My windows update goes to MSN and I cannot get to the Update page even if I manually type the address in. I've ran & deleted the files Malware finds but they come back. I've booted in safe mode and ran it as well and disabled re-store before doing so and the same files re-appear and the windows update doesn't ever work.---HELP
MBAM Log-
Malwarebytes' Anti-Malware 1.30
Database version: 1334
Windows 5.1.2600 Service Pack 3
10/29/2008 8:04:12 AM
mbam-log-2008-10-29 (08-04-00).txt
Scan type: Full Scan (C:\|L:\|)
Objects scanned: 190674
Time elapsed: 6 hour(s), 40 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146 85.255.112.19 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f515b4d4-df87-4744-a05d-59ecebf4ab6b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146 85.255.112.19 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146 85.255.112.19 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f515b4d4-df87-4744-a05d-59ecebf4ab6b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146 85.255.112.19 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146 85.255.112.19 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f515b4d4-df87-4744-a05d-59ecebf4ab6b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146 85.255.112.19 1.2.3.4 -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Panda Scan
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-10-30 06:52:26
PROTECTIONS: 1
MALWARE: 33
SUSPECTS: 2
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
CA Anti-Virus 9.0.0.174 No Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Local Settings\Temp\Cookies\debbie@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Scott\Cookies\scott@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Local Settings\Temp\Cookies\debbie@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@mediaplex[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Scott\Cookies\scott@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Local Settings\Temp\Cookies\debbie@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@ad.yieldmanager[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@bs.serving-sys[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Local Settings\Temp\Cookies\debbie@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@advertising[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Local Settings\Temp\Cookies\debbie@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@adrevolver[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@adrevolver[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@adultfriendfinder[1].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@valueclick[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Scott\Cookies\scott@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@atwola[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@ads.addynamix[2].txt
00959234 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.1.0.037\npwthost.dll
01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
01240432 Adware/MyWay Adware No 0 No No C:\WINDOWS\Downloaded Installations\{6936DB8E-F8FF-4007-B646-0CBD4AB654B1}\AquaSupreme.msi[unk_0064][myBarSp.exe]
01313177 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\WildTangent\Components\wtPropertyBag0200.dll
03982751 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location
;===============================================================================
================================================================================
=
===================
No C:\Program Files\NoAdware5.0\nutils.dll
No C:\Program Files\NoAdware5.0\nutils.dll
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
HiJack This Scan-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:41 AM, on 10/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\1137212081\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoAdware5] "C:\Program Files\NoAdware5.0\NoAdware5.exe" :Min:
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 7130 bytes
Full Version: Windows Update goes to MSN &
Hello and welcome to the forums!
I'm Odd dude, pleased to meet you; if it helps, you can call me OD
. I will be helping you with your infection. However, it is important to take note of ten things - quite the wall of text, I know, but please bear with me:
I am now analyzing your situation and hope to be back with you soon. While I am reviewing your situation, could you please do the following for me:
Make an Uninstall List
I need you to create an uninstall list so I can further analyze your situation.
I'm Odd dude, pleased to meet you; if it helps, you can call me OD
. I will be helping you with your infection. However, it is important to take note of ten things - quite the wall of text, I know, but please bear with me:- Logs from malware removal programs (Hijackthis is one of them) can take some time to analyze. I need you to be patient whilst I analyze any logs you post.
- Please carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects. - If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
- Only YOU must use these instructions, they are not suitable for any other computer with similar problems.
- Do not do things I do not ask for, such as running a spyware scan. The one thing you should always do, though, is making sure that your antivirus definitions are up-to-date!
- If I tell you to download a tool which you already have, please re-download it and do not use the copy you already have. This is because the tools are updated regularly.
- In Windows Vista, all tools need to be started by right clicking and selecting Run as administrator!
- I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you were to do the same. From this point, we're in this together
- As I am still in training at the Malware Removal University, anything I do must be checked by an experienced malware fighter. This means there might be a slight delay in my answers.
- Lastly, I am no magican. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
I am now analyzing your situation and hope to be back with you soon. While I am reviewing your situation, could you please do the following for me:
Make an Uninstall List
I need you to create an uninstall list so I can further analyze your situation.
- Start HijackThis.
- Click Open the Misc Tools section
- Click Open Uninstall Manager
- Click Save list...
- Save the list to your desktop, or any other convenient place.
Hi again Fire926
SmitfraudFix
Download SmitfraudFix, save it to your desktop, and run it.
Select option 1 - Search by typing 1 and then pressing Enter. The tool will then begin to scan your computer. When it finishes, it creates a log in the root of your drive, with a name of Rapport.txt This report is accessible by clicking Start :arrow: Run, then entering the following and pressing Enter:
Please post the contents of rapport.txt in your next reply
Blacklight
Download F-Secure Blacklight to the root of your drive (usually C:\).
Please post back:
- Smitfraudfix log
- Blacklight log
- New Hijackthis log
- Uninstall list I asked for in my previous post
- How is the PC running now?
SmitfraudFix
Download SmitfraudFix, save it to your desktop, and run it.
Select option 1 - Search by typing 1 and then pressing Enter. The tool will then begin to scan your computer. When it finishes, it creates a log in the root of your drive, with a name of Rapport.txt This report is accessible by clicking Start :arrow: Run, then entering the following and pressing Enter:
CODE
\rapport.txt
Please post the contents of rapport.txt in your next reply
Blacklight
Download F-Secure Blacklight to the root of your drive (usually C:\).
- Click Start :arrow: Run and copy & paste the following:CODE\fsbl /expert
- Then click OK
- Click I accept the agreement, then Scan to start the scan
- After the scan has finished, EXIT Blacklight. Do not choose to rename any items, because legitimate items might be present!
- Post the fsbl-xxxxxxx.log logfile that was made (can be found in the same directory as Blacklight). xxxxxxx are numbers representing the current date.
Please post back:
- Smitfraudfix log
- Blacklight log
- New Hijackthis log
- Uninstall list I asked for in my previous post
- How is the PC running now?
SmitFraud Log
SmitFraudFix v2.371
Scan done at 8:15:41.64, Sat 11/01/2008
Run from C:\Documents and Settings\Scott\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\AOL\1137212081\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Scott
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Scott\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Scott\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Scott\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) - Packet Scheduler Miniport
DNS Server Search Order: 85.255.112.146
DNS Server Search Order: 85.255.112.19
DNS Server Search Order: 1.2.3.4
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F515B4D4-DF87-4744-A05D-59ECEBF4AB6B}: DhcpNameServer=85.255.112.146 85.255.112.19 1.2.3.4
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F515B4D4-DF87-4744-A05D-59ECEBF4AB6B}: DhcpNameServer=85.255.112.146 85.255.112.19 1.2.3.4
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F515B4D4-DF87-4744-A05D-59ECEBF4AB6B}: DhcpNameServer=85.255.112.146 85.255.112.19 1.2.3.4
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.146 85.255.112.19 1.2.3.4
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.146 85.255.112.19 1.2.3.4
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.146 85.255.112.19 1.2.3.4
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Blacklight Log
11/01/08 08:20:50 [Info]: BlackLight Engine 2.2.1092 initialized
11/01/08 08:20:50 [Info]: OS: 5.1 build 2600 (Service Pack 3)
11/01/08 08:20:50 [Note]: 7019 4
11/01/08 08:20:50 [Note]: 7005 0
11/01/08 08:20:57 [Note]: 7006 0
11/01/08 08:20:57 [Note]: 7011 3776
11/01/08 08:20:57 [Note]: 7035 0
11/01/08 08:20:57 [Note]: 7026 0
11/01/08 08:20:57 [Note]: 7026 0
11/01/08 08:21:02 [Note]: FSRAW library version 1.7.1024
11/01/08 08:37:57 [Note]: 2000 1012
11/01/08 08:37:57 [Note]: 2000 1012
11/01/08 08:50:31 [Note]: 7007 0
HiJack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:08, on 11/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoAdware5] "C:\Program Files\NoAdware5.0\NoAdware5.exe" :Min:
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 7195 bytes
Uninstall List
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
AOL Uninstaller (Choose which Products to Remove)
Apache Air Assault
Apple Mobile Device Support
Apple Software Update
AQUAZONE Seven Seas Deluxe
ArcSoft PhotoImpression
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
Avery® Wizard 2.1 for Microsoft® Word 2002
BHA B's Recorder GOLD 5.09
CA Anti-Virus
CA Anti-Virus
CarFileTool
CCleaner (remove only)
C-Media WDM Audio Driver
CNET Download Manager
Conflict Desert Storm II
Desert Storm
Dirt Track Racing 2
DivX
EA SPORTS online 2008
EasyGPS
Enhanced Sound Card Driver 8.0
EPSON Smart Panel
EPSON TWAIN 5
FP3 Player
Full Tilt Poker
Guillemot Hardware Inspector
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hoyle Casino 5
HP Image Zone 3.5
HP PhotoSmart 210/215 Camera Software (by ArcSoft)
HP PSC & OfficeJet 3.5
HP Software Update
ICQ
iDEN GPS Upgrade Utility
ieSpell
ImageMate 8 in 1 Read/Writer (SDDR-88)
ImageMixer for Sony
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_06
K-litePro 3.0.0.0
Learn2 Player (Uninstall Only)
Logitech Gaming Software
Logitech ImageStudio
Madden NFL 08
Malwarebytes' Anti-Malware
MapSend Streets and Destinations USA
Masque Slots - IGT and MultiPlay Video Poker
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
MicroStaff WINASPI
Monster Jam
MSN Messenger 7.5
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NASCAR® Racing 2003 Season
Nero 7 Essentials
NoAdware v5.0
Outlook Express Quick Backup
overland
Paint Shop Pro 5.01
Paltalk
Panda ActiveScan 2.0
petty_43_01 Screen Saver
PhotoStreamer 2
PhotoWorks Plus
Picaboo 2.0.406
Pro Pilkki 2
Pure Networks Port Magic
QuickTime
RealPlayer
Realtek AC'97 Audio
Registry Mechanic 6.0
Replay AV 8
Replay Converter 2.8
Replay Media Catcher
Replay Media Catcher
Replay Media Splitter 1.4
Replay Music 2.51
Replay Player
Replay Screencast 1.21
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Shockwave
SmartSight nDVR Client 3.0
SnagIt 7
Sony USB Driver
Spyware Doctor 5.0
Thrustmapper
Thrustmaster Calibration Tool
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
WD Diagnostics
WildTangent Web Driver
Windows Backup Utility
Windows Communication Foundation
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Media 8 Encoding Utility
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Support Tools
Windows Workflow Foundation
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
WinZip
WONplay
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool
YH-920 Driver & Utilities
PC runs fine but the MSN/Windows update issue remains unchanged.
I will be out of town on business from now until Next Saturday 11/8/08 without access to this computer. I appreciate your assistance and patience.
SmitFraudFix v2.371
Scan done at 8:15:41.64, Sat 11/01/2008
Run from C:\Documents and Settings\Scott\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\AOL\1137212081\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Scott
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Scott\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Scott\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Scott\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) - Packet Scheduler Miniport
DNS Server Search Order: 85.255.112.146
DNS Server Search Order: 85.255.112.19
DNS Server Search Order: 1.2.3.4
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F515B4D4-DF87-4744-A05D-59ECEBF4AB6B}: DhcpNameServer=85.255.112.146 85.255.112.19 1.2.3.4
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F515B4D4-DF87-4744-A05D-59ECEBF4AB6B}: DhcpNameServer=85.255.112.146 85.255.112.19 1.2.3.4
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F515B4D4-DF87-4744-A05D-59ECEBF4AB6B}: DhcpNameServer=85.255.112.146 85.255.112.19 1.2.3.4
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.146 85.255.112.19 1.2.3.4
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.146 85.255.112.19 1.2.3.4
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.146 85.255.112.19 1.2.3.4
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Blacklight Log
11/01/08 08:20:50 [Info]: BlackLight Engine 2.2.1092 initialized
11/01/08 08:20:50 [Info]: OS: 5.1 build 2600 (Service Pack 3)
11/01/08 08:20:50 [Note]: 7019 4
11/01/08 08:20:50 [Note]: 7005 0
11/01/08 08:20:57 [Note]: 7006 0
11/01/08 08:20:57 [Note]: 7011 3776
11/01/08 08:20:57 [Note]: 7035 0
11/01/08 08:20:57 [Note]: 7026 0
11/01/08 08:20:57 [Note]: 7026 0
11/01/08 08:21:02 [Note]: FSRAW library version 1.7.1024
11/01/08 08:37:57 [Note]: 2000 1012
11/01/08 08:37:57 [Note]: 2000 1012
11/01/08 08:50:31 [Note]: 7007 0
HiJack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:08, on 11/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NoAdware5] "C:\Program Files\NoAdware5.0\NoAdware5.exe" :Min:
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 7195 bytes
Uninstall List
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
AOL Uninstaller (Choose which Products to Remove)
Apache Air Assault
Apple Mobile Device Support
Apple Software Update
AQUAZONE Seven Seas Deluxe
ArcSoft PhotoImpression
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
Avery® Wizard 2.1 for Microsoft® Word 2002
BHA B's Recorder GOLD 5.09
CA Anti-Virus
CA Anti-Virus
CarFileTool
CCleaner (remove only)
C-Media WDM Audio Driver
CNET Download Manager
Conflict Desert Storm II
Desert Storm
Dirt Track Racing 2
DivX
EA SPORTS online 2008
EasyGPS
Enhanced Sound Card Driver 8.0
EPSON Smart Panel
EPSON TWAIN 5
FP3 Player
Full Tilt Poker
Guillemot Hardware Inspector
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hoyle Casino 5
HP Image Zone 3.5
HP PhotoSmart 210/215 Camera Software (by ArcSoft)
HP PSC & OfficeJet 3.5
HP Software Update
ICQ
iDEN GPS Upgrade Utility
ieSpell
ImageMate 8 in 1 Read/Writer (SDDR-88)
ImageMixer for Sony
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_06
K-litePro 3.0.0.0
Learn2 Player (Uninstall Only)
Logitech Gaming Software
Logitech ImageStudio
Madden NFL 08
Malwarebytes' Anti-Malware
MapSend Streets and Destinations USA
Masque Slots - IGT and MultiPlay Video Poker
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
MicroStaff WINASPI
Monster Jam
MSN Messenger 7.5
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NASCAR® Racing 2003 Season
Nero 7 Essentials
NoAdware v5.0
Outlook Express Quick Backup
overland
Paint Shop Pro 5.01
Paltalk
Panda ActiveScan 2.0
petty_43_01 Screen Saver
PhotoStreamer 2
PhotoWorks Plus
Picaboo 2.0.406
Pro Pilkki 2
Pure Networks Port Magic
QuickTime
RealPlayer
Realtek AC'97 Audio
Registry Mechanic 6.0
Replay AV 8
Replay Converter 2.8
Replay Media Catcher
Replay Media Catcher
Replay Media Splitter 1.4
Replay Music 2.51
Replay Player
Replay Screencast 1.21
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Shockwave
SmartSight nDVR Client 3.0
SnagIt 7
Sony USB Driver
Spyware Doctor 5.0
Thrustmapper
Thrustmaster Calibration Tool
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
WD Diagnostics
WildTangent Web Driver
Windows Backup Utility
Windows Communication Foundation
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Media 8 Encoding Utility
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Support Tools
Windows Workflow Foundation
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
WinZip
WONplay
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool
YH-920 Driver & Utilities
PC runs fine but the MSN/Windows update issue remains unchanged.
I will be out of town on business from now until Next Saturday 11/8/08 without access to this computer. I appreciate your assistance and patience.
QUOTE (Odd dude @ Nov 1 2008, 08:33 AM) 
Hi again Fire926
SmitfraudFix
Download SmitfraudFix, save it to your desktop, and run it.
Select option 1 - Search by typing 1 and then pressing Enter. The tool will then begin to scan your computer. When it finishes, it creates a log in the root of your drive, with a name of Rapport.txt This report is accessible by clicking Start :arrow: Run, then entering the following and pressing Enter:
Please post the contents of rapport.txt in your next reply
Blacklight
Download F-Secure Blacklight to the root of your drive (usually C:\).
Please post back:
- Smitfraudfix log
- Blacklight log
- New Hijackthis log
- Uninstall list I asked for in my previous post
- How is the PC running now?
SmitfraudFix
Download SmitfraudFix, save it to your desktop, and run it.
Select option 1 - Search by typing 1 and then pressing Enter. The tool will then begin to scan your computer. When it finishes, it creates a log in the root of your drive, with a name of Rapport.txt This report is accessible by clicking Start :arrow: Run, then entering the following and pressing Enter:
CODE
\rapport.txt
Please post the contents of rapport.txt in your next reply
Blacklight
Download F-Secure Blacklight to the root of your drive (usually C:\).
- Click Start :arrow: Run and copy & paste the following:CODE\fsbl /expert
- Then click OK
- Click I accept the agreement, then Scan to start the scan
- After the scan has finished, EXIT Blacklight. Do not choose to rename any items, because legitimate items might be present!
- Post the fsbl-xxxxxxx.log logfile that was made (can be found in the same directory as Blacklight). xxxxxxx are numbers representing the current date.
Please post back:
- Smitfraudfix log
- Blacklight log
- New Hijackthis log
- Uninstall list I asked for in my previous post
- How is the PC running now?
Hi again Fire926,
There are some programs that must be uninstalled. I have provided a clarification when suitable.
To uninstall a program: Click Start > Control Panel > Add/Remove programs. Select the program to be uninstalled and click Remove.
The following are related to malware and should be uninstalled:
Full Tilt Poker
Paltalk
WONplay
The following was until recently listed as a rogue product:
NoAdware 5.0
The following I do not recognize - if you don't recognize it either you should uninstall it:
petty_43_01 Screen Saver
The following is a risk to use - the registry is very tolerant of orphans and the risk of accidentally breaking something is high:
Registry Mechanic 6.0
The following is considered a 'gray area'-item; it is not technically spyware but can be considered unwanted. If you don't use it, uninstall it:
WildTangent Web Driver
The following are outdated and are now a security risk, so please uninstall:
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_06
The following item is an optional removal, but recommended, as it can bring malware along if you don't use it carefully:
K-litePro 3.0.0.0
OK, next start Hijackthis, put a check next to these and click Fix checked:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [NoAdware5] "C:\Program Files\NoAdware5.0\NoAdware5.exe" :Min:
O24 - Desktop Component 0: Privacy Protection - (no file)
Copy/paste this to notepad:
Save it to your desktop as "ODCheckIt.bat", please include the quotes. Double click the file. A black box will open, and a notepad file will be created on your desktop.
The file that was created on your desktop is something I would like to see in your next post.
Also, please do the following:
Delete hijacked DNS settings using SmitfraudFix
Reset hijacked DNS settings
After performing all that, please download the latest version of Sun Java from here. The site is a bit confusing; this is what you should do:
In your next post, please post
- rapport.txt
- ODPostThis.txt (that file is located on your desktop)
- new hijackthis log
- new uninstall list
- how are things running?
There are some programs that must be uninstalled. I have provided a clarification when suitable.
To uninstall a program: Click Start > Control Panel > Add/Remove programs. Select the program to be uninstalled and click Remove.
The following are related to malware and should be uninstalled:
Full Tilt Poker
Paltalk
WONplay
The following was until recently listed as a rogue product:
NoAdware 5.0
The following I do not recognize - if you don't recognize it either you should uninstall it:
petty_43_01 Screen Saver
The following is a risk to use - the registry is very tolerant of orphans and the risk of accidentally breaking something is high:
Registry Mechanic 6.0
The following is considered a 'gray area'-item; it is not technically spyware but can be considered unwanted. If you don't use it, uninstall it:
WildTangent Web Driver
The following are outdated and are now a security risk, so please uninstall:
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_06
The following item is an optional removal, but recommended, as it can bring malware along if you don't use it carefully:
K-litePro 3.0.0.0
OK, next start Hijackthis, put a check next to these and click Fix checked:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [NoAdware5] "C:\Program Files\NoAdware5.0\NoAdware5.exe" :Min:
O24 - Desktop Component 0: Privacy Protection - (no file)
Copy/paste this to notepad:
CODE
chdir "%Userprofile%\Desktop"
dir /l/a/b "C:\Program Files\">ODPostThis.txt
del %0
dir /l/a/b "C:\Program Files\">ODPostThis.txt
del %0
Save it to your desktop as "ODCheckIt.bat", please include the quotes. Double click the file. A black box will open, and a notepad file will be created on your desktop.
The file that was created on your desktop is something I would like to see in your next post.
Also, please do the following:
Delete hijacked DNS settings using SmitfraudFix
- Start SmitfraudFix and select option 5
- If a DNS hijack has been found, choose Yes
- When finished, notepad will open with rapport.txt, please post that file in your next reply
Reset hijacked DNS settings
- Open the Control Panel by clicking Start :arrow: Control Panel
- If you're using category view, click Network and Internet Connections. (If you're not using category view, skip this step)
- Click Network Connections
- Right click your default connection
- Click Properties
- Click the Networking tab
- Double click Internet Protocol (TCP/IP)
- Click the radio button next to Obtain DNS servers automatically
- Press OK twice
- Reboot if asked
After performing all that, please download the latest version of Sun Java from here. The site is a bit confusing; this is what you should do:
- Scroll down to where it says Java Runtime Environment (JRE) 6 Update 10.
- Click the Download button to the right.
- Choose the correct Platform and Multi-language. Also, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
- Now, click Continue.
- Click on the filename under Windows Offline Installation and save it to your desktop.
- Now, close all other windows. Including Internet Explorer.
- You can now install Java by double-clicking the executable you just downloaded.
In your next post, please post
- rapport.txt
- ODPostThis.txt (that file is located on your desktop)
- new hijackthis log
- new uninstall list
- how are things running?
Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.
Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.
Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.