Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Coolwwwsearch


  • Please log in to reply
27 replies to this topic

#1 hgfds

hgfds

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Location:Empire Colorado
  • Local time:07:25 PM

Posted 18 February 2007 - 06:11 PM

February 19, 2007


First of all, thank you very much for helping me with this malware infection. Iíve had NO success on my own and Iíve tried a dozen Spyware Removal programs and on-line scans.
I did all the things you said to do before I posted the HijackThis log.
I ran cleanmgr then went to C:\Windows\Temp and found there were still many files undeleted. I left them there.

Spybot (and only Spybot by the way) finds these three telling files:
CoolWWWSearch.Aff.Winshow, in Favorites\search the web.url and
Microsoft.Windows Security Center.AntiVirusOverride, in the Registry (=dword:0) and
Microsoft.Windows.Security.InternetExplorer, in the registry.

Problems this malware causes:

Hijacks my Home Page. It always opens Earthlink.net, my ISP.
Changes my setting for the Anti-Virus Program in Windows Security Center.
Always opens the Internet Connection dialogue box at bootup.
When I am working off-line it tries to log on to the Internet.
On-line, a box pops up with Internet Explorer in the title bar. The message is: ďDo you want to allow software such as ActiveX controls and plugins to runĒ. I can click Yes or No, it doesnít matter, because seconds later the box pops up again.
Randomly kicks me off-line.
Randomly opens my ďnewĒ Home Page.
Randomly opens the web page I was on previous to the page I am currently on.
Only once did it try to send me to a suspicious web site and I stopped it before I could get the URL.
Web pages open slowly.
Everything runs slowly, and the longer Iím on-line the slower everything gets.
When multi-tasking on-line everything slows to a crawl.
Also the computer becomes unstable if Iím on-line for an hour or more.
Interrupts downloads with the message: ďThe download cannot be completed. The process has timed out.Ē A download manager defeats this.
Sometimes it wonít print when Iím on-line. The Print Manager spools the jobs but the Status of each is blank. But when I restart the computer the printing then begins automatically.
Outlook Expressí Send and Receive is behaving oddly.

Again, thanks.


Hereís the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:47:31 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\srvdpi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\1 My Programs\HP 3500 Scanner\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\1 My Programs\Modem-Orinoco Wireless\Utility\orinoco.exe
C:\Program Files\1 My Programs\Zone Alarm Firewall\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Robert D. Swegle\Desktop\HJT\HJ! Fools.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\1 My Programs\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\1MYPRO~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\1 My Programs\HP 3500 Scanner\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\1 My Programs\Modem-Orinoco Wireless\Utility\orinoco.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\1 My Programs\Zone Alarm Firewall\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\1 My Programs\Reader\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - http://www.belarc.com/Programs/advisor.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136855860632
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...952/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: DPI Assistant Service (srvdpi) - Ositech Communiction, Inc. - C:\WINDOWS\System32\srvdpi.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 19 February 2007 - 10:27 AM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Scan again with HijackThis and check the following items:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #2

Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click blbeta.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log along with a fresh HijackThis log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

#3 hgfds

hgfds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Location:Empire Colorado
  • Local time:07:25 PM

Posted 19 February 2007 - 04:08 PM

Hi Dick,
Thanks for the prompt reply.
I fixed the one item and did a Blacklight scan, no hidden items were found.
Blacklight and HJT logs are below.

Also, I downloaded SuperAntiSpyware and installed it but have not run a scan. Tell me if you would like me to run this program.

Blacklight Log

02/19/07 13:09:38 [Info]: BlackLight Engine 1.0.55 initialized
02/19/07 13:09:38 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/19/07 13:09:39 [Note]: 7019 4
02/19/07 13:09:39 [Note]: 7005 0
02/19/07 13:10:06 [Note]: 7006 0
02/19/07 13:10:06 [Note]: 7011 1272
02/19/07 13:10:06 [Note]: 7026 0
02/19/07 13:10:07 [Note]: 7026 0
02/19/07 13:10:34 [Note]: FSRAW library version 1.7.1021
02/19/07 13:29:32 [Note]: 7007 0

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 1:34:12 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\srvdpi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\1 My Programs\HP 3500 Scanner\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\1 My Programs\Modem-Orinoco Wireless\Utility\orinoco.exe
C:\Program Files\1 My Programs\Zone Alarm Firewall\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\1 My Programs\SuperAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Robert D. Swegle\Desktop\HJT\HJ! Fools.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\1 My Programs\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\1MYPRO~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\1 My Programs\HP 3500 Scanner\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\1 My Programs\Modem-Orinoco Wireless\Utility\orinoco.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\1 My Programs\Zone Alarm Firewall\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\1 My Programs\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\1 My Programs\Reader\Reader\reader_sl.exe
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - http://www.belarc.com/Programs/advisor.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136855860632
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...952/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\1 My Programs\SuperAntiSpyware\SASWINLO.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: DPI Assistant Service (srvdpi) - Ositech Communiction, Inc. - C:\WINDOWS\System32\srvdpi.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#4 hgfds

hgfds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Location:Empire Colorado
  • Local time:07:25 PM

Posted 19 February 2007 - 09:20 PM

Hi Dick,

The item you had me fix returned after re-boot.
(O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present)

In Spybot's Lock Down feature, no boxes are checked. (From Bleeping Computer's HijackThis Tutorial; 06 section.)


Bob

#5 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 20 February 2007 - 08:08 AM

Please run a scan with SuperAntiSpyware and also run this scan:

Post back the results (logs..)

Please download, install, and update AVG Anti-Spyware
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware and reboot!!
I need the log later.

Post the the results of the AVG Anti-Spyware scan and a fresh HijackThis log in your next reply.

#6 hgfds

hgfds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Location:Empire Colorado
  • Local time:07:25 PM

Posted 20 February 2007 - 10:14 PM

Hi Dick,
First, while I was on-line today I got a Windows Blue Screen then the computer quickly shut down and re-booted.

Here's the three logfiles you requested. Nothing was found except 275 tracking cookies.
It seems this "bug" is well hidden!

SUPERAntispyware:

SUPERAntiSpyware Scan Log
Generated 02/20/2007 at 06:33 PM

Application Version : 3.5.1016

Core Rules Database Version : 3186
Trace Rules Database Version: 1196

Scan type : Complete Scan
Total Scan Time : 01:34:05

Memory items scanned : 351
Memory threats detected : 0
Registry items scanned : 5222
Registry threats detected : 0
File items scanned : 57869
File threats detected : 275

Adware.Tracking Cookie
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@www.googleadservices[10].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.quicken[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ad.musicmatch[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@hypertracker[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@click10[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@track.airborne[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.techtv[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads4.clearchannel[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@stats.klsoft[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d[32].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@clicktracks.commercebox[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@creativeby.viewpoint[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@mediamgr.ugo[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d[33].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@www.googleadservices[8].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@asm.roitrack[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.businessweek[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.gorillanation[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@images.crossmediaservices[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@windowsmedia[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ad.smartgroups[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@clicks.emarketmakers[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@www.thepilotsnest[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@y.click10[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@tacoda[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@stat.worldwarez[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@www.thezombiezombie.tripod[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@focalex[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@short-media[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.tripod.lycos.co[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d[19].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@www.googleadservices[7].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@www.trackntrail[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@adinterax[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@soundtrack[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@usnews.vibrantmedia[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d[98].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads1.rodale[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@CA5SPHE1.txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@CAENCPCX.txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@html[3].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@html[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@www.dgm2[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.addesktop[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@CAQFGH29.txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@CARDSQ9K.txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@www.countercentral[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.simtel[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@pt.crossmediaservices[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@c2.gostats[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@anat.tacoda[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@track.dmipartners[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d[73].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d[23].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d[49].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@stats2.clicktracks[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@nextag[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@sales.liveperson[4].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.cnn[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@CA9JC174.txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@www.soundtrack[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@sales.liveperson[3].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@www.googleadservices[5].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@www.googleadservices[6].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@sales.liveperson[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@adv.webmd[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@CAQR27QT.txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@partner2profit[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@analytics.clickpathmedia[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@interclick[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@vip.clickzs[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.digitalpoint[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@CAGHAPZS.txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@CA63G1IN.txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@tracker.roitesting[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.bigfoot[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ameriprisestats[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@www.googleadservices[4].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@www.googleadservices[11].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.specificclick[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@CAAKX6ND.txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@medianewsgroup[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@kanoodle[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@www.googleadservices[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@www.googleadservices[9].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@www.googleadservices[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@stats01.pointshop[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert_d._swegle@www.googleadservices[3].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ads.realtechnetwork[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@CAEFENI5.txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert d. swegle@ad.reunion[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\anyuser@clickthrough_photo.txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ad.musicmatch[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.admaximize[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.adshareware[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.asia1.com[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.cdnow[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.cimedia[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.iboost[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.intuit[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.intuit[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.lasvegas[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.monster[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.musiccity[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.musiccity[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.newtimes[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.quicken[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.quicken[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@ads.techtv[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@adsclick.iboost[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@banners.uswestdex[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@banners.uswestdex[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@counterimg1.adultrevenueservice[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@emap_admedia(1).txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@etracking[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@go4media[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@macromedia[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@macromedia[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@mediamgr.ugo[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@nandomedia[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@netbanner[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@sexhound(1).txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@speedyclick[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@stats.klsoft[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@stats.manticoretechnology[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@track4[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@windowsmedia[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@windowsmedia[3].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@www.clickxchange[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@www.mytrack[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@www.vibrantmedia[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@www_windowsmedia(1).txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@zdads.e-media[1].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@zdads.e-media[2].txt
C:\Documents and Settings\Robert D. Swegle\Cookies\robert swegle1@zdads.e-media[3].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\anyuser@clickthrough_photo.txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ad.musicmatch[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ad.reunion[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ad.smartgroups[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@adinterax[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.addesktop[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.as4x.tmcs.ticketmaster[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.bigfoot[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.businessweek[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.cnn[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.digitalpoint[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.mcafee[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.quicken[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.realtechnetwork[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.simtel[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.simtel[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.specificclick[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.techtv[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads.tripod.lycos.co[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads1.rodale[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ads4.clearchannel[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@adv.webmd[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@ameriprisestats[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@analytics.clickpathmedia[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@asm.roitrack[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@bannerspace[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@bannerspace[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@click10[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@clicks.emarketmakers[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@clicktracks.commercebox[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@creativeby.viewpoint[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@focalex[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@images.crossmediaservices[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@interclick[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@kanoodle[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@keywordmax[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@macromedia[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@mediamgr.ugo[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@medianewsgroup[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@members.tripod[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@nextag[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@partner2profit[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@pt.crossmediaservices[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@soundtrack[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@stat.worldwarez[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@stats.klsoft[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@stats01.pointshop[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@stats2.clicktracks[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@superstats[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@track.airborne[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@track.dmipartners[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@tracker.roitesting[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@usnews.vibrantmedia[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@windowsmedia[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@windowsmedia[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@www.countercentral[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@www.dgm2[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@www.macromedia[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@www.macromedia[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@www.nextag[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@www.nextag[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@www.short-media[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@www.soundtrack[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@www.soundtrack[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@www.thepilotsnest[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@www.thezombiezombie.tripod[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@www.trackntrail[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert d. swegle@y.click10[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ad.musicmatch[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.admaximize[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.adshareware[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.asia1.com[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.cdnow[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.cimedia[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.iboost[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.intuit[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.intuit[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.lasvegas[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.monster[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.musiccity[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.musiccity[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.newtimes[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.quicken[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.quicken[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.realcities[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@ads.techtv[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@adsclick.iboost[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@banners.uswestdex[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@banners.uswestdex[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@bannerspace[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@counterimg1.adultrevenueservice[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@emap_admedia(1).txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@etracking[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@go4media[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@macromedia[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@macromedia[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@mediamgr.ugo[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@nandomedia[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@netbanner[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@pennyweb[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@pennyweb[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@sexhound(1).txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@speedyclick[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@stats.klsoft[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@stats.manticoretechnology[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@superstats[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@techurls.tripod[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@track4[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@windowsmedia[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@windowsmedia[3].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@www.clickxchange[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@www.mytrack[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@www.vibrantmedia[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@www_windowsmedia(1).txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@zdads.e-media[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@zdads.e-media[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@zdads.e-media[3].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert swegle1@zedo.musiccity[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@adinterax[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@keywordmax[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@sales.liveperson[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@sales.liveperson[3].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@sales.liveperson[4].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@short-media[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@short-media[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@tacoda[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@tacoda[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@www.googleadservices[10].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@www.googleadservices[11].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@www.googleadservices[1].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@www.googleadservices[2].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@www.googleadservices[3].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@www.googleadservices[4].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@www.googleadservices[5].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@www.googleadservices[6].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@www.googleadservices[7].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@www.googleadservices[8].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@www.googleadservices[9].txt
C:\Program Files\EarthLink 5.0\bobswegle@earthlink.net\Cookies\robert_d._swegle@www.short-media[1].txt

AVG Anti-Spyware:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:45:31 PM 2/20/2007

+ Scan result:



Nothing found.



::Report end


HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 7:52:39 PM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\srvdpi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\1 My Programs\HP 3500 Scanner\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\1 My Programs\Modem-Orinoco Wireless\Utility\orinoco.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\1 My Programs\Zone Alarm Firewall\ZoneAlarm\zlclient.exe
C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\1 My Programs\SuperAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Robert D. Swegle\Desktop\HJT\HJ! Fools.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\1 My Programs\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\1MYPRO~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\1 My Programs\HP 3500 Scanner\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\1 My Programs\Modem-Orinoco Wireless\Utility\orinoco.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\1 My Programs\Zone Alarm Firewall\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\1 My Programs\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\1 My Programs\Reader\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - http://www.belarc.com/Programs/advisor.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136855860632
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...952/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\1 My Programs\SuperAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MXY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ROBERT~1.SWE\LOCALS~1\Temp\MXY.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: DPI Assistant Service (srvdpi) - Ositech Communiction, Inc. - C:\WINDOWS\System32\srvdpi.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Thank you.
Bob

#7 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 21 February 2007 - 08:26 AM

Let's run some more scans:

Download ComboScan to your Desktop.
  • Close all applications and windows.
  • Double-click on comboscan.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt
Extra Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the Comboscan.txt from the Comboscan into your next reply.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

#8 hgfds

hgfds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Location:Empire Colorado
  • Local time:07:25 PM

Posted 21 February 2007 - 07:01 PM

Hi Dick,
I did as you said and the logs are below.
No problems were encountered.
BTW I paid for a 6 months subscription to Panda's ActiveScan Pro. I have run it five times and it has never found anything but the odd tracking cookie.

Again Thanks
Bob

Panda ActiveScan:

Incident Status Location

Adware:adware/nowfind Disinfected C:\Documents and Settings\Robert D. Swegle\Favorites\Search the Web.url

ComboScan:

ComboScan v20070212.14 run by Robert D. Swegle on 2007-02-21 at 16:34:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Restore was disabled; re-enabling.
Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.


-- HijackThis log (run as Robert D. Swegle.com) ---------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:36:25 PM, on 2/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\srvdpi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\1 My Programs\HP 3500 Scanner\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\1 My Programs\Modem-Orinoco Wireless\Utility\orinoco.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\1 My Programs\Zone Alarm Firewall\ZoneAlarm\zlclient.exe
C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\1 My Programs\SuperAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Robert D. Swegle\Desktop\comboscan.exe
C:\DOCUME~1\ROBERT~1.SWE\LOCALS~1\Temp\~puqfylf.tmp\Robert D. Swegle.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\1 My Programs\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\1MYPRO~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\1 My Programs\HP 3500 Scanner\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\1 My Programs\Modem-Orinoco Wireless\Utility\orinoco.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\1 My Programs\Zone Alarm Firewall\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\1 My Programs\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\1 My Programs\Reader\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - http://www.belarc.com/Programs/advisor.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136855860632
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...952/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\1 My Programs\SuperAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MXY - Unknown owner - C:\DOCUME~1\ROBERT~1.SWE\LOCALS~1\Temp\MXY.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: DPI Assistant Service (srvdpi) - Ositech Communiction, Inc. - C:\WINDOWS\System32\srvdpi.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


-- HijackThis Fixed Entries (C:\Documents and Settings\Robert D. Swegle\Desktop\HJT\backups\) --------------------------------------------------------------------------------

backup-20070219-130607-578 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

4 abp480n5 - \SystemRoot\System32\DRIVERS\ABP480N5.SYS
3 ac97intc (Intel® 82801 Audio Driver Install Service (WDM)) - system32\drivers\ac97intc.sys
4 adpu160m - \SystemRoot\System32\DRIVERS\adpu160m.sys
4 agpCPQ (Compaq AGP Bus Filter) - \SystemRoot\System32\DRIVERS\agpCPQ.sys
4 Aha154x - \SystemRoot\System32\DRIVERS\aha154x.sys
4 aic78u2 - \SystemRoot\System32\DRIVERS\aic78u2.sys
4 aic78xx - \SystemRoot\System32\DRIVERS\aic78xx.sys
4 AliIde - \SystemRoot\System32\DRIVERS\aliide.sys
4 alim1541 (ALI AGP Bus Filter) - \SystemRoot\System32\DRIVERS\alim1541.sys
4 amdagp (AMD AGP Bus Filter Driver) - \SystemRoot\System32\DRIVERS\amdagp.sys
4 amsint - \SystemRoot\System32\DRIVERS\amsint.sys
3 Arp1394 (1394 ARP Client Protocol) - System32\DRIVERS\arp1394.sys
4 asc - \SystemRoot\System32\DRIVERS\asc.sys
4 asc3350p - \SystemRoot\System32\DRIVERS\asc3350p.sys
4 asc3550 - \SystemRoot\System32\DRIVERS\asc3550.sys
1 AVG Anti-Spyware Driver - \??\C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
1 BANTExt (Belarc SMBios Access) - \SystemRoot\System32\Drivers\BANTExt.sys
1 bpfinder (BACKPACK Finder) - System32\DRIVERS\bpfinder.sys
3 bpflt (BACKPACK Filter) - System32\DRIVERS\bpflt.sys
3 bppccard (BACKPACK PC Card) - System32\DRIVERS\bppccard.sys
3 bppnpdrv (BACKPACK Driver) - System32\DRIVERS\bppnpdrv.sys
3 bpusbdrv (BACKPACK USB 1 Cable) - System32\DRIVERS\bpusbdrv.sys
3 bpusbflt (BACKPACK USB Filter) - System32\DRIVERS\bpusbflt.sys
3 BWNDIS5 (BWNDIS5 NDIS Protocol Driver) - \??\C:\WINDOWS\System32\BWNDIS5.SYS
4 cbidf - \SystemRoot\System32\DRIVERS\cbidf2k.sys
3 CCDECODE (Closed Caption Decoder) - System32\DRIVERS\CCDECODE.sys
4 cd20xrnt - \SystemRoot\System32\DRIVERS\cd20xrnt.sys
4 CmdIde - \SystemRoot\System32\DRIVERS\cmdide.sys
3 CO_Mon - \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
4 Cpqarray - \SystemRoot\System32\DRIVERS\cpqarray.sys
4 dac2w2k - \SystemRoot\System32\DRIVERS\dac2w2k.sys
4 dac960nt - \SystemRoot\System32\DRIVERS\dac960nt.sys
4 dpti2o - \SystemRoot\System32\DRIVERS\dpti2o.sys
3 EL556ND5 (3Com 10/100 Mini PCI Ethernet Adapter NDIS5 Driver) - System32\DRIVERS\EL556ND5.sys
4 el575nd5 (3Com Megahertz 10/100 LAN CardBus PC Card Driver) - System32\DRIVERS\el575nd5.sys
3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - System32\DRIVERS\el90xbc5.sys
3 HidUsb (Microsoft HID Class Driver) - System32\DRIVERS\hidusb.sys
4 hpn - \SystemRoot\System32\DRIVERS\hpn.sys
4 hpt3xx - \SystemRoot\System32\DRIVERS\hpt3xx.sys
4 i2omp - \SystemRoot\System32\DRIVERS\i2omp.sys
4 ini910u - \SystemRoot\System32\DRIVERS\ini910u.sys
3 l8042pr2 (Logitech PS/2 Mouse Filter Driver) - System32\DRIVERS\L8042Pr2.sys
3 LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - System32\DRIVERS\LHidFlt2.sys
3 LHidUsb (Logitech USB Receiver device driver) - system32\drivers\LHidUsb.Sys
3 LMouFlt2 (Logitech Mouse Class Filter Driver) - System32\DRIVERS\LMouFlt2.sys
3 maestro (ESS Maestro Audio Driver (WDM)) - system32\drivers\es198xdl.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
4 mraid35x - \SystemRoot\System32\DRIVERS\mraid35x.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - System32\DRIVERS\NABTSFEC.sys
3 NdisIP (Microsoft TV/Video Connection) - System32\DRIVERS\NdisIP.sys
3 NIC1394 (1394 Net Driver) - System32\DRIVERS\nic1394.sys
3 NTPR_NIC_SERVICE2 (ORiNOCO AS 802.11abg ComboCard Adapter Service) - System32\DRIVERS\ntpr11ag.sys
3 nv - System32\DRIVERS\nv4_mini.sys
3 nv4 - System32\DRIVERS\nv4.sys
0 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - System32\DRIVERS\ohci1394.sys
1 OMCI - \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
3 otcsercb (Ositech Windows 2000 Modem Driver) - System32\DRIVERS\otcserrt.sys
1 P3 (Intel PentiumIII Processor Driver) - System32\DRIVERS\p3.sys
3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - \??\C:\WINDOWS\System32\PCANDIS5.SYS
4 PCIIde - \SystemRoot\System32\DRIVERS\pciide.sys
0 Pcmcia - System32\DRIVERS\pcmcia.sys
3 PD1030VID (Creative WebCam Pro) - System32\DRIVERS\P1030Vid.sys
4 perc2 - \SystemRoot\System32\DRIVERS\perc2.sys
4 perc2hib - \SystemRoot\System32\DRIVERS\perc2hib.sys
4 ql1080 - \SystemRoot\System32\DRIVERS\ql1080.sys
4 Ql10wnt - \SystemRoot\System32\DRIVERS\ql10wnt.sys
4 ql12160 - \SystemRoot\System32\DRIVERS\ql12160.sys
4 ql1240 - \SystemRoot\System32\DRIVERS\ql1240.sys
4 ql1280 - \SystemRoot\System32\DRIVERS\ql1280.sys
3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys
1 SASDIFSV - \??\C:\Program Files\1 My Programs\SuperAntiSpyware\SASDIFSV.SYS
3 SASENUM - \??\C:\Program Files\1 My Programs\SuperAntiSpyware\SASENUM.SYS
1 SASKUTIL - \??\C:\Program Files\1 My Programs\SuperAntiSpyware\SASKUTIL.sys
0 sbp2port (SBP-2 Transport/Protocol Bus Driver) - System32\DRIVERS\sbp2port.sys
4 sisagp (SIS AGP Bus Filter) - \SystemRoot\System32\DRIVERS\sisagp.sys
3 SLIP (BDA Slip De-Framer) - System32\DRIVERS\SLIP.sys
4 Sparrow - \SystemRoot\System32\DRIVERS\sparrow.sys
0 srescan - system32\ZoneLabs\srescan.sys
3 streamip (BDA IPSink) - System32\DRIVERS\StreamIP.sys
3 STVqx3 (Intel Play QX3 Microscope) - system32\drivers\STVqx3.sys
4 symc810 - \SystemRoot\System32\DRIVERS\symc810.sys
4 symc8xx - \SystemRoot\System32\DRIVERS\symc8xx.sys
4 sym_hi - \SystemRoot\System32\DRIVERS\sym_hi.sys
4 sym_u3 - \SystemRoot\System32\DRIVERS\sym_u3.sys
2 SynTP (Synaptics TouchPad Driver) - System32\DRIVERS\SynTP.sys
2 tcaicchg - \??\C:\WINDOWS\System32\tcaicchg.sys
2 TCAITDI (TCAITDI Protocol) - System32\DRIVERS\TCAITDI.sys
4 TosIde - \SystemRoot\System32\DRIVERS\toside.sys
4 ultra - \SystemRoot\System32\DRIVERS\ultra.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - System32\DRIVERS\usbccgp.sys
3 usbprint (Microsoft USB PRINTER Class) - System32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - System32\DRIVERS\usbscan.sys
3 usbstor (USB Mass Storage Driver) - System32\DRIVERS\USBSTOR.SYS
4 viaagp (VIA AGP Bus Filter) - \SystemRoot\System32\DRIVERS\viaagp.sys
4 ViaIde - \SystemRoot\System32\DRIVERS\viaide.sys
1 vsdatant - System32\vsdatant.sys
3 WDHAALBA (WDHAALBAMiniPCI Winmodem) - System32\DRIVERS\WDHAALBA.sys
3 WSTCODEC (World Standard Teletext Codec) - System32\DRIVERS\WSTCODEC.SYS


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 AVG Anti-Spyware Guard - C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\guard.exe
2 Fax - %systemroot%\system32\fxssvc.exe
3 MXY - C:\DOCUME~1\ROBERT~1.SWE\LOCALS~1\Temp\MXY.exe
2 NVSvc (NVIDIA Driver Helper Service) - %SystemRoot%\System32\nvsvc32.exe
2 srvdpi (DPI Assistant Service) - %SystemRoot%\System32\srvdpi.exe
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -service


-- Files created between 2007-01-21 and 2007-02-21 ------------------------------

2007-02-20 15:43:28 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-19 11:18:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-19 11:18:05 0 d-------- C:\Documents and Settings\Robert D. Swegle\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-02-18 10:04:48 69632 --a------ C:\WINDOWS\system32\asprouni.exe<Unsigned: Panda Software>
2007-02-17 22:09:42 0 d-------- C:\WINDOWS\system32\ASPRO
2007-02-17 18:46:28 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-16 12:07:27 0 d-------- C:\WINDOWS\system32\NtmsData
2007-02-11 09:40:38 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-02-11 09:40:01 11264 --a------ C:\WINDOWS\system32\SpOrder.dll<Unsigned: Microsoft Corporation>
2007-02-11 09:39:21 1087216 --a------ C:\WINDOWS\system32\zpeng24.dll<Signed: Python Software Foundation>
2007-02-11 09:39:20 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-02-11 09:35:31 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-02-10 10:05:09 0 d-------- C:\WINDOWS\SxsCaPendDel<SXSCAP~1>
2007-02-02 15:33:13 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-01-31 14:59:39 0 d-------- C:\Documents and Settings\Robert D. Swegle\.housecall6.6<HOUSEC~1.6>
2007-01-31 11:36:50 0 d-------- C:\WINDOWS\McAfee.com
2007-01-30 17:31:39 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys<Unsigned: n/a>
2007-01-29 16:32:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-01-29 10:51:30 0 d-------- C:\Program Files\Common Files\HP


-- Find3M Report ----------------------------------------------------------------

2007-02-21 16:34:05 0 d-------- C:\Program Files\1 My Programs<1MYPRO~1>
2007-02-21 15:41:32 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-21 15:32:55 0 d-------- C:\Program Files\EarthLink 5.0<EARTHL~1.0>
2007-02-21 14:18:13 58832 --a------ C:\Documents and Settings\Robert D. Swegle\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-02-19 11:15:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-15 15:44:16 77936 --a------ C:\WINDOWS\hpfins05.dat
2007-01-27 15:35:45 0 d-------- C:\Program Files\Java
2007-01-24 11:07:47 0 d-------- C:\Documents and Settings\Robert D. Swegle\Application Data\Image Zone Express<IMAGEZ~1>
2007-01-24 11:07:19 0 d-------- C:\Program Files\HP
2007-01-20 14:22:39 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-20 14:18:02 2010 --a------ C:\Documents and Settings\Robert D. Swegle\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log<PATCHU~1.LOG>
2007-01-20 14:17:55 2986 --a------ C:\Documents and Settings\Robert D. Swegle\Application Data\Update_HP_RedboxHprblog_HPSU.log<UPDATE~1.LOG>
2007-01-20 10:18:38 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"SUPERAntiSpyware"="C:\\Program Files\\1 My Programs\\SuperAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"TCASUTIEXE"="TCAUDIAG -off"
"ConMgr.exe"="\"C:\\Program Files\\EarthLink 5.0\\ConMgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"Logitech Utility"="Logi_MwX.Exe"
"HP Software Update"="C:\\Program Files\\1 My Programs\\HP 3500 Scanner\\HP Software Update\\HPWuSchd2.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"proxim_orinoco_11abg"="C:\\Program Files\\1 My Programs\\Modem-Orinoco Wireless\\Utility\\orinoco.exe"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"ZoneAlarm Client"="\"C:\\Program Files\\1 My Programs\\Zone Alarm Firewall\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\1 My Programs\\AVG AntiSpyware 7.5\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Disabled]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\\WINDOWS\\System32\\qttask.exe"
"AdaptecDirectCD"="C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\1 My Programs\\HP 3500 Scanner\\HP Share-to-Web\\hpgs2wnd.exe"
"DadApp"="C:\\Program Files\\DELL\\AccessDirect\\dadapp.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=hex:01,00,00,00
"NoTrayContextMenu"=dword:00000000
"ClearRecentDocsOnExit"=hex:00,00,00,00

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-02-21 at 16:37:40 -------------------------

#9 hgfds

hgfds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Location:Empire Colorado
  • Local time:07:25 PM

Posted 21 February 2007 - 07:06 PM

Dick
PS ComboScan claimed System Restore is disabled. I went to System Properties and System Restore is not turned off.

#10 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 21 February 2007 - 07:10 PM

Jotti File Submission:
  • Make sure all hidden files are showing
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\Documents and Settings\Robert D. Swegle\Local Settings\Temp\MXY.exe
  • Click on the submit button
  • Please post the results in your next reply.
Are you still having problems? If so, please tell them in your next post.

#11 hgfds

hgfds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Location:Empire Colorado
  • Local time:07:25 PM

Posted 22 February 2007 - 04:52 PM

Hi Dick,
I did as you said (hide system files is unchecked), and submitted the Pathname to Jotti. Here's the message I got: The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
I tried it twice, same result, and I got no alert from my firewall.

Yes I'm still having problems. New ones every day or two. For example, when I try to log on to the Internet now I sometimes get a message box with Server Busy in the Title Bar. The body of the message is: This action cannot be completed because the other program is busy. Choose "Switch To" to activate the busy program and correct the problem.
The Logon process hasn't even reached the server yet. ???

And now Outlook Express is behaving oddly.

The bug kicks me to my "new" Home Page randomly. It did it twice while I was typing this message.

I alreay told you about the Windows Blue Screen of Death.

In short, things are getting worse.

On the plus side, I reported that I cannot print while online. That problem has gone away.

Perhaps the fact that Jotti cannot load that Pathname is a good sign. Maybe the bug recognized an important file it is using.

Anyway, I appreciate everything you're doing....a lot!
Thanks,
Bob

#12 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 22 February 2007 - 05:14 PM

Please download AboutBuster.
  • Double click the AboutBuster folder, then double click the AboutBuster.exe inside.
  • Click "Extract all" in the box that pops up, then "Next"
  • Choose the location you would like to install AboutBuster, such as My Documents.
  • Make sure "Show extracted files" is checked, then click "Finish".
  • Reboot to safe mode by continually tapping the F8 key as the computer begins to boot.
  • Open AboutBuster and click the "Begin Removal" button. It will shut down all Explorer windows (if open) while it works.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
  • Run about:buster again following the same instructions as above, this time without the restart at the end
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Post back both logs along with a fresh HijackThis log.

#13 hgfds

hgfds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Location:Empire Colorado
  • Local time:07:25 PM

Posted 23 February 2007 - 07:23 PM

Hi Dick,
1) First a few words about the problems I'm having.
Most web pages I try to access invoke this message: Do you want to allow ActiveX controls and plug ins to run?

2) When I downloaded Dr. Web CureIt the download failed with the message: The process has timed out. A download manager was successful.


Now, as to your instructions:
AboutBuster - You said to make sure and check the box "Show Extracted Files". There was no such box.
Dr. Web - Your instructions seemed to say that I should run Dr. Web in Safe Mode and that is what I did. Also, Dr. Web found no viruses and the File\Save Report List was grayed out.

HJT LogFile below: AboutBuster LogFile below HJT.

Logfile of HijackThis v1.99.1
Scan saved at 4:57:40 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\srvdpi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\1 My Programs\HP 3500 Scanner\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\1 My Programs\Modem-Orinoco Wireless\Utility\orinoco.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\1 My Programs\Zone Alarm Firewall\ZoneAlarm\zlclient.exe
C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\1 My Programs\SuperAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Robert D. Swegle\Desktop\HJT\HJ! Fools.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\1 My Programs\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\1MYPRO~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\1 My Programs\HP 3500 Scanner\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program Files\1 My Programs\Modem-Orinoco Wireless\Utility\orinoco.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\1 My Programs\Zone Alarm Firewall\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\1 My Programs\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\1 My Programs\Reader\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\1 My Programs\LeechGet - Download Mgr\LeechGet 2003\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - http://www.belarc.com/Programs/advisor.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136855860632
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...952/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\1 My Programs\SuperAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\1 My Programs\AVG AntiSpyware 7.5\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MXY - Unknown owner - C:\DOCUME~1\ROBERT~1.SWE\LOCALS~1\Temp\MXY.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: DPI Assistant Service (srvdpi) - Ositech Communiction, Inc. - C:\WINDOWS\System32\srvdpi.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


AboutBuster LogFile:

AboutBuster 6.05
Scan started on [2/23/2007] at [2:33:59 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:36:36 PM


AboutBuster 6.05
Scan started on [2/23/2007] at [2:47:52 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:50:24 PM

#14 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 24 February 2007 - 02:33 PM

Can you disable ZoneAlarm and see if the problems still exist...

#15 hgfds

hgfds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Location:Empire Colorado
  • Local time:07:25 PM

Posted 25 February 2007 - 06:51 PM

ZoneAlarm Firewall has been disabled.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users