Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/Viruses infecting PC Win XP Pro/Security Compromised? [CL

Started by Philoscript , Sep 13 2006 10:56 AM

  • This topic is locked This topic is locked

#1
Philoscript
Posted 13 September 2006 - 10:56 AM

Philoscript

    New Member

  • Member
  • Pip
  • 8 posts
Hi,

I ran AdAware, Ewido and Norton Antivirus software and found several trojans, cookies, adware, spyware, etc. Some of them include:

win32.trojan.downloader
bargain buddy
adware.starware
downloader.openstream.y
not-a-virus.exploit.byteverify
backdoor.sdbot.qd
hijacker.agent.hg
trojan.agent.tx

My computer is a mess. Apparently, I was unaware that my firewall lapsed. Since then, I have reinstalled a new version of it and installed all updates. I installed a new version and updates of Norton Antivirus as well. I updated Windows last night using the search feature for critical updates. and installed them. Also, I downloaded and updated the definitions for ewido. I also know I was infected with the Smitfraud infection. The reason I know this is because I got the offer for Winhound, the annoying popups that state "windows has detected your computer is infected", pest trap among others. My husband only alerted me to it two nights ago. The thing is norton is not picking up on it. The other scans are.

Since then, I ran your utility for Smitfraud removal and followed the directions. However, when I run the virus scans after reboot all of them reappear. Also, I know it's infected with more than that virus but I don't know how to remove them. None of the virus/spyware programs appear to be working for removal.

In addition, my computer is moving very slow...so it takes a while to download and move from screen to screen.

Please help. I have important financial data on there. I have this odd feeling it's been compromised even though our credit reports are clear (I downloaded all three from work to check) and I've alerted the banks/credit agencies and credit bureaus.

What do I do? I will run a hijack this log as soon as I get home. I'm currently at work. Oh, I forgot to add that my computer is currently disconnected from the internet. The only time I've gone on in the past two days is to download the recommended spyware/antivirus softwares.
  • 0

Advertisements

#2
Crustyoldbloke
Posted 13 September 2006 - 11:29 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello and welcome to Geeks To Go

If you would care to post the resultant HJT log, I will take a look, but no promises at this stage.

Please carry out these instructions that may save some time.

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK

Under the "General" Tab

Ensure "Normal Startup-load all device drivers and services" is checked.

Click Apply->OK->Follow the prompts to Restart

Thanks
  • 0

#3
Philoscript
Posted 13 September 2006 - 05:28 PM

Philoscript

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I'm going to add the hijack list in addition to ewido scan and adaware. Please advise...

Logfile of HijackThis v1.99.1
Scan saved at 7:21:41 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\AOL\1131920714\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1131920714\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Common Files\AOL\1131920714\ee\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.c...53eQsvOX1b4hOA=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131920714\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1131920714\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1131920714\ee\SSCRun.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...32/sdcregie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157240803593
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolc...der.9.3.2.3.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.vera.org/tsweb/msrdp.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A97B2058-825A-4B18-93CE-1483855578D1} (AOL Newport Editor Ctrl) - http://pictures.aolc...-US.9.3.2.1.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamp...file=stamps.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


ADAWARE

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, September 13, 2006 6:37:16 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R123 12.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


9-13-2006 6:37:16 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 808
ThreadCreationTime : 9-13-2006 10:45:11 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 860
ThreadCreationTime : 9-13-2006 10:45:16 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 9-13-2006 10:45:22 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 936
ThreadCreationTime : 9-13-2006 10:45:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 948
ThreadCreationTime : 9-13-2006 10:45:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1132
ThreadCreationTime : 9-13-2006 10:45:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1180
ThreadCreationTime : 9-13-2006 10:45:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1276
ThreadCreationTime : 9-13-2006 10:45:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1336
ThreadCreationTime : 9-13-2006 10:45:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1372
ThreadCreationTime : 9-13-2006 10:45:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1520
ThreadCreationTime : 9-13-2006 10:45:25 AM
BasePriority : Normal
FileVersion : 104.0.7.3
ProductVersion : 104.0.7.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1632
ThreadCreationTime : 9-13-2006 10:45:26 AM
BasePriority : Normal
FileVersion : 104.0.7.3
ProductVersion : 104.0.7.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:13 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1720
ThreadCreationTime : 9-13-2006 10:45:27 AM
BasePriority : Normal
FileVersion : 104.0.11.1
ProductVersion : 104.0.11.1
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:14 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1764
ThreadCreationTime : 9-13-2006 10:45:27 AM
BasePriority : Normal
FileVersion : 6.0.4.402
ProductVersion : 6.0
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2006 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:15 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1804
ThreadCreationTime : 9-13-2006 10:45:27 AM
BasePriority : Normal
FileVersion : 2.1.0.4
ProductVersion : 2.1.0.4
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 212
ThreadCreationTime : 9-13-2006 10:45:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 464
ThreadCreationTime : 9-13-2006 10:46:03 AM
BasePriority : Normal
FileVersion : 4.0.0.0
ProductVersion : 4.0.0.0
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004-2005 America Online
OriginalFilename : AOLacsd.exe

#:18 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 500
ThreadCreationTime : 9-13-2006 10:46:03 AM
BasePriority : Normal
FileVersion : 3.0.0.160
ProductVersion : 3.0.0.160
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:19 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 536
ThreadCreationTime : 9-13-2006 10:46:03 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:20 [guard.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 572
ThreadCreationTime : 9-13-2006 10:46:03 AM
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:21 [gbpoll.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton GoBack\
ProcessID : 668
ThreadCreationTime : 9-13-2006 10:46:04 AM
BasePriority : Normal


#:22 [gearsec.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 788
ThreadCreationTime : 9-13-2006 10:46:05 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001-2003 GEAR Software
OriginalFilename : gearsec.exe

#:23 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1952
ThreadCreationTime : 9-13-2006 10:46:05 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:24 [sqlservr.exe]
FilePath : c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\
ProcessID : 188
ThreadCreationTime : 9-13-2006 10:46:05 AM
BasePriority : Normal
FileVersion : 2000.080.2039.00
ProductVersion : 8.00.2039
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2004 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows™ is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86

#:25 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 1424
ThreadCreationTime : 9-13-2006 10:46:05 AM
BasePriority : Normal
FileVersion : 12.2.0.13
ProductVersion : 12.2.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:26 [pqv2isvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\
ProcessID : 1488
ThreadCreationTime : 9-13-2006 10:46:05 AM
BasePriority : Normal
FileVersion : 9.0.2.3981
ProductVersion : 9.0.2.3981
ProductName : Norton Ghost
CompanyName : Symantec Corporation
FileDescription : Service Module
InternalName : PQV2iSvc
LegalCopyright : Copyright © 1994-2004 Symantec Corporation. All rights reserved.
OriginalFilename : PQV2iSvc.exe

#:27 [nprotect.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~1\
ProcessID : 1596
ThreadCreationTime : 9-13-2006 10:46:08 AM
BasePriority : Normal
FileVersion : 18.0.0.62
ProductVersion : 18.0.0.62
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE

#:28 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 352
ThreadCreationTime : 9-13-2006 10:46:12 AM
BasePriority : Normal
FileVersion : 6.14.10.4501
ProductVersion : 6.14.10.4501
ProductName : NVIDIA Driver Helper Service, Version 45.01
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 45.01
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:29 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\
ProcessID : 628
ThreadCreationTime : 9-13-2006 10:46:17 AM
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : NOPDB.dll

#:30 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1248
ThreadCreationTime : 9-13-2006 10:46:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:31 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1316
ThreadCreationTime : 9-13-2006 10:46:20 AM
BasePriority : Normal
FileVersion : 1.9.1.826
ProductVersion : 1.9.1.826
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:32 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1588
ThreadCreationTime : 9-13-2006 10:46:23 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:33 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 2072
ThreadCreationTime : 9-13-2006 10:46:24 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:34 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2148
ThreadCreationTime : 9-13-2006 10:46:25 AM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:35 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3776
ThreadCreationTime : 9-13-2006 10:47:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:36 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2192
ThreadCreationTime : 9-13-2006 10:54:37 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:37 [bcmsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 2608
ThreadCreationTime : 9-13-2006 10:54:51 AM
BasePriority : Normal
FileVersion : 3.5.25 08/27/2003 20:04:35
ProductVersion : 3.5.25 08/27/2003 20:04:35
ProductName : BCM Modem Messaging Applet
CompanyName : Broadcom Corporation
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Broadcom Corporation 1998-2000
OriginalFilename : smdmstat.exe

#:38 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 2620
ThreadCreationTime : 9-13-2006 10:54:52 AM
BasePriority : Normal
FileVersion : 1.04.05b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions

#:39 [dsentry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2648
ThreadCreationTime : 9-13-2006 10:54:52 AM
BasePriority : Normal
FileVersion : 1, 0, 5, 0
ProductVersion : 1, 0, 5, 0
ProductName : Dell - DVDSentry
CompanyName : Dell - Advanced Desktop Engineering
FileDescription : DVDSentry
InternalName : DVDSentry
LegalCopyright : Copyright © 2002 Dell
OriginalFilename : DSentry.exe
Comments : DVDSentry launches your software DVD player when a DVD is inserted.

#:40 [pcmservice.exe]
FilePath : C:\Program Files\Dell\Media Experience\
ProcessID : 2828
ThreadCreationTime : 9-13-2006 10:54:57 AM
BasePriority : Normal
FileVersion : 1.0.0826
ProductVersion : 1.0.0826
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

#:41 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2848
ThreadCreationTime : 9-13-2006 10:55:01 AM
BasePriority : Normal
FileVersion : 104.0.7.3
ProductVersion : 104.0.7.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:42 [ghosttray.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\
ProcessID : 2928
ThreadCreationTime : 9-13-2006 10:55:04 AM
BasePriority : Normal
FileVersion : 9.0.2.3981
ProductVersion : 9.0.2.3981
ProductName : Norton Ghost
CompanyName : Symantec Corporation
FileDescription : Tray Application
InternalName : V2iTray
LegalCopyright : Copyright © 1994-2004 Symantec Corporation. All rights reserved.
OriginalFilename : V2iTray.exe

#:43 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2964
ThreadCreationTime : 9-13-2006 10:55:05 AM
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:44 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 2972
ThreadCreationTime : 9-13-2006 10:55:06 AM
BasePriority : Normal
FileVersion : 2,3,0,0\ 162
ProductVersion : 2,3,0,0\ 162
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe

#:45 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2920
ThreadCreationTime : 9-13-2006 10:55:07 AM
BasePriority : Normal
FileVersion : 7.1
ProductVersion : QuickTime 7.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:46 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 3016
ThreadCreationTime : 9-13-2006 10:55:08 AM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:47 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2008
ThreadCreationTime : 9-13-2006 10:55:10 AM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:48 [hphmon04.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3180
ThreadCreationTime : 9-13-2006 10:55:11 AM
BasePriority : Normal
FileVersion : 4,1,14
ProductVersion : 4,1,14
ProductName : hp photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon04
InternalName : HPHmon04
LegalCopyright : Copyright © 2001
OriginalFilename : HPHmon04.exe

#:49 [hpztsb05.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ProcessID : 3208
ThreadCreationTime : 9-13-2006 10:55:12 AM
BasePriority : Normal
FileVersion : 2,128,0,0
ProductVersion : 2,128,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002

#:50 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1131920714\ee\
ProcessID : 3216
ThreadCreationTime : 9-13-2006 10:55:13 AM
BasePriority : Normal
FileVersion : 1.5.3.1
ProductVersion : 1.5.3.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2006 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:51 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3608
ThreadCreationTime : 9-13-2006 10:55:16 AM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:52 [aolsp scheduler.exe]
FilePath : C:\Program Files\Common Files\AOL\1131920714\ee\services\safetyCore\ver2_5_4_1\
ProcessID : 3624
ThreadCreationTime : 9-13-2006 10:55:16 AM
BasePriority : Normal


#:53 [hpgs2wnf.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 3440
ThreadCreationTime : 9-13-2006 10:55:16 AM
BasePriority : Normal
FileVersion : 2, 6, 0, 162
ProductVersion : 2, 6, 0, 162
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE

#:54 [diagent.exe]
FilePath : C:\Program Files\Creative\SBLive\Diagnostics\
ProcessID : 3644
ThreadCreationTime : 9-13-2006 10:55:16 AM
BasePriority : Normal
FileVersion : 1, 1, 4, 0
ProductVersion : 1.01.04
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2002 Creative Technology Ltd
OriginalFilename : diagent.exe

#:55 [hphipm11.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2020
ThreadCreationTime : 9-13-2006 10:55:44 AM
BasePriority : Normal
FileVersion : 4, 5, 0, 770
ProductVersion : 4, 5, 0, 770
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:56 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1131920714\ee\
ProcessID : 2528
ThreadCreationTime : 9-13-2006 10:55:44 AM
BasePriority : Normal
FileVersion : 1.5.3.1
ProductVersion : 1.5.3.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2006 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:57 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3664
ThreadCreationTime : 9-13-2006 10:55:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:58 [dsagnt.exe]
FilePath : C:\Program Files\Dell Support\
ProcessID : 3924
ThreadCreationTime : 9-13-2006 10:56:00 AM
BasePriority : Below Normal
FileVersion : 1, 1, 0, 73
ProductVersion : 1, 1, 0, 73
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.
OriginalFilename : AUAgent.exe

#:59 [webcomp.exe]
FilePath : C:\Program Files\Common Files\Mobipocket Shared\
ProcessID : 2320
ThreadCreationTime : 9-13-2006 10:56:06 AM
BasePriority : Normal
FileVersion : 4, 9, 0, 4901
ProductVersion : 4, 9, 0, 4901
ProductName : Mobipocket.com webcomp
CompanyName : Mobipocket.com
FileDescription : Mobipocket Web Companion
InternalName : webcomp
LegalCopyright : Copyright © 2000 - 2005
OriginalFilename : webcomp.exe

#:60 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2908
ThreadCreationTime : 9-13-2006 10:56:12 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:61 [gbtray.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton GoBack\
ProcessID : 2208
ThreadCreationTime : 9-13-2006 10:56:27 AM
BasePriority : Normal


#:62 [nscsrvce.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\
ProcessID : 2112
ThreadCreationTime : 9-13-2006 10:56:57 AM
BasePriority : Normal
FileVersion : 2006.1.5.17
ProductVersion : 2006.1.5
ProductName : Norton Security Console
CompanyName : Symantec Corporation
FileDescription : Norton Security Console Norton Protection Center Service
InternalName : NSCService
LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NSCSrvce.exe

#:63 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2488
ThreadCreationTime : 9-13-2006 10:57:02 AM
BasePriority : Normal


#:64 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2296
ThreadCreationTime : 9-13-2006 10:35:49 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-616554732-1583498335-2461746496-1008\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
  • 0

#4
Crustyoldbloke
Posted 13 September 2006 - 06:08 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Philoscript and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have a mixture of malware. Let’s see what we can do. I never learned how to interpret logs from Ad-Aware, but I do get the gist.

The Ewido log you advised does not appear to have been posted.

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

CCleaner
combofix.exe

Please open, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Deselect "Only if threats were found"
  • Close Ewido. Do not run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode

  • In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
  • Please ensure you post that log in your reply.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.c...53eQsvOX1b4hOA=
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into normal mode.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Applications uncheck Ewido Security Suite log then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log (from normal mode) and I will take another look. (3 logs in total please).
  • 0

#5
Philoscript
Posted 13 September 2006 - 08:44 PM

Philoscript

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for your prompt reply. I did as you asked and have generated three logs. Please see below:

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:09:02 PM 9/13/2006

+ Scan result:



C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP968\A0194890.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP968\A0194889.exe -> Hijacker.Agent.hg : Cleaned with backup (quarantined).
C:\Documents and Settings\Michelle Jehle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-50cd067e-59ce51e8.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Michelle Jehle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv420.jar-19cdd09a-1165baf5.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP960\A0191607.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP960\A0191617.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP962\A0192980.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP962\A0192993.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP962\A0193010.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP963\A0193480.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP963\A0193481.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP963\A0193510.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP964\A0193530.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP965\A0193685.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP965\A0193733.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP965\A0193734.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP965\A0193735.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP965\A0193736.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP965\A0193737.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP965\A0193738.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP965\A0193739.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP965\A0193740.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP965\A0193748.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Michelle Jehle\Application Data\Mozilla\Firefox\Profiles\igzzb02u.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Michelle Jehle\Cookies\michelle [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Michelle Jehle\Application Data\Mozilla\Firefox\Profiles\igzzb02u.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Michelle Jehle\Application Data\Mozilla\Firefox\Profiles\igzzb02u.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Michelle Jehle\Application Data\Mozilla\Firefox\Profiles\igzzb02u.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
:mozilla.83:C:\Documents and Settings\Michelle Jehle\Application Data\Mozilla\Firefox\Profiles\igzzb02u.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Michelle Jehle\Application Data\Mozilla\Firefox\Profiles\igzzb02u.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Michelle Jehle\Application Data\Mozilla\Firefox\Profiles\igzzb02u.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Michelle Jehle\Application Data\Mozilla\Firefox\Profiles\igzzb02u.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).


::Report end
_________________________________________________________________________________________
Michelle Jehle - 06-09-13 22:31:41.01 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Documents and Settings\Michelle Jehle\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-08-13 to 2006-09-13 ))))))))))))))))))))))))))))))))))


2006-09-03 08:25 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2006-08-15 23:34 278,528 --a------ C:\WINDOWS\SYSTEM32\livesnth.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-13 22:24 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-13 22:23 -------- d-------- C:\Program Files\CCleaner
2006-09-13 22:16 -------- d-------- C:\Program Files\HiJackThis
2006-09-13 20:43 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-13 19:21 16871 --a------ C:\Program Files\hijackthis.log
2006-09-13 19:18 218112 --a------ C:\Program Files\HijackThis.exe
2006-09-12 23:40 -------- d-------- C:\Program Files\QuickTime
2006-09-12 23:40 -------- d-------- C:\Program Files\Messenger
2006-09-12 23:40 -------- d-------- C:\Program Files\iTunes
2006-09-12 23:40 -------- d-------- C:\Program Files\Internet Explorer
2006-09-12 23:40 -------- d-------- C:\Program Files\Google
2006-09-12 23:40 -------- d-------- C:\Program Files\Dell Support
2006-09-12 23:40 -------- d-------- C:\Program Files\Common Files\Scanner
2006-09-12 23:40 -------- d-------- C:\Program Files\Common Files\Mobipocket Shared
2006-09-12 21:38 -------- d-------- C:\Program Files\Norton Internet Security
2006-09-10 22:24 -------- d-------- C:\Program Files\Symantec
2006-09-10 21:55 -------- d-------- C:\Documents and Settings\Michelle Jehle\Application Data\Symantec
2006-09-10 16:43 -------- d-------- C:\Program Files\Common Files
2006-09-10 16:41 10344 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys
2006-09-09 20:44 -------- d-------- C:\Program Files\Lavasoft
2006-09-09 20:44 -------- d-------- C:\Documents and Settings\Michelle Jehle\Application Data\Lavasoft
2006-09-09 20:36 -------- d-------- C:\Program Files\Pure Networks
2006-09-09 20:05 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-09 20:02 -------- d-------- C:\Program Files\Windows Media Player
2006-09-09 18:58 -------- d-------- C:\Program Files\Norton SystemWorks
2006-09-09 15:56 -------- d-------- C:\Program Files\AOL
2006-09-09 15:52 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-09 09:33 -------- d-------- C:\Program Files\Documents To Go
2006-09-07 16:37 -------- d-------- C:\Documents and Settings\Michelle Jehle\Application Data\AdobeUM
2006-09-03 16:07 -------- d-------- C:\Program Files\Palm
2006-09-03 15:51 -------- d-------- C:\Documents and Settings\Michelle Jehle\Application Data\CyberLink
2006-09-03 15:50 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-03 15:50 -------- d-------- C:\Program Files\CyberLink
2006-09-03 08:25 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-02 20:46 -------- d-------- C:\Program Files\OfficeUpdate11
2006-09-02 20:44 -------- d-------- C:\Program Files\Microsoft SQL Server
2006-09-02 20:42 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2006-09-02 20:42 -------- d-------- C:\Program Files\Microsoft Small Business
2006-09-02 20:42 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
2006-09-02 19:56 -------- d-------- C:\Program Files\Microsoft Works
2006-09-02 19:56 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-02 19:41 1760 --a------ C:\Documents and Settings\Michelle Jehle\Application Data\AdobeDLM.log
2006-09-02 19:41 0 --a------ C:\Documents and Settings\Michelle Jehle\Application Data\dm.ini
2006-08-27 18:00 -------- d-------- C:\Program Files\AvantGo
2006-08-21 08:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys
2006-08-18 23:55 -------- d-------- C:\Program Files\Microsoft Money 2007
2006-08-18 23:54 -------- d---s---- C:\Documents and Settings\Michelle Jehle\Application Data\Microsoft
2006-08-18 23:51 -------- d-------- C:\Program Files\Microsoft Money
2006-08-18 23:49 -------- d-------- C:\Program Files\Common Files\Download Manager
2006-08-17 21:34 28672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
2006-08-07 16:02 534208 --a------ C:\WINDOWS\SYSTEM32\SymNeti.dll
2006-08-07 16:02 31936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys
2006-08-07 16:02 28352 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys
2006-08-07 16:02 24768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys
2006-08-07 16:02 195776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys
2006-08-07 16:02 161472 --a------ C:\WINDOWS\SYSTEM32\SymRedir.dll
2006-08-07 16:02 110784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys
2006-08-07 16:01 12992 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys
2006-07-31 07:33 -------- d-------- C:\Program Files\America Online 9.0a
2006-07-29 08:26 -------- d-------- C:\Documents and Settings\Michelle Jehle\Application Data\Google
2006-07-29 08:24 -------- d-------- C:\Program Files\Real
2006-07-29 08:23 -------- d-------- C:\Program Files\Common Files\xing shared
2006-07-29 08:23 -------- d-------- C:\Program Files\Common Files\Real
2006-07-27 09:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll
2006-07-15 14:17 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-15 14:17 -------- d-------- C:\Documents and Settings\Michelle Jehle\Application Data\Adobe
2006-07-13 04:48 202240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rmcast.sys
2006-06-24 08:37 55808 --a------ C:\WINDOWS\SYSTEM32\IrisMS32.dll
2006-06-22 01:06 69120 --a------ C:\WINDOWS\SYSTEM32\ciodm.dll
2006-06-22 01:06 1435648 --a------ C:\WINDOWS\SYSTEM32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"=""
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"Mobipocket Web Companion"="C:\\Program Files\\Common Files\\Mobipocket Shared\\webcomp.exe -m"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"BCMSMMSG"="BCMSMMSG.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
@=""
"Norton Ghost 9.0"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"HPHmon04"="C:\\WINDOWS\\System32\\hphmon04.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1131920714\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="\"C:\\Program Files\\CyberLink\\PowerBackup\\PBKScheduler.exe\""
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1131920714\\ee\\services\\safetyCore\\ver2_5_4_1\\AOLSP Scheduler.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1131920714\\ee\\SSCRun.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00
"NoCDBurning"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Michelle Jehle.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job

Completion time: Wed 09/13/2006 22:33:27.68
ComboFix.txt

_________________________________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 10:36:55 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\AOL\1131920714\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1131920714\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1131920714\ee\aolsoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131920714\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1131920714\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1131920714\ee\SSCRun.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...32/sdcregie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157240803593
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolc...der.9.3.2.3.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.vera.org/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A97B2058-825A-4B18-93CE-1483855578D1} (AOL Newport Editor Ctrl) - http://pictures.aolc...-US.9.3.2.1.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamp...file=stamps.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


The computer seems to be running smoother. I do have two user accounts set up on the machine one is ____Household which at boot up states it is the Computer Administrator. The other is Guest. However, on bootup at times I have Administrator, ______ Household. Is this normal? Also, when I was following your directions for CCleaner there was no option to uncheck ewido security suite. Therefore, I ran the scan without it.

What do I do next? I truly appreciate your help.
  • 0

#6
Crustyoldbloke
Posted 14 September 2006 - 02:06 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Michelle

The logs look good and all I can see is a Java exploit vulnerability.

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
The Administrator logon is normal and used as an override in emergency situations.

Now that the HijackThis log for the main account is clean, you have a choice to make.

You can either post into this thread a fresh HJT log for each of the other accounts, from normal mode and I will analyse them and give you instruction necessary for any fix. Or you can go to User Accounts in the Control Panel and delete all the accounts other than the one I have been working on.

Windows by default will create a folder for each account and place it on the desktop with all the files and documents relative to that account in it, so nothing is lost.

If you then wish to have multiple accounts again, just reboot normally and create the account again from User Accounts (takes 5 minutes).

ccewido.JPG
  • 0

#7
Philoscript
Posted 14 September 2006 - 07:13 PM

Philoscript

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi,

I hope your day went well. I just followed your directions and deleted everything and updated Java. However, upon bootup to the Guest Account it stated

RTL
Unable to start driver for HPHipmll.exe.

What is this? Is this important? How do I fix it? Also, I attempted to delete the Guest Account but it didn't give me that option. It stated either change icon or turn off account. I'm posting a hijack log for that account.

Logfile of HijackThis v1.99.1
Scan saved at 9:07:53 PM, on 9/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\HPHipm11.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\AOL\1131920714\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\AOL\1131920714\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\AOL\1131920714\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131920714\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1131920714\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1131920714\ee\SSCRun.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...32/sdcregie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157240803593
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolc...der.9.3.2.3.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.vera.org/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A97B2058-825A-4B18-93CE-1483855578D1} (AOL Newport Editor Ctrl) - http://pictures.aolc...-US.9.3.2.1.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamp...file=stamps.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

What do I do next?
  • 0

#8
Crustyoldbloke
Posted 15 September 2006 - 02:08 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

The error message relates to HP printer seen at 023 in your HJT logs. Everything looks quite normal and I assume you are able to use your printer OK. I have checked with HP and they have deliberated that it is being caused by logging on with a limited account; you should not get that error when logging on in your own account.

I have to apologise for not reading your post correctly, when you mentioned a Guest Account, I took it as an account for another individual and not THE Guest Account.

In answer to your question "What do I do next?" - can I suggest you pat yourself on the back.

Congratulations! your new log is clean. :whistling: Just a little bit more to do to prevent further infection.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update

MVPS Hosts file This replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

SiteAdvisor download this plug-in for your browser and it will alert you of a known bad site for FREE.

Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean:

SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer.
WINDOWS DEFENDER - With daily updates and scans, this programme offers good security against malware.
AD-AWARE PERSONAL – A fine free malware detector and removal programme
SPYBOT S&D – Excellent free spyware detector and removal programme
GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer.
FIREFOX - Safer alternative to the Internet Explorer web browser.
AVG ANTIVIRUS FREE EDITION - Free antivirus programme if you currently are not using one.
ZONEALARM - Free firewall programme if you currently are not using one (Windows XP has a built-in firewall).

Remember to update these frequently.

Please note that whilst there is nothing wrong in having more than one antispyware programme for “on demand” scanning, having two or more antivirus systems is not recommended as they may well cause conflicts and slowness.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep your Windows, antispyware and antivirus updated. :blink:

It just remains for me to wish you happy safe surfing; I hope you found my advice helpful.
  • 0

#9
Philoscript
Posted 16 September 2006 - 09:35 AM

Philoscript

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi,

I hope your weekend is going well. I did as you asked and downloaded all of the programs except spybot. It wouldn't download currently, but I'll try later. Anyway, would you mind just looking one more time at the hijackthis log that i'm posting below? I just want to make sure everything is clean. The virus/spyware is coming up clean.

Logfile of HijackThis v1.99.1
Scan saved at 11:28:14 AM, on 9/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\1131920714\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1131920714\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\AOL\1131920714\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131920714\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1131920714\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1131920714\ee\SSCRun.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...32/sdcregie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157240803593
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolc...der.9.3.2.3.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.vera.org/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A97B2058-825A-4B18-93CE-1483855578D1} (AOL Newport Editor Ctrl) - http://pictures.aolc...-US.9.3.2.1.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamp...file=stamps.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thank you so much for your help. The local store wanted to charge $250 for the service you just provided.

Do I need to do anything else?
  • 0

#10
Crustyoldbloke
Posted 16 September 2006 - 11:26 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
I very much doubt that the local store would remove malware; they normally just erase your hard drive and reload Windows. Malware removal is a very specialised service, not learnt overnight.

Your latest log is still clean; are you still having problems? If so, tell me specifically what they are and I will search for the cause.
  • 0

Advertisements

#11
Philoscript
Posted 16 September 2006 - 12:44 PM

Philoscript

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
My husband just informed me that everything is taking a long time to load on both firefox and the computer itself. He attempted to open norton antivirus and it froze the program for a few moments and took approx. 10 min to open. What could be causing these problems?

I just noticed there is something on my taskbar called Unknown- \\ MSSQLServer. What is this? Is this a problem?

Edited by Philoscript, 16 September 2006 - 12:49 PM.

  • 0

#12
Crustyoldbloke
Posted 16 September 2006 - 02:04 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
All is not well. I can't say for sure what the server is, but it shouldn't be there.

Let's go searching.

Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click blbeta.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe""


Also:

Download:WinPFind

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Reboot into Safe Mode: please see here if you are not sure how to do this.

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder.

Restart normally and post the contents of WinPFind.txt
  • 0

#13
Philoscript
Posted 16 September 2006 - 05:15 PM

Philoscript

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I did what you asked. I spoke with my father who looked at my computer before I went to your web site. He stated that that server installed itself on the desktop after the windows update. Anyway, here are the logs:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 9/16/2006 6:41:28 PM
WinPFind v1.5.0 Folder = C:\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
PEC2 8/29/2002 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC ()
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 9/11/2006 1:37:22 PM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 9/11/2006 1:37:22 PM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/4/2004 3:56:54 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/29/2002 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU ()
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/16/2006 6:26:52 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT ()
9/7/2006 10:09:54 PM H 111 C:\WINDOWS\WindowsShellOld.Manifest ()
9/9/2006 8:07:02 PM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme ()
9/9/2006 8:07:02 PM RH 0 C:\WINDOWS\assembly\pubpol1.dat ()
9/9/2006 8:59:02 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat ()
9/10/2006 9:27:00 PM S 64 C:\WINDOWS\CSC\00000001 ()
9/10/2006 8:31:46 PM S 64 C:\WINDOWS\CSC\00000002 ()
9/3/2006 8:25:46 AM H 0 C:\WINDOWS\INF\oem29.inf ()
7/28/2006 8:16:08 AM S 23751 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat ()
7/27/2006 10:00:28 AM S 10337 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat ()
7/21/2006 5:03:14 AM S 10925 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat ()
8/21/2006 9:00:10 AM S 11749 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
9/16/2006 6:26:42 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG ()
9/16/2006 6:27:22 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG ()
9/16/2006 6:26:54 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG ()
9/16/2006 6:29:36 PM H 110592 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG ()
9/16/2006 6:27:00 PM H 1253376 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG ()
9/13/2006 12:03:56 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG ()
9/10/2006 3:01:08 AM S 558 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD ()
9/10/2006 3:01:08 AM S 146 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD ()
8/27/2006 4:24:58 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\8be08d13-ccd3-42de-a131-4642282f92ab ()
8/27/2006 4:24:58 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred ()
8/27/2006 10:41:24 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\ea25d768-66cf-4998-a51d-3cc9853145a3 ()
8/27/2006 10:41:24 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred ()
9/16/2006 2:37:36 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
3/17/2005 3:35:20 PM 400640 C:\WINDOWS\SYSTEM32\agcpl.cpl (iAnywhere Solutions, Inc.)
8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
6/3/2003 12:38:44 PM 94208 C:\WINDOWS\SYSTEM32\BCMSM.CPL (Broadcom Corporation)
8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
3/30/2001 4:00:00 AM 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl (Creative Technology Ltd.)
2/21/2002 3:00:00 AM 212992 C:\WINDOWS\SYSTEM32\CTDevCtrl.cpl (Creative Technology Ltd.)
8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\JPICPL32.CPL (Sun Microsystems, Inc.)
8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL (Microsoft Corporation)
8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL (Microsoft Corporation)
8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL (Microsoft Corporation)
8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
4/8/2004 10:34:16 PM 77312 C:\WINDOWS\SYSTEM32\P2P Networking v125.cpl (Squid Software OÜ)
8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
3/11/2003 6:15:56 PM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl (Intel® Corporation)
8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL (Microsoft Corporation)
8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\DLLCACHE\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - Office Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=58813
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab
{1DF36010-E276-11D4-A7C0-00C04F0453DD} - Stamps.com Secure Postal Account Registration - CodeBase = https://secure.stamp...32/sdcregie.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - Symantec AntiVirus scanner - CodeBase = http://security.syma...bin/AvSniff.cab
{2FC9A21E-2069-4E47-8235-36318989DB13} - PPSDKActiveXScanner.MainScreen - CodeBase = http://www.pestscan....r/axscanner.cab
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - YInstStarter Class - CodeBase = http://download.yaho...s/yinst0401.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.micros...ntent/opuc3.cab
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - QDiagAOLCCUpdateObj Class - CodeBase = http://aolcc.aol.com...kup/qdiagcc.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} - Symantec RuFSI Utility Class - CodeBase = http://security.syma...n/bin/cabsa.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.micros...b?1157240803593
{83EF1847-D835-490B-8D9D-90B2987D66E8} - AOL Pictures Uploader Class - CodeBase = http://pictures.aolc...der.9.3.2.3.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab
{9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - Microsoft RDP Client Control (redist) - CodeBase = http://www.vera.org/tsweb/msrdp.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupd...7987.4816666667
{A97B2058-825A-4B18-93CE-1483855578D1} - AOL Newport Editor Ctrl - CodeBase = http://pictures.aolc...-US.9.3.2.1.cab
{BE5431D2-0F30-11D4-89D9-00C04F509C0A} - SDCInstaller Class - CodeBase = https://secure.stamp...file=stamps.cab
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macr...ash/swflash.cab
ppctlcab - - CodeBase = http://www.pestscan....er/ppctlcab.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/3/2002 3:36:04 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI ()
7/6/2005 9:35:18 PM 1836 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk ()
9/2/2006 8:44:50 PM 1908 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 3:26:20 PM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI ()

Checking files in %USERPROFILE%\Startup folder...
9/3/2002 3:36:04 PM HS 84 C:\Documents and Settings\Michelle Jehle\Start Menu\Programs\Startup\DESKTOP.INI ()

Checking files in %USERPROFILE%\Application Data folder...
9/2/2006 7:41:40 PM 1760 C:\Documents and Settings\Michelle Jehle\Application Data\AdobeDLM.log ()
9/3/2002 3:26:20 PM HS 62 C:\Documents and Settings\Michelle Jehle\Application Data\DESKTOP.INI ()
9/2/2006 7:41:40 PM 0 C:\Documents and Settings\Michelle Jehle\Application Data\dm.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - about:blank
\\Search Page - http://www.microsoft...amp;ar=iesearch
\\Default_Page_URL - http://www.microsoft...p...&ar=msnhome
\\Default_Search_URL - http://www.microsoft...amp;ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft...p...&ar=msnhome
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
\\Default_Page_URL - http://www.dell4me.com/myway
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
\\SearchAssistant - http://www.google.com/ie


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{02478D38-C3F9-4efb-9B51-7695ECA05670} - Yahoo! Companion BHO = C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{089FD14D-132B-48FC-8861-0048AE113215} - = C:\Program Files\SiteAdvisor\SiteAdv.dll (McAfee, Inc.)
\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - &Discuss = shdocvw.dll (Microsoft Corporation)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor = C:\Program Files\SiteAdvisor\SiteAdv.dll (McAfee, Inc.)
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - = ()
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion = C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll (Yahoo! Inc.)
\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)
\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8200
\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - 8193 = Yahoo! Messenger
\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - 8194 =
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8195 =
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 =
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8197 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8198 = Windows Messenger
\\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8199 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\CmdMapping - MenuText: = ()
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar =
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - ButtonText: Messenger =
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = C:\Program Files\Sonic\RecordNow!\shlext.dll (Sonic Solutions)
\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{A4DF5659-0801-4A60-9607-1C48695EFDA9} - Share-to-Web Upload Folder = C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL (Hewlett-Packard)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{5EC3EA89-4453-4416-A78B-65F689DC2048} - Goback Drives = C:\Program Files\Norton SystemWorks\Norton GoBack\GBDrvShX.dll ()
\\{6809E580-A3A7-11D1-9A00-00A0C945B006} - GoBack Shell Extension = C:\Program Files\Norton SystemWorks\Norton GoBack\ShellExt.dll (Symantec Corporation)
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\GoBack - {6809E580-A3A7-11D1-9A00-00A0C945B006} = C:\Program Files\Norton SystemWorks\Norton GoBack\ShellExt.dll (Symantec Corporation)
\Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll ()
BCMSMMSG - C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
dla - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
DVDSentry - C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
PCMService - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
diagent - C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
UpdReg - C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
UpdateManager - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
- Reg Data missing or invalid ()
Norton Ghost 9.0 - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
Share-to-Web Namespace Daemon - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
mmtask - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: <Company name>)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
HPHUPD04 - C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe (Hewlett-Packard)
HPHmon04 - C:\WINDOWS\System32\hphmon04.exe (Hewlett-Packard)
HPDJ Taskbar Utility - C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
HostManager - C:\Program Files\Common Files\AOL\1131920714\ee\AOLSoftware.exe (America Online, Inc.)
AOLDialer - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online)
{1290A33C-85F5-4164-A1BE-7DD299D4986A} - C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe (CyberLink Corp.)
AOLSPScheduler - C:\Program Files\Common Files\AOL\1131920714\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe (AOL LLC)
sscRun - C:\Program Files\Common Files\AOL\1131920714\ee\SSCRun.exe (AOL LLC)
!ewido - C:\Program Files\ewido anti-spyware 4.0\ewido.exe (Anti-Malware Development a.s.)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sonic RecordNow! - Reg Data missing or invalid ()
Norton SystemWorks - C:\Program Files\Norton SystemWorks\cfgwiz.exe (Symantec Corporation)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
DellSupport - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
Mobipocket Web Companion - C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe (Mobipocket.com)
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe (Yahoo! Inc.)
swg - C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe (Symantec Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Michelle Jehle\Start Menu\Programs\Startup\DESKTOP.INI ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{38CD07DB-F72F-4DA2-8B89-D5B36E46F885} - (Instant Wireless USB Network Adapter ver.2.6)
{3945C881-ED33-45D6-BD45-C3A807316A22} - (Instant Wireless USB Network Adapter ver.2.6)
{5906A4C5-9E55-4A8D-9610-770343082DB3} - ()
{73C6B474-E3A1-41F1-8287-3FBAB6829500} - (Instant Wireless USB Network Adapter ver.2.6)
{9FBC8DF3-B596-432D-824D-827A014C530E} - (Instant Wireless USB Network Adapter ver.2.6)
{E1092418-CF16-4BF6-9ADB-89D7AE39319D} - (Instant Wireless USB Network Adapter ver.2.6)
{F40A9280-41D8-40B4-A156-EBC69821B463} - (Intel® PRO/100 VE Network Connection)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000025\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000026\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000027\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


09/16/06 18:11:07 [Info]: BlackLight Engine 1.0.46 initialized
09/16/06 18:11:07 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/16/06 18:11:07 [Note]: 7019 4
09/16/06 18:11:07 [Note]: 7005 0
09/16/06 18:11:15 [Note]: 7006 0
09/16/06 18:11:15 [Note]: 7011 1876
09/16/06 18:11:15 [Note]: 7026 0
09/16/06 18:11:15 [Note]: 7026 0
09/16/06 18:11:29 [Note]: FSRAW library version 1.7.1019
09/16/06 18:22:32 [Note]: 7007 0


What do I do next?
  • 0

#14
Crustyoldbloke
Posted 16 September 2006 - 06:25 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Well I have analysed the WinPfind log and nothing is showing up there. The Blacklight log is also negative, so it is nothing serious - good news!

The last log shows me a LSP problem which can be fixed painlessly:

Please download WinsockFix

Double click WinsockFix to open the programme. Click FIX and then YES and the tool will check and repair the winsock and when complete will reboot your PC.

Also:

Please run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the programme, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.

  • 0

#15
Philoscript
Posted 18 September 2006 - 07:26 AM

Philoscript

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I'll have to get to this tomorrow. I have my state practical for my EMT class tonight.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP