9 replies to this topic

[tim37]

My home PC became infected with Antivirus 2008. It has Norton™ Security Online running that includes Norton Antivirus™, Norton™ Personal Firewall and Norton™ AntiSpyware which found the infection but didn't delete anything that I could find. After doing some on-line searches for help, I found this web site, downloaded Malwarebytes to my office PC (because the infection would redirect me from my home PC) took it home on a thumb drive, installed it, updated it, ran it in Safe mode, did a quick scan and full scan. It found and removed a large number of items. Then I became concerned with how would I know when everything is removed. I read several threads and followed the instructions in your 2936 post. The logs are attached as requested. Please tell me what I need to do next.

The mbam-log-2008-09-03 (18-30-26).txt file is the first quick scan.
The mbam-log-2008-09-03 (20-32-14).txt file is the first/only full scan.
The mbam-log-2008-09-04 (21-39-03).txt file is after running spybot SD

Although not requested, I am attaching a PDF of the spybot SD



Thank you very much for your help.

Attached Files

•  mbam_log_2008_09_04__21_39_03_.txt   833bytes   82 downloads
•  mbam_log_2008_09_03__20_32_14_.txt   3.09K   88 downloads
•  mbam_log_2008_09_03__18_30_26_.txt   28.17K   87 downloads
•  ActiveScan.txt   16.7K   111 downloads
•  Spybot___Search___Destroy_scan_report_after_fix.pdf   26.63K   150 downloads
•  hijackthis.txt   9.78K   82 downloads

[AdvancedSetup]

Hi Tim and Welcome to Malwarebytes

Actually the SSD is requested.


Please follow the instructions posted here: Pre- HJT Post Instructions

Then post the requested logs back here {please don't attach the files, post them directly even if it takes multiple posts}

I will be happy to assist you further with cleaning up your system once you've followed the instructions above and reposted your information.

Please follow in the directions in the given order as it does make a difference.

Thanks

[tim37]

I followed the 2936 instructions again. Here is the S&D report.


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-07-07 TeaTimer.exe (1.6.0.20)
2008-09-04 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-09-02 Includes\Adware.sbi
2008-09-02 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-09-02 Includes\Dialer.sbi
2008-09-02 Includes\DialerC.sbi
2008-07-23 Includes\HeavyDuty.sbi
2008-09-02 Includes\Hijackers.sbi
2008-09-02 Includes\HijackersC.sbi
2008-09-02 Includes\Keyloggers.sbi
2008-09-02 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-09-02 Includes\Malware.sbi
2008-09-02 Includes\MalwareC.sbi
2008-09-02 Includes\PUPS.sbi
2008-09-02 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-18 Includes\Security.sbi
2008-09-02 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-09-02 Includes\Spyware.sbi
2008-09-02 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-09-03 Includes\Trojans.sbi
2008-09-02 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB918439
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB918899
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB925486
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB911567
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 8: Security Update for Windows Media Player 8 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953838)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)


--- Startup entries list ---
Located: HK_LM:Run, AdaptecDirectCD
command: "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
file: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: BE3238A165AFB321F1696CC1FF9EF271

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 34672
MD5: 69B16C7B7746BA5C642FC05B3561FC73

Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 116040
MD5: 27E0EB81AE55788C8FBE6D489F862168

Located: HK_LM:Run, BCMSMMSG
command: BCMSMMSG.exe
file: C:\WINDOWS\BCMSMMSG.exe
size: 122880
MD5: 2D99607F21FF368C0E335A2D91A052A1

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C

Located: HK_LM:Run, Dell AIO Printer A940
command: "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
file: C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
size: 86102
MD5: 4B5D22BD0A11E1C97ECFA5A45A529FCB

Located: HK_LM:Run, eFax 4.3
command: "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
file: C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
size: 116224
MD5: 55C9DD19EDC545BC44FD32BC80B12831

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: 00DD2A87E62C1277F44D421650078024

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: E4D1DA7A6DEDEE53A81681821183D110

Located: HK_LM:Run, IntelliPoint
command: "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
file: C:\Program Files\Microsoft IntelliPoint\ipoint.exe
size: 849280
MD5: F4E7979D8ADEBEEDEAD33019A5BD52BF

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 289064
MD5: 4CED92963F453EB8DCFE67FD4248D657

Located: HK_LM:Run, osCheck
command: "C:\PROGRA~1\Symantec\osCheck.exe"
file: C:\PROGRA~1\Symantec\osCheck.exe
size: 771704
MD5: 74867F6AAF1BADDA7E7C0E6E63A20732

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: F34EB5D4F145ED5FE50033CA3A41ED24

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97

Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 583048
MD5: 2D1389E05A807D956829F44BD4B60389

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 89D583FC41D48328128A974C25AFAEB7

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC

Located: HK_LM:Run, YOP
command: C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
file: C:\PROGRA~1\Yahoo!\YOP\yop.exe
size: 509224
MD5: 176A0FA6851AB08491AA4EFB4D0258EF

Located: HK_LM:Run, YPC
command: C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
file: C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
size: 352256
MD5: 28A9E8F49B1A9AA3CE337CA7D4E75469

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1060284298-1035525444-682003330-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: Startup (common), Digital Line Detect.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Digital Line Detect\DLG.exe
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 45056
MD5: 4E01F0DB4E23DA7A1DEA6CFD50B3DCC4

Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn0\
Long name: yt.dll
Short name:
Date (created): 1/8/2008 5:37:04 PM
Date (last access): 9/6/2008 2:30:44 AM
Date (last write): 1/8/2008 5:37:04 PM
Filesize: 878352
Attributes: archive
MD5: D21D8EE5AA7AE4D98D69DAD4AB41EB80
CRC32: 2A716F54
Version: 2008.1.8.1

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 6/11/2008 10:33:16 PM
Date (last access): 9/6/2008 8:52:04 AM
Date (last write): 6/11/2008 10:33:16 PM
Filesize: 75128
Attributes: archive
MD5: E96C752BBA0E22330A43258FC800200E
CRC32: E5D72083
Version: 9.0.0.332

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 3/18/2008 7:19:30 PM
Date (last access): 9/6/2008 9:18:36 AM
Date (last write): 3/18/2008 7:19:30 PM
Filesize: 370296
Attributes: archive
MD5: 6E032715A135D156645D0548B90FEC6D
CRC32: 51F09C16
Version: 1.0.1.45

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 9/4/2008 7:42:44 PM
Date (last access): 9/6/2008 9:47:14 AM
Date (last write): 7/7/2008 9:41:58 AM
Filesize: 1562448
Attributes: archive
MD5: 32981ADE44D01EC2A9EBC2E311291707
CRC32: C2F522E6
Version: 1.6.0.12

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 12/12/2007 5:09:42 PM
Date (last access): 9/6/2008 9:07:04 AM
Date (last write): 12/12/2007 5:09:42 PM
Filesize: 222448
Attributes: archive
MD5: BBDE3B4ACB928F30A35DBA4DD11564E1
CRC32: F07520BB
Version: 2007.12.12.1

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 7/14/2008 5:48:20 AM
Date (last access): 9/6/2008 9:18:36 AM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 509328
Attributes: archive
MD5: F921D875A1CBD69A6A462BA2514BC831
CRC32: 38AC9EE2
Version: 6.0.70.6



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
DPF name:
CLSID name: Microsoft Office Template and Media Control
Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf
Codebase: http://office.micros...tes/ieawsdc.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: IEAWSDC.DLL
Short name:
Date (created): 2/9/2007 7:15:26 AM
Date (last access): 9/6/2008 10:04:34 AM
Date (last write): 2/9/2007 7:15:26 AM
Filesize: 175968
Attributes: archive
MD5: 1C33677DA385ACFDB263A8995303303F
CRC32: 0FA31421
Version: 12.0.6026.0

{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\OGAControl.inf
Codebase: http://download.microsoft.com/download/e/4.../OGAControl.cab
Path: C:\WINDOWS\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 2/4/2008 6:23:10 PM
Date (last access): 9/6/2008 10:05:18 AM
Date (last write): 2/4/2008 6:23:10 PM
Filesize: 693792
Attributes: archive
MD5: D1346A4683E98836E2FE003859E5DC0D
CRC32: DF1DBA7A
Version: 1.6.28.0

{0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control)
DPF name:
CLSID name: Microsoft Data Collection Control
Installer:
Codebase: https://support.micr...veX/MSDcode.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MSDcode.dll
Short name:
Date (created): 1/18/2007 1:27:00 AM
Date (last access): 9/6/2008 10:04:34 AM
Date (last write): 1/18/2007 1:27:00 AM
Filesize: 345512
Attributes: archive
MD5: 0D3698A5747E88E7EBB97C0B8790B8AF
CRC32: FD1DA0D9
Version: 2.5.102.0

{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class)
DPF name:
CLSID name: ActiveScan 2.0 Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\as2stubie.inf
Codebase: http://acs.pandasoft...s/as2stubie.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: as2stubie.dll
Short name: AS2STU~1.DLL
Date (created): 6/30/2008 10:39:58 AM
Date (last access): 9/6/2008 10:04:32 AM
Date (last write): 6/30/2008 10:39:58 AM
Filesize: 128256
Attributes: archive
MD5: BB482DD127289F0FAD474610F5A4C3E3
CRC32: 1CF0CB03
Version: 1.0.0.10

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer:
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: YInstHelper.dll
Short name: YINSTH~1.DLL
Date (created): 11/28/2007 4:55:58 PM
Date (last access): 9/6/2008 2:34:34 AM
Date (last write): 11/28/2007 4:55:58 PM
Filesize: 211744
Attributes: archive
MD5: 48FF0FA1CAB4AD6ACEF9027F34090880
CRC32: 284355E3
Version: 2007.11.28.1

{406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia)
DPF name:
CLSID name: Snapfish Activia
Installer: C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.inf
Codebase: http://photo.walgree...eensActivia.cab
description:
classification: Legitimate
known filename: SnapfishActivia1000.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SnapfishActivia1000.ocx
Short name: SNAPFI~1.OCX
Date (created): 6/3/2005 12:24:32 PM
Date (last access): 9/6/2008 10:04:34 AM
Date (last write): 6/3/2005 12:24:32 PM
Filesize: 286720
Attributes: archive
MD5: F5C79C45F1ADF877DC3AFDFF3565AE7B
CRC32: F118547A
Version: 1.0.0.10

{4EC8E993-32C1-47F5-A07A-5B0574655AD4} (Software Center)
DPF name:
CLSID name: Software Center
Installer: C:\WINDOWS\Downloaded Program Files\ysftcntr.inf
Codebase: http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Yahoo!\Common\
Long name: YWXcom.dll
Short name:
Date (created): 12/20/2007 5:18:32 PM
Date (last access): 9/6/2008 2:35:06 AM
Date (last write): 12/20/2007 5:18:32 PM
Filesize: 229664
Attributes: archive
MD5: 950EBB1BC9EBCA53DC2672A49D7A1E7C
CRC32: A9BC33BB
Version: 2007.12.20.1

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/...b?1174162191156
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 5/26/2005 5:19:32 AM
Date (last access): 9/6/2008 9:16:18 AM
Date (last write): 7/30/2007 7:19:28 PM
Filesize: 203096
Attributes: archive
MD5: 5C9A003E7C6BA03F04DC2D9C82A7E6E0
CRC32: E29E0153
Version: 7.0.6000.381

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdat...b?1174177762312
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 5:19:32 AM
Date (last access): 9/6/2008 9:16:18 AM
Date (last write): 7/30/2007 7:19:04 PM
Filesize: 207736
Attributes: archive
MD5: 2DEE560CCEF55353EB62FDA870446393
CRC32: 5AA71F7B
Version: 7.0.6000.381

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 9/6/2008 2:30:52 AM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.micros...ntent/opuc4.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 7/21/2008 12:52:36 PM
Date (last access): 9/6/2008 10:01:44 AM
Date (last write): 7/21/2008 12:52:36 PM
Filesize: 524288
Attributes: archive
MD5: ED46E6DDA3F6E2AF5D898F697C8CE81F
CRC32: 9A634B1A
Version: 12.0.5575.1000

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 3:09:16 AM
Date (last access): 9/6/2008 2:35:56 AM
Date (last write): 12/15/2006 3:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 9/6/2008 2:35:56 AM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/25/2007 12:31:44 AM
Date (last access): 9/6/2008 2:35:56 AM
Date (last write): 9/25/2007 2:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 9/6/2008 10:17:48 AM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 9/6/2008 10:17:48 AM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 3/24/2008 9:32:42 PM
Date (last access): 9/6/2008 2:35:58 AM
Date (last write): 3/24/2008 9:32:42 PM
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 580 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 632 ( 580) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 656 ( 580) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 700 ( 656) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 0E776ED5F7CC9F94299E70461B7B8185
PID: 712 ( 656) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 868 ( 700) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 936 ( 700) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1032 ( 700) C:\Program Files\Windows Defender\MsMpEng.exe
size: 13592
MD5: F45DD1E1365D857DD08BC23563370D0E
PID: 1072 ( 700) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1176 ( 700) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1328 ( 700) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
size: 108648
MD5: FE69C498B922CE835E2E2123FBD0A272
PID: 1672 ( 700) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
size: 47712
MD5: EFF5C2A0A06BCBFC5CF931C00CF6146D
PID: 392 ( 700) C:\WINDOWS\system32\LEXBCES.EXE
size: 303104
MD5: 5E3498F3D0146C0E275272B94369E3D2
PID: 428 ( 700) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 484 ( 392) C:\WINDOWS\system32\LEXPPS.EXE
size: 174592
MD5: 4BAA2A65871C478CB45F11C948D9C539
PID: 992 ( 172) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1648 ( 700) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 116040
MD5: 2BDA4A9480B550FCCA6D29C22CA54C0D
PID: 1768 ( 700) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 554352
MD5: B5D974C1FD078A68C7536C561B031D39
PID: 524 ( 700) C:\Program Files\Bonjour\mDNSResponder.exe
size: 229376
MD5: CFD4C3352E29A8B729536648466E8DF5
PID: 576 ( 700) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
size: 108648
MD5: FE69C498B922CE835E2E2123FBD0A272
PID: 380 ( 700) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2064 ( 700) C:\Program Files\Canon\CAL\CALMAIN.exe
size: 86606
MD5: A9ACC4B9730B6D5B0BB2BFFDC53F0812
PID: 3864 ( 700) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 2320 ( 992) C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: 00DD2A87E62C1277F44D421650078024
PID: 836 ( 992) C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: BE3238A165AFB321F1696CC1FF9EF271
PID: 620 ( 992) C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
size: 86102
MD5: 4B5D22BD0A11E1C97ECFA5A45A529FCB
PID: 2804 ( 700) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2916 ( 992) C:\WINDOWS\BCMSMMSG.exe
size: 122880
MD5: 2D99607F21FF368C0E335A2D91A052A1
PID: 244 ( 992) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
PID: 2968 ( 992) C:\PROGRA~1\Yahoo!\YOP\yop.exe
size: 509224
MD5: 176A0FA6851AB08491AA4EFB4D0258EF
PID: 2984 ( 992) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
size: 849280
MD5: F4E7979D8ADEBEEDEAD33019A5BD52BF
PID: 3836 ( 992) C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
size: 116224
MD5: 55C9DD19EDC545BC44FD32BC80B12831
PID: 4092 ( 992) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 89D583FC41D48328128A974C25AFAEB7
PID: 2784 ( 992) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 115816
MD5: 25BE770865658CB79100117112819A7C
PID: 2316 ( 620) C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
size: 73806
MD5: E1B3D8B05E30FEF727748B84FC3D7366
PID: 3440 ( 992) C:\Program Files\iTunes\iTunesHelper.exe
size: 289064
MD5: 4CED92963F453EB8DCFE67FD4248D657
PID: 3096 ( 992) C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
PID: 3188 ( 992) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 3356 ( 992) C:\Program Files\Digital Line Detect\DLG.exe
size: 45056
MD5: 4E01F0DB4E23DA7A1DEA6CFD50B3DCC4
PID: 3216 ( 700) C:\Program Files\iPod\bin\iPodService.exe
size: 532264
MD5: D7ED7D86C9FDDC2EEE637B303B3D6A6B
PID: 1544 ( 868) C:\PROGRA~1\Yahoo!\browser\ycommon.exe
size: 200704
MD5: DC384325FFC20A35BBD2A49FAE962153
PID: 2580 ( 868) C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
size: 628352
MD5: C5E51FD31B5F4D2755D66BA453ABB019
PID: 2420 ( 700) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 1174664
MD5: 43CFCA936D211BF7F1CDE1DDF807CB76
PID: 3308 ( 992) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307712
MD5: A6D64056AD6CA84534143757FD782D7A
PID: 3156 ( 868) C:\WINDOWS\System32\wbem\wmiprvse.exe
size: 218112
MD5: 0FFAE66E6D5B1C87CBD22D1F3B6079FD
PID: 2684 ( 992) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 9/6/2008 10:17:49 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A6969B19-FE2C-47CE-A453-268B9E3251A8}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A6969B19-FE2C-47CE-A453-268B9E3251A8}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{590257EA-F2BC-4D52-B746-72E51CE0AD17}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{590257EA-F2BC-4D52-B746-72E51CE0AD17}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BFBF4915-44A8-47FB-A33F-5305BAB9231D}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BFBF4915-44A8-47FB-A33F-5305BAB9231D}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D3E9257-C2E5-4DC8-922D-5DD3DF6DA611}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9D3E9257-C2E5-4DC8-922D-5DD3DF6DA611}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{31B4A8B7-898C-403B-9AC8-3E0185D11920}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{31B4A8B7-898C-403B-9AC8-3E0185D11920}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

[tim37]

Here is the Malware report.

Malwarebytes' Anti-Malware 1.26
Database version: 1119
Windows 5.1.2600 Service Pack 3

9/6/2008 10:10:16 AM
mbam-log-2008-09-06 (10-10-16).txt

Scan type: Quick Scan
Objects scanned: 44331
Time elapsed: 9 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[tim37]

Here is the Panda ActiveScan report:

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-09-06 11:45:31
PROTECTIONS: 1
MALWARE: 39
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Windows Defender 1.1.3903.0 No Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92E.tmp
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq926.tmp
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq638.tmp
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq831.tmp
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82E.tmp
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF4.tmp
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq929.tmp
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63B.tmp
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq836.tmp
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tickle[1].txt
00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA58.tmp
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq637.tmp
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq85.tmp
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5A.tmp
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF3.tmp
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92F.tmp
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq837.tmp
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B.tmp
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5E.tmp
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8E.tmp
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF1.tmp
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@target[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@did-it[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82C.tmp
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq830.tmp
03173354 Application/FunWeb HackTools No 0 Yes No C:\System Volume Information\_restore{05955374-0BA6-4B3C-AC3D-84BB2CCE6BD4}\RP5\A0000384.DLL
03548831 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\System Volume Information\_restore{05955374-0BA6-4B3C-AC3D-84BB2CCE6BD4}\RP2\A0000116.exe
03592413 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\System Volume Information\_restore{05955374-0BA6-4B3C-AC3D-84BB2CCE6BD4}\RP4\A0000126.exe
03592413 Adware/RogueAntimalware2008 Adware No 0 Yes No C:\System Volume Information\_restore{05955374-0BA6-4B3C-AC3D-84BB2CCE6BD4}\RP6\A0000712.exe
03600544 Adware/VapSup Adware No 0 Yes No C:\System Volume Information\_restore{05955374-0BA6-4B3C-AC3D-84BB2CCE6BD4}\RP0\A0000016.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location o
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description o
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================

[tim37]

Here is the HiJackThis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:44 AM, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (Software Center) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174162191156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174177762312
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9921 bytes

[AdvancedSetup]

Hi Tim,

I've reviewed all of your logs and I don't see anything wrong or suspicious. There are a few things I want to recommend but I have to run out for a few hours so I'll post back later tonight. You look clean according to the logs.

[AdvancedSetup]

You appear to have multiple versions of Java installed. You should go into your Control Panel - Add/Remove and remove ALL versions of Java found. Then after a reboot delete this folder if it still exists C:\Program Files\Java then reinstall your version jre1.6.0_07

It's okay to have a blank page for your home page but just make sure the file C:\WINDOWS\system32\blank.htm does not exist or that it is in fact a clean page or delete it.

You also appear to be running a very old version of Roxio Easy CD Creator. You may want to ensure you have the latest updates for it to ensure no conflicts. That specific version is almost 8 years old now.

Aside from that though your system does not show any indications of being infected according to the logs.

[tim37]

Thank you very much for the advice. I did as you said and am thankful to be rid of the spyware et al.

I have Norton Online Security running and it did detect Antivirus 2008 but could not protect/removeit or the other problems you suggested software found and removed. I now also have MS Defender and Spybot S&D installed. What do you recommend I have running? Should I get the Paid version of Spybot S&D for realtime protection?

Thanks for you help.

[AdvancedSetup]

Well you typically can only have one dedicated Antimalware product monitoring so I would suggest the paid version of Malwarebytes


[indent]At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

• On the Desktop, right-click My Computer.
  
• Click Properties.
  
• Click the System Restore tab.
  
• Check Turn off System Restore.
  
• Click Apply, and then click OK.
  
• Reboot.

Turn ON System Restore

• On the Desktop, right-click My Computer.
  
• Click Properties.
  
• Click the System Restore tab.
  
• UN-Check *Turn off System Restore*.
  
• Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install SpyWare Blaster.
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can find a tutorial here : http://www.mvps.org/...p2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must. I recommend Online Armor Free

A little outdated but good reading on how to prevent Malware

Keep safe online and happy surfing.



Since this issue is resolved I will soon close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions


Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help
If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org[/indent]




.