking.foxnews[1].txt
C:\Documents and Settings\Owner\Cookies\owner@76466490[1].txt
C:\Documents and Settings\Owner\Cookies\owner@focalex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.sexyerotic[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adprofile[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tgp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dcs6zb309frp17rsx1wty26pa_1j7h[1].txt
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[2].txt
C:\Documents and Settings\Owner\Cookies\owner@kanoodle[2].txt
C:\Documents and Settings\Owner\Cookies\owner@S146260[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.ft[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.oneplace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sideshow.directtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediamatters[1].txt
C:\Documents and Settings\Owner\Cookies\owner@gallery001[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cz11.clickzs[2].txt
C:\Documents and Settings\Owner\Cookies\owner@topsite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.web-stat[2].txt
C:\Documents and Settings\Owner\Cookies\owner@indiads[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adultlounge[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media[2].txt
C:\Documents and Settings\Owner\Cookies\owner@acvs.mediaonenetwork[2].txt
C:\Documents and Settings\Owner\Cookies\owner@click.exploitedteensasia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.monster[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.hotels[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickonmyspace[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.washingtonpost[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sammy4u[1].txt
C:\Documents and Settings\Owner\Cookies\owner@thestormtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@yadro[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mmm.media-motor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracker.idg.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediamgr.ugo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Owner\Cookies\owner@indextools[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pix01.revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adv.webmd[1].txt
C:\Documents and Settings\Owner\Cookies\owner@c3.gostats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.realtechnetwork[1].txt
C:\Documents and Settings\Owner\Cookies\owner@medianewsgroup[1].txt
C:\Documents and Settings\Owner\Cookies\owner@webstat[3].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.search[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.toyboxxx[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cz4.clickzs[2].txt
C:\Documents and Settings\Owner\Cookies\owner@casualsexgroup[2].txt
C:\Documents and Settings\Owner\Cookies\owner@certaclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@w[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.fatpenguinmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nextgen[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.precisioncounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@count1[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adv.virgilio[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cz7.clickzs[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.jcarter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@free.wegcash[2].txt
C:\Documents and Settings\Owner\Cookies\owner@12334[1].txt
C:\Documents and Settings\Owner\Cookies\owner@admarketplace[2].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.fateback[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cpmstar[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.moscowtimes[2].txt
C:\Documents and Settings\Owner\Cookies\owner@galleries.deluxecum.xxxkey[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads1.itadnetwork.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@S148222[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adverts.digitalspy.co[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sexsearchcom[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cz5.clickzs[1].txt
C:\Documents and Settings\Owner\Cookies\owner@91720978[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi.sexswap[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sc[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cz8.clickzs[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@emarketmakers[2].txt
C:\Documents and Settings\Owner\Cookies\owner@kmpads[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.abcteach[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sexandsubmission[2].txt
C:\Documents and Settings\Owner\Cookies\owner@rapidresponse.directtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adult-pornstar-mall[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.adultlocals[1].txt
C:\Documents and Settings\Owner\Cookies\owner@itnnetmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hits.clickandtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@coolsavings[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.expertclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
C:\Documents and Settings\Owner\Cookies\owner@smileycentral[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cnt[3].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.sexvideostation[1].txt
C:\Documents and Settings\Owner\Cookies\owner@observer.advertserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@agoramedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cc214142[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sav.coolsavings[1].txt
C:\Documents and Settings\Owner\Cookies\owner@gostats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@92070331[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[1].txt
C:\Documents and Settings\Owner\Cookies\owner@roanoke-va.adult-escort.premierguide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Owner\Cookies\owner@monster.gostats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.hardsextacy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.goantiques[1].txt
C:\Documents and Settings\Owner\Cookies\owner@LPearthlink2[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.eurocarsex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clickgamer[2].txt
C:\Documents and Settings\Owner\Cookies\owner@SignUp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.glispa[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.specificmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@webstat[1].txt
C:\Documents and Settings\Owner\Cookies\owner@myadultster[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hbmediapro[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[1].txt
C:\Documents and Settings\Owner\Cookies\owner@html[3].txt
C:\Documents and Settings\Owner\Cookies\owner@vip.clickzs[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.gimmesex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.jolinko[2].txt
C:\Documents and Settings\Owner\Cookies\owner@honoluluadvertiser[1].txt
C:\Documents and Settings\Owner\Cookies\owner@programs.wegcash[2].txt
C:\Documents and Settings\Owner\Cookies\owner@keywordmax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@12335[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mnum=0000319539[1].txt
C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@direct[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.auctionworks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.japansexav[1].txt
C:\Documents and Settings\Owner\Cookies\owner@38262[2].txt
C:\Documents and Settings\Owner\Cookies\owner@click.cashengines[2].txt
C:\Documents and Settings\Owner\Cookies\owner@dcs9my07lwievvreitvlspczt_4r2b[1].txt
C:\Documents and Settings\Owner\Cookies\owner@66505869[1].txt
C:\Documents and Settings\Owner\Cookies\owner@http.edge.vru4[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
C:\Documents and Settings\Owner\Cookies\owner@13956[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.aspalliance[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.payvisits[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.wwe[1].txt
C:\Documents and Settings\Owner\Cookies\owner@creview.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hypertracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@56294818[2].txt
C:\Documents and Settings\Owner\Cookies\owner@network.realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad[2].txt
C:\Documents and Settings\Owner\Cookies\owner@install.bestoffersnetworks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@s.clickability[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.xxxvogue[2].txt
C:\Documents and Settings\Owner\Cookies\owner@personals.mediabistro[2].txt
C:\Documents and Settings\Owner\Cookies\owner@track.searchignite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.oralsexorgies[1].txt
C:\Documents and Settings\Owner\Cookies\owner@76226072[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bigcocksex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@smileysource[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.4xxxtremepleasures[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.sextasya[1].txt
C:\Documents and Settings\Owner\Cookies\owner@40715998[2].txt
C:\Documents and Settings\Owner\Cookies\owner@order.jamster[2].txt
C:\Documents and Settings\Owner\Cookies\owner@44153975[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1070676869[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.op-design[2].txt
C:\Documents and Settings\Owner\Cookies\owner@17199694[1].txt
C:\Documents and Settings\Owner\Cookies\owner@direct[2].txt
C:\Documents and Settings\Owner\Cookies\owner@clicktracks.newcitymedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.ecrush[1].txt
C:\Documents and Settings\Owner\Cookies\owner@audit.median[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adultdvdmovies[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.buddy4u[2].txt
C:\Documents and Settings\Owner\Cookies\owner@entrepreneur[2].txt
C:\Documents and Settings\Owner\Cookies\owner@data3.perf.overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@premium-adulttraffic[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adultcheck[1].txt
C:\Documents and Settings\Owner\Cookies\owner@coreg.azoogleads[2].txt
C:\Documents and Settings\Owner\Cookies\owner@centralmediaserver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@handbag[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
C:\Documents and Settings\Owner\Cookies\owner@gimmesex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@direct;wi.160;hi[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.skateboardinghq[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.dealerskins[2].txt
C:\Documents and Settings\Owner\Cookies\owner@clicklab[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tgp.xxxkey[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.dafreexxxmovies[1].txt
C:\Documents and Settings\Owner\Cookies\owner@handbag[1].txt
C:\Documents and Settings\Owner\Cookies\owner@banners.nbcupromotes[1].txt
C:\Documents and Settings\Owner\Cookies\owner@S109821[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[5].txt
C:\Documents and Settings\Owner\Cookies\owner@vip2.clickzs[2].txt
C:\Documents and Settings\Owner\Cookies\owner@galleries.amateursexhunters[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tagworld[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mb[3].txt
C:\Documents and Settings\Owner\Cookies\owner@www.onlineemedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@direct[3].txt
C:\Documents and Settings\Owner\Cookies\owner@realsexcash[1].txt
C:\Documents and Settings\Owner\Cookies\owner@itxt.vibrantmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.sexsuche[1].txt
C:\Documents and Settings\Owner\Cookies\owner@st[14].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyqncjalo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@38278[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mb[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.ez-tracks[2].txt
C:\Documents and Settings\Owner\Cookies\owner@w[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.sexygonzo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.liutilities[2].txt
C:\Documents and Settings\Owner\Cookies\owner@eztracks.aavalue[2].txt
C:\Documents and Settings\Owner\Cookies\owner@directtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@75069416[1].txt
C:\Documents and Settings\Owner\Cookies\owner@86678446[1].txt
C:\Documents and Settings\Owner\Cookies\owner@24218[1].txt
C:\Documents and Settings\Owner\Cookies\owner@radaronline.advertserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@amlocalhost.trymedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.iconator[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.sexandthecityquotes[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adv.ecape[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracker.vpi[2].txt
C:\Documents and Settings\Owner\Cookies\owner@finesexpix[1].txt
C:\Documents and Settings\Owner\Cookies\owner@6774965[1].txt
C:\Documents and Settings\Owner\Cookies\owner@banner.paypopup[2].txt
C:\Documents and Settings\Owner\Cookies\owner@offers.intermediainteractive[1].txt
C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@app.clickfrauddetective[1].txt
C:\Documents and Settings\Owner\Cookies\owner@38274[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ez-tracks[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bannerads.zwire[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.manticoretechnology[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1070204917[1].txt
C:\Documents and Settings\Owner\Cookies\owner@38290[1].txt
C:\Documents and Settings\Owner\Cookies\owner@jamster[1].txt
C:\Documents and Settings\Owner\Cookies\owner@4991318[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media-general[1].txt
C:\Documents and Settings\Owner\Cookies\owner@38270[1].txt
C:\Documents and Settings\Owner\Cookies\owner@38266[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@data4.perf.overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.inkfrog[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.w3counter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xxx-shop[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.jokaroo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@metist[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ctxtad[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.mobiledia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.midtenmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@direct;wi.300;hi[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.clicktracks[1].txt
C:\Documents and Settings\Owner\Cookies\owner@audiomixer.oddcast[2].txt
C:\Documents and Settings\Owner\Cookies\owner@html[4].txt
C:\Documents and Settings\Owner\Cookies\owner@click.fantasypromotion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@13955[1].txt
C:\Documents and Settings\Owner\Cookies\owner@38286[1].txt
C:\Documents and Settings\Owner\Cookies\owner@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@partners.adultadworld[1].txt
C:\Documents and Settings\Owner\Cookies\owner@1062408727[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.0stats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@38282[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.urbandictionary[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.surfcounters[1].txt
C:\Documents and Settings\Owner\Cookies\owner@count2.exitexchange[1].txt
C:\Documents and Settings\Owner\Cookies\owner@st[18].txt
C:\Documents and Settings\Owner\Cookies\owner@www.integratedmediadesigns[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adultadworld[2].txt
C:\Documents and Settings\Owner\Cookies\owner@48493158[1].txt
C:\Documents and Settings\Owner\Cookies\owner@aff.primaryads[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.allsexadvice[1].txt
C:\Documents and Settings\Owner\Cookies\owner@v7.stats.load[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clickmanage[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addesktop[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anal_sex_movie_273[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counters[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hits_tracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hits_tracker[3].txt
C:\Documents and Settings\Owner\Cookies\owner@media4[1].txt
C:\Documents and Settings\Owner\Cookies\owner@toplist[3].txt
C:\Documents and Settings\Owner\Cookies\owner@trackingplateform[2].txt

Adware.iSearch
HKCR\CLSID\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}
HKCR\CLSID\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}\InprocServer32
HKCR\CLSID\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}\InprocServer32#ThreadingModel

Spyware.WebSearch (WinTools/Huntbar)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc

Adware.SurfSideKick
C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll
C:\Documents and Settings\Owner\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll

Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax

Adware.Toolbar888
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\888Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\888Bar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\888Bar#UninstallString
C:\SYSTEM VOLUME INFORMATION\_RESTORE{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP1508\A0413569.DLL

Adware.Spyware Labs/Virtual Bouncer
C:\Documents and Settings\Owner\Start Menu\Programs\AdDestroyer

Adware.ClickSpring/Yazzle
HKLM\Software\Cowabanga
C:\Program Files\Cowabanga\License.txt
C:\Program Files\Cowabanga

Malware.RegFreeze
HKU\S-1-5-21-3683679437-3895304184-2161807218-1003\Software\ActualResearch

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\CLICK TO FIND AND FIX ERRORS.URL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP1508\A0413570.EXE
C:\WINDOWS\TEMPF.TXT

Trojan.Hacktool
C:\SYSTEM VOLUME INFORMATION\_RESTORE{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP1508\A0413573.DLL

Adware.ClickSpring/Outer Info Network
C:\SYSTEM VOLUME INFORMATION\_RESTORE{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP1508\A0413574.EXE

Adware.Look2Me
C:\WINDOWS\SYSTEM\UPDINST.EXE

Here's the HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 8:21:36 AM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\S3apphk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\HijackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S2E8.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://ps.theport.com/xmlplayer/english/isetup.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 17 January 2007 - 10:21 AM

IE - Block Third party cookies
1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu.
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced... button at the bottom of the screen.
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.
====================

What is disabled in msconfig

==============

1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 Bike Psycho

Bike Psycho
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 18 January 2007 - 12:11 AM

Hi, thanks again for all your help!

1) I made the advised changes to IE

2) Nothing (anymore) is disabled in msconfig. Last time I ran that (this evening, I check "Enable All" in the startup tab.

3) Here's the log from combofix.exe (which I ran AFTER I enabled all in the msconfig startup tab).

"Owner" - 07-01-17 22:09:12 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\INSTALL.LOG
C:\INSTALL.LOG
C:\WINDOWS\Downloaded Program Files\temp
C:\Program Files\Common Files\{34D55~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Owner
C:\qoobox\purity\DOCUME~1\Owner\My Documents
C:\qoobox\purity\DOCUME~1\Owner\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\Owner\My Documents\SCURIT~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-17 to 2007-01-17 ))))))))))))))))))))))))))))))))))


2007-01-16 23:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-16 23:44 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\SUPERAntiSpyware.com
2007-01-16 23:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
2007-01-16 23:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-16 22:11 3,968 --a------ C:\WINDOWS\SYSTEM32\drivers\AvgAsCln.sys
2007-01-15 11:07 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2007-01-14 19:41 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-14 17:31 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\AVG7
2007-01-14 17:30 816,672 --a------ C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
2007-01-14 17:30 4,224 --a------ C:\WINDOWS\SYSTEM32\drivers\avg7rsw.sys
2007-01-14 17:30 3,968 --a------ C:\WINDOWS\SYSTEM32\drivers\avgclean.sys
2007-01-14 17:30 28,416 --a------ C:\WINDOWS\SYSTEM32\drivers\avg7rsxp.sys
2007-01-14 17:30 18,240 --a------ C:\WINDOWS\SYSTEM32\drivers\avgmfx86.sys
2007-01-14 17:30 <DIR> d-------- C:\Program Files\Grisoft
2007-01-14 17:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-14 17:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-14 17:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2006-12-23 18:02 <DIR> d-------- C:\Program Files\iWin.com


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-17 21:50 -------- d-------- C:\Program Files\mozilla firefox
2007-01-17 00:25 -------- d-------- C:\Program Files\aim95
2007-01-15 00:48 -------- d-------- C:\Program Files\quicktime
2007-01-14 19:41 -------- d-------- C:\Program Files\fwbartemp
2006-12-27 11:50 -------- d-------- C:\Program Files\lavasoft
2006-12-27 11:50 -------- d-------- C:\DOCUME~1\Owner\Application Data\lavasoft
2006-12-13 21:51 -------- d-------- C:\Program Files\microsoft works
2006-12-10 13:14 -------- d-------- C:\DOCUME~1\Owner\Application Data\arcsoft
2006-12-10 12:01 -------- d-------- C:\Program Files\epson
2006-12-10 11:59 -------- d--h----- C:\Program Files\installshield installation information
2006-12-10 11:54 -------- d-------- C:\Program Files\arcsoft
2006-12-02 10:52 69 --a-s---- C:\WINDOWS\test.bat
2006-12-01 19:59 -------- d-------- C:\Program Files\snowylunchrush_at


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MoneyAgent"="\"c:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"b052RSd5e"="nthrcl32.exe"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"S3apphk"="S3apphk.exe"
"PreloadApp"="c:\\hp\\drivers\\printers\\photosmart\\hphprld.exe c:\\hp\\drivers\\printers\\photosmart\\setup.exe -d"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"EPSON Stylus CX6000 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBIA.EXE /FU \"C:\\WINDOWS\\TEMP\\E_S2E8.tmp\" /EF \"HKLM\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Zero Knowledge Freedom"="C:\\Program Files\\Zero Knowledge\\Freedom\\AutoStarterR.exe"
"yfgrofc"="C:\\WINDOWS\\System32\\divn\\yfgrofc.exe"
"WT GameChannel"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
"WinTools"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"TBPS"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"q3mS32R"="ntv2disp.exe"
"pxbudwix"="C:\\WINDOWS\\System32\\tvssu\\pxbudwix.exe"
"paufwt"="C:\\WINDOWS\\System32\\psloelj\\paufwt.exe"
"ieymmry"="c:\\windows\\system32\\otyjdq.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1150723636\\ee\\AOLSoftware.exe"
"GMedia2"="C:\\WINDOWS\\System32\\GSM2.exe"
"cvggncyp"="C:\\WINDOWS\\System32\\ltqlmd\\cvggncyp.exe"
"bxmvqtn"="C:\\WINDOWS\\System32\\rraaxnlm\\bxmvqtn.exe"
"bhhmji"="c:\\windows\\system32\\imnewkn.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Setup]
"AOLXPCFG"="C:\\Program Files\\Online Services\\AOL\\aolxpcfg.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\jmhdff.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jmhdff"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\jmhdff.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"="SpySubtract Shell Extension"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070115-225735-321
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
backup-20070115-225735-279
O23 - Service: mstlsapi - Unknown owner - C:\WINDOWS\mstlsapi.exe (file missing)
backup-20070115-162110-190
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} -
backup-20070115-162110-934
O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} -
backup-20070115-162110-439
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
backup-20070115-162109-513
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
backup-20070115-162109-410
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
backup-20070115-162109-314
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20070115-162109-297
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
backup-20070115-162109-224
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
backup-20050418-015358-706
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
backup-20050418-015358-884
O2 - BHO: (no name) - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - (no file)
backup-20050418-015358-750
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
backup-20050418-015358-973
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
backup-20050418-015358-820
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
backup-20050418-015358-970
O2 - BHO: (no name) - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - (no file)
backup-20050418-014229-517
O2 - BHO: (no name) - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - (no file)
backup-20050418-014229-185
O4 - HKLM\..\Run: [cesecpo] c:\windows\system32\exaodtf.exe
backup-20050418-014229-384
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
backup-20050418-014229-918
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
backup-20050418-014229-122
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
backup-20050418-014229-455
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
backup-20050418-014229-103
O2 - BHO: (no name) - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - (no file)
backup-20050412-021004-737
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
backup-20050412-021004-634
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
backup-20050412-021004-538
O2 - BHO: (no name) - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - (no file)
backup-20050412-021004-449
O2 - BHO: (no name) - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - (no file)
backup-20050412-021004-406
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
backup-20050412-021004-239
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
backup-20050412-021004-319
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
backup-20050412-021004-271
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
backup-20050412-021004-401
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
backup-20050412-000730-857
O4 - HKLM\..\Run: [paufwt] C:\WINDOWS\System32\psloelj\paufwt.exe
backup-20050412-000730-719
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
backup-20050412-000730-709
O23 - Service: yfgrofcdivn - Unknown owner - C:\WINDOWS\System32\divn\yfgrofc.exe
backup-20050412-000730-499
O23 - Service: paufwtpsloelj - Unknown owner - C:\WINDOWS\System32\psloelj\paufwt.exe (file missing)
backup-20050412-000730-894
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
backup-20050411-231314-807
O23 - Service: yfgrofcdivn - Unknown owner - C:\WINDOWS\System32\divn\yfgrofc.exe
backup-20050411-231314-792
O4 - HKLM\..\Run: [cspurem] c:\windows\system32\kjykhgz.exe
backup-20050411-231314-284
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
backup-20050411-231314-330
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
backup-20050411-231314-547
O23 - Service: paufwtpsloelj - Unknown owner - C:\WINDOWS\System32\psloelj\paufwt.exe
backup-20050411-231314-195
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
backup-20050411-231314-462
O4 - HKLM\..\Run: [paufwt] C:\WINDOWS\System32\psloelj\paufwt.exe
backup-20050411-231314-717
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
backup-20050411-231314-661
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
backup-20050411-231314-434
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
backup-20050411-231314-748
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
backup-20050411-231314-665
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
backup-20050411-230449-864
O23 - Service: yfgrofcdivn - Unknown owner - C:\WINDOWS\System32\divn\yfgrofc.exe
backup-20050411-230449-262
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
backup-20050411-230449-926
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
backup-20050411-230449-747
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
backup-20050411-230449-256
O23 - Service: paufwtpsloelj - Unknown owner - C:\WINDOWS\System32\psloelj\paufwt.exe
backup-20050411-230449-593
O4 - HKLM\..\Run: [ttzfwxr] c:\windows\system32\jdtpgwt.exe
backup-20050411-230449-659
O4 - HKLM\..\Run: [paufwt] C:\WINDOWS\System32\psloelj\paufwt.exe
backup-20050411-230449-243
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
backup-20050411-230449-366
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
backup-20050411-230449-908
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
backup-20050411-230449-660
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50221
backup-20050411-230449-149
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50221
backup-20050318-190303-881
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
backup-20050318-190303-791
O2 - BHO: (no name) - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - (no file)
backup-20050318-190303-614
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
backup-20050318-190303-446
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
backup-20050318-190303-395
O2 - BHO: (no name) - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - (no file)
backup-20050318-190303-490
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
backup-20050318-184156-581
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
backup-20050318-184156-314
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
backup-20050318-184156-898
O2 - BHO: (no name) - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - (no file)
backup-20050318-184156-440
O2 - BHO: (no name) - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - (no file)
backup-20050318-184156-688
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
backup-20050318-184156-867
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
backup-20050318-085149-384
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
backup-20050318-085149-117
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
backup-20050318-085149-729
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
backup-20050318-085149-419
O2 - BHO: (no name) - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - (no file)
backup-20050318-085149-334
O2 - BHO: (no name) - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - (no file)
backup-20050318-085149-803
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
backup-20050318-083930-869
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
backup-20050318-083930-848
O2 - BHO: (no name) - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - (no file)
backup-20050318-083930-684
O2 - BHO: (no name) - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - (no file)
backup-20050318-083930-506
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
backup-20050318-083930-151
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
backup-20050317-183200-560
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} -
backup-20050317-183200-695
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
backup-20050317-183200-589
O2 - BHO: (no name) - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - (no file)
backup-20050317-183200-796
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
backup-20050317-183200-251
O4 - HKLM\..\Run: [My.exe] C:\documents and settings\owner\local settings\temp\My.exe
backup-20050317-183200-266
O4 - HKLM\..\RunServices: [Windows Hosts File] WindowsHosts.exe
backup-20050317-183200-258
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
backup-20050317-183200-742
O4 - HKLM\..\Run: [30pWS.exe] C:\documents and settings\owner\local settings\temp\30pWS.exe
backup-20050317-183200-529
O2 - BHO: (no name) - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - (no file)
backup-20050317-183200-238
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
backup-20050317-183200-249
O1 - Hosts: 69.20.16.183 search.netscape.com
backup-20050317-183200-424
O1 - Hosts: 69.20.16.183 ieautosearch
backup-20050317-183200-331
O1 - Hosts: 69.20.16.183 auto.search.msn.com
backup-20050313-115537-985
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
backup-20050313-115537-822
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0018.exe
backup-20050313-115537-297
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
backup-20050313-115536-823
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
backup-20050313-115536-158
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
backup-20050313-115536-247
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
backup-20050313-115536-817
O4 - HKCU\..\Run: [b052RSd5e] dmoxdgps.exe
backup-20050313-115536-294
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
backup-20050313-115536-544
O4 - HKLM\..\Run: [30pWS] c:\documents and settings\owner\local settings\temp\30pWS.exe
backup-20050313-115536-950
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
backup-20050313-115536-803
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
backup-20050313-115536-557
O4 - HKCU\..\Run: [prutqct] C:\WINDOWS\System32\prutqct.exe
backup-20050313-115536-484
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
backup-20050313-115536-407
O4 - HKLM\..\Run: [bkhspat] C:\WINDOWS\bkhspat.exe
backup-20050313-115536-396
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
backup-20050313-115536-912
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
backup-20050313-115536-204
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
backup-20050313-115536-452
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
backup-20050313-115536-431
O4 - HKLM\..\Run: [ELRYBIOVC] C:\WINDOWS\ELRYBIOVC.exe
backup-20050313-115536-591
O4 - HKLM\..\Run: [GQMWDOJT] C:\WINDOWS\GQMWDOJT.exe
backup-20050313-115536-752
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
backup-20050313-115536-756
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
backup-20050313-115536-600
O4 - HKLM\..\Run: [kamhlh] c:\windows\system32\kamhlh.exe
backup-20050313-115536-529
O4 - HKLM\..\Run: [LSvr] C:\Program Files\Common Files\Presentia\LSvr.exe
backup-20050313-115536-798
O4 - HKLM\..\Run: [LTDMgr] C:\Program Files\Common Files\Presentia\LTDMgr.exe
backup-20050313-115536-214
O4 - HKLM\..\Run: [mcexfxk2] C:\Program Files\mcexfxk2\mcexfxk2.exe
backup-20050313-115536-273
O4 - HKLM\..\Run: [MemoryMeter] C:\Program Files\MemoryMeter\MemoryMeter.exe
backup-20050313-115536-646
O4 - HKLM\..\Run: [nqvkoc] C:\WINDOWS\System32\nqvkoc.exe
backup-20050313-115536-942
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
backup-20050313-115536-259
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
backup-20050313-115536-907
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
backup-20050313-115536-597
O4 - HKLM\..\Run: [q3mS32R] dpcctr.exe
backup-20050313-115536-313
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
backup-20050313-115536-899
O4 - HKLM\..\Run: [popuppers64] C:\WINDOWS\a64sddd.exe
backup-20050313-115536-573
O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v1\scbar.exe" /U
backup-20050313-115536-131
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe
backup-20050313-115536-561
O4 - HKLM\..\Run: [motoin] C:\WINDOWS\mm15201518.Stub.exe
backup-20050313-115536-704
O4 - HKLM\..\Run: [My] c:\documents and settings\owner\local settings\temp\My.exe
backup-20050313-115536-465
O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
backup-20050313-115536-486
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe
backup-20050313-115536-497
O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
backup-20050313-115536-637
O4 - HKLM\..\Run: [TB_setup] C:\DOCUME~1\Caitlin\LOCALS~1\Temp\tb_setup.exe /dcheck
backup-20050313-115536-787
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
backup-20050313-115536-545
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Mhmccr.exe
backup-20050313-115536-586
O4 - HKLM\..\Run: [tqx] C:\WINDOWS\tqx.exe
backup-20050313-115536-132
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
backup-20050313-115536-848
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\SYSTEM32\spoolsvv.exe -invisible
backup-20050313-115536-562
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
backup-20050313-115536-554
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
backup-20050313-115536-355
O4 - HKLM\..\Run: [WERJ] C:\WINDOWS\WERJ.exe
backup-20050313-115536-796
O4 - HKLM\..\Run: [Windows Hosts File] WindowsHosts.exe
backup-20050313-115536-312
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
backup-20050313-115536-693
O4 - HKLM\..\Run: [vbilcvjkkx] C:\WINDOWS\System32\kamhlh.exe
backup-20050313-115536-113
O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.exe
backup-20050313-115536-864
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
backup-20050313-115536-778
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
backup-20050313-115536-601
O4 - HKLM\..\Run: [Windows TCP/IP] wintcp.exe
backup-20050313-115536-255
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Vtfglt.exe
backup-20050313-115536-960
O4 - HKLM\..\Run: [wbwvcc] C:\WINDOWS\System32\wbwvcc.exe
backup-20050313-115536-714
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
backup-20050313-115536-127
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
backup-20050313-115536-109
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
backup-20050313-115536-260
O4 - HKLM\..\Run: [wlaqrwjf] C:\WINDOWS\System32\wlaqrwjf.exe
backup-20050313-115536-124
O4 - HKLM\..\Run: [XupiterStartup] C:\Program Files\Xupiter\XupiterStartup2003.exe
backup-20050313-115536-929
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
backup-20050313-115536-824
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
backup-20050313-115536-819
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20050313-115536-857
O4 - HKLM\..\Run: [ydelgngz] C:\WINDOWS\ydelgngz.exe
backup-20050313-115536-220
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
backup-20050301-212417-740
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
backup-20050301-212416-464
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
backup-20050301-212416-641
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
backup-20050301-212416-827
O2 - BHO: (no name) - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - (no file)
backup-20050301-212416-266
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
backup-20050301-212416-183
O2 - BHO: (no name) - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - (no file)
backup-20050301-212416-963
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
backup-20050301-020020-943
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
backup-20050301-020020-908
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
backup-20050301-020020-915
O2 - BHO: (no name) - {A408EAEC-0388-4146-9806-08770BC2BA62} - (no file)
backup-20050301-020020-780
O2 - BHO: (no name) - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - (no file)
backup-20050301-020020-143
O2 - BHO: (no name) - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - (no file)
backup-20050301-020020-246
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - (no file)
backup-20050301-020020-957
O2 - BHO: (no name) - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - (no file)
backup-20050301-020020-467
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20050301-020020-546
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id==
backup-20050227-210715-898
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tri...uginstaller.cab
backup-20050227-210714-604
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
backup-20050227-210714-610
O4 - HKLM\..\RunServices: [Windows Hosts File] WindowsHosts.exe
backup-20050227-210714-941
O3 - Toolbar: Begin2Search.com Bar - {207AEF46-0596-4966-A7BF-098F247E85BB} - C:\WINDOWS\System32\ic2_win.dll (file missing)
backup-20050227-210714-119
O2 - BHO: SDWin32 Class - {A408EAEC-0388-4146-9806-08770BC2BA62} - C:\WINDOWS\System32\wbwvc.dll
backup-20050227-210714-852
O2 - BHO: ohb - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - C:\WINDOWS\System32\ic2_win.dll (file missing)
backup-20050227-210714-436
O2 - BHO: SDWin32 Class - {62504CAE-D367-43DD-9C46-AAAC08980B9A} - C:\WINDOWS\System32\nqvko.dll
backup-20050227-210714-934
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
backup-20050227-210714-414
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
backup-20050227-210714-634
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
backup-20050227-210714-717
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.130.185.122/sidesearch.html

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\{67E037DB-4D1E-4E94-A03D-92908B86ECF1}_YOUR-FULKL1OH2Q_Caitlin.job

Completion time: 07-01-17 22:18:13

4) Here's the HJT log, which was run after combofix.exe:

Logfile of HijackThis v1.99.1
Scan saved at 12:02:53 AM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3apphk.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\HijackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINDOWS\TEMP\E_S2E8.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe
O4 - HKLM\..\Run: [yfgrofc] C:\WINDOWS\System32\divn\yfgrofc.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [q3mS32R] ntv2disp.exe
O4 - HKLM\..\Run: [pxbudwix] C:\WINDOWS\System32\tvssu\pxbudwix.exe
O4 - HKLM\..\Run: [paufwt] C:\WINDOWS\System32\psloelj\paufwt.exe
O4 - HKLM\..\Run: [ieymmry] c:\windows\system32\otyjdq.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150723636\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [GMedia2] C:\WINDOWS\System32\GSM2.exe
O4 - HKLM\..\Run: [cvggncyp] C:\WINDOWS\System32\ltqlmd\cvggncyp.exe
O4 - HKLM\..\Run: [bxmvqtn] C:\WINDOWS\System32\rraaxnlm\bxmvqtn.exe
O4 - HKLM\..\Run: [bhhmji] c:\windows\system32\imnewkn.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [b052RSd5e] nthrcl32.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: RegFreeze.lnk = C:\Program Files\RegFreeze\regfreeze.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://ps.theport.com/xmlplayer/english/isetup.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users