Jump to content

Popups and slow computer Part 2


Recommended Posts

  • Replies 82
  • Created
  • Last Reply

Top Posters In This Topic

AdvancedSetup, I ran another mbam scan today and it found something from that Trojan.Vundo. :lol: That is what I was originally infected with a few weeks ago. Howcome, the other scans that I did a couple days ago came out clean and now this one show it's infected?

Here is the log.

Malwarebytes' Anti-Malware 1.15

Database version: 842

2:04:45 PM 6/9/2008

mbam-log-6-9-2008 (14-04-45).txt

Scan type: Quick Scan

Objects scanned: 58465

Time elapsed: 26 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Root Admin

Yes, it's quite possible. The issue is that these Malware applets can create any name they want at any time so it's very difficult to track down every single one. Over time we try to find and add more from experience and submissions from others.

Please start FireFox and change the home page to this site: http://www.google.com

Then uninstall Firefox and restart the computer.

Then AFTER the reboot, NOT BEFORE. Go to this location and download a new version of FireFox. Firefox download

Then install it and run it and let me know if you're still having any pop ups from it.

Then run a new HJT Scan and post that log.

Link to post
Share on other sites

Ok...did all that. So far no popups yet. Programs still running a bit slow.

Here's the HJT log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:45:03 PM, on 6/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\McAfee\MSK\MskAgent.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab

O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

O23 - Service: McAfee Application Installer Cleanup (0108021212736068) (0108021212736068mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\010802~1.EXE (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 12433 bytes

Link to post
Share on other sites

  • Root Admin

Please run the following.

Download
Deckard's System Scanner (DSS)
to your
Desktop
.

Note: You must be logged onto an account with administrator privileges.

  1. Close
    all applications and windows.
  2. Double-click
    on
    dss.exe
    to run it, and follow the prompts.

  3. When the scan is complete, two text files will open -
    main.txt
    <- this one will be maximized
    and
    extra.txt
    <-this one will be minimized

  4. Copy
    (Ctrl+A then Ctrl+C)
    and paste
    (Ctrl+V)
    the contents of
    main.txt
    and the extra.txt to your post in your reply

What DSS will do:

  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.

  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Notes:

The first time that the Deckard scanner is run, the extra.txt is generated in a minimized window. The second time you will not obtain the extra.txt. You must go to
Start
=>
Run
and copy the following
"%userprofile%\desktop\dss.exe" /config
in the line and click OK You will receive a pop-up box with options to check for the Main log and Extra Log and Options.

Then run this.

  • Click on START - RUN and type in CMD and press the Enter key. Then press the ENTER key after running the below entry in the DOS box.
  • DIR C:\ /AD /AH /AS /AR /AA /A /O:G /O:N /S >C:\MBALLFILES.TXT


  • When completed please please ZIP up this file C:\MBALLFILES.TXT and send it to me in a PM

How To Use Compressed (Zipped) Folders in Windows XP

aboutzip

Link to post
Share on other sites

I have the main.txt log but it won't let me get that extra txt. I get an error when I type that in the start-run line. I am going to send you that zipped file in a PM now.

Here is the main text log.

Deckard's System Scanner v20071014.68

Run by Sandi on 2008-06-09 17:43:02

Computer is in Normal Mode.

--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis (run as Sandi.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:43:49 PM, on 6/9/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\McAfee\MSK\MskAgent.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Sandi\Desktop\Computer Tools\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Sandi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab

O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

O23 - Service: McAfee Application Installer Cleanup (0108021212736068) (0108021212736068mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\010802~1.EXE (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 12343 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 15:36:04 0 d-------- C:\Documents and Settings\Sandi\Application Data\Mozilla

2008-05-28 21:16:54 0 d-------- C:\Documents and Settings\Alex\Application Data\Adobe

2008-05-28 21:16:09 0 d-------- C:\Documents and Settings\Alex\Application Data\SiteHound

2008-05-27 13:40:44 0 d-------- C:\Documents and Settings\Lee\Application Data\SiteHound

2008-05-27 13:26:14 0 d-------- C:\Documents and Settings\Lee\Application Data\Malwarebytes

2008-05-26 12:24:40 0 d-------- C:\Documents and Settings\TEMP\Application Data\SUPERAntiSpyware.com

2008-05-26 12:01:44 0 d-------- C:\Documents and Settings\TEMP\Application Data\Malwarebytes

2008-05-26 08:47:00 0 dr-h----- C:\Documents and Settings\Sandi\Recent

2008-05-26 08:09:45 0 d-------- C:\Program Files\Mozilla Thunderbird

2008-05-26 06:12:09 0 d-------- C:\Documents and Settings\TEMP\Application Data\Thunderbird

2008-05-25 17:26:39 0 d-------- C:\Documents and Settings\Sandi\Application Data\Thunderbird

2008-05-24 16:20:08 0 d-------- C:\Documents and Settings\TEMP\Application Data\SiteHound

2008-05-24 13:48:35 0 d-------- C:\Program Files\Lavasoft

2008-05-24 05:59:08 68096 --a------ C:\WINDOWS\zip.exe

2008-05-24 05:59:08 49152 --a------ C:\WINDOWS\VFind.exe

2008-05-24 05:59:08 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

2008-05-24 05:59:08 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

2008-05-24 05:59:08 98816 --a------ C:\WINDOWS\sed.exe

2008-05-24 05:59:08 80412 --a------ C:\WINDOWS\grep.exe

2008-05-24 05:59:08 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-05-24 05:59:07 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>

2008-05-23 12:54:33 0 d-------- C:\WINDOWS\BDOSCAN8

2008-05-23 09:11:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-05-23 09:11:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-05-22 21:43:50 0 d-------- C:\Program Files\limewire

2008-05-22 21:28:15 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy

2008-05-22 15:30:26 0 d-------- C:\Program Files\Panda Security

2008-05-22 08:08:03 0 d-------- C:\Documents and Settings\Sandi\Application Data\SiteHound

2008-05-22 08:07:53 0 d-------- C:\Program Files\FireTrust

2008-05-22 06:28:20 0 d-------- C:\Documents and Settings\TEMP\Application Data\WinPatrol

2008-05-21 06:22:32 0 d-------- C:\Program Files\EsetOnlineScanner

2008-05-17 06:36:51 0 d-------- C:\Program Files\SpywareGuard

2008-05-16 16:41:34 636 --a------ C:\delete.bat

2008-05-16 16:36:51 0 d-------- C:\NoLopBackups

2008-05-16 14:46:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-05-16 14:45:44 0 d-------- C:\Program Files\SUPERAntiSpyware

2008-05-16 14:45:43 0 d-------- C:\Documents and Settings\Sandi\Application Data\SUPERAntiSpyware.com

2008-05-15 12:01:04 0 d-------- C:\Program Files\EULAlyzer

2008-05-15 08:20:41 0 d-------- C:\Documents and Settings\Sandi\Application Data\WinPatrol

2008-05-15 08:20:32 0 d-------- C:\Program Files\BillP Studios

2008-05-15 08:05:22 0 d-------- C:\WINDOWS\Prefetch

2008-05-15 07:59:24 0 d-------- C:\WINDOWS\system32\scripting

2008-05-15 07:59:23 0 d-------- C:\WINDOWS\l2schemas

2008-05-15 07:59:22 0 d-------- C:\WINDOWS\system32\en

2008-05-15 07:59:22 0 d-------- C:\WINDOWS\system32\bits

2008-05-15 07:56:29 0 d-------- C:\WINDOWS\ServicePackFiles

2008-05-15 07:46:48 0 d-------- C:\WINDOWS\EHome

2008-05-14 12:54:02 0 d-------- C:\Program Files\Common Files\Java

2008-05-14 10:40:18 0 d-------- C:\Documents and Settings\Sandi\Application Data\Malwarebytes

2008-05-14 10:39:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-14 10:39:50 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-14 09:31:31 0 d-------- C:\VundoFix Backups

2008-05-14 08:17:24 0 d-------- C:\Program Files\Trend Micro

2008-05-14 07:38:44 0 d-------- C:\Program Files\SpywareBlaster

2008-05-14 06:38:53 0 d-------- C:\Documents and Settings\Sandi\.housecall6.6

2008-05-13 20:32:39 0 d-------- C:\WINDOWS\system32\Logs

2008-05-13 19:21:33 0 dr-h----- C:\Documents and Settings\TEMP\Recent

2008-05-12 21:32:27 0 d-------- C:\hegames

2008-05-10 15:47:28 0 d-------- C:\Documents and Settings\Sandi\Application Data\DivX

2008-05-10 10:52:35 0 d-------- C:\Program Files\Netflix

-- Find3M Report ---------------------------------------------------------------

2008-06-09 12:24:33 0 d-------- C:\Documents and Settings\Sandi\Application Data\SiteAdvisor

2008-06-02 05:38:56 0 d-------- C:\Program Files\McAfee

2008-05-26 14:06:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-05-24 19:13:35 0 d-------- C:\Program Files\mIRC

2008-05-22 21:28:16 0 d-------- C:\Program Files\Common Files\Scanner

2008-05-22 21:28:00 0 d-------- C:\Program Files\Yahoo!

2008-05-22 15:30:32 4158 --a------ C:\WINDOWS\mozver.dat

2008-05-21 21:27:32 0 d-------- C:\Program Files\SiteAdvisor

2008-05-20 21:47:50 0 d-------- C:\Program Files\Microsoft Silverlight

2008-05-16 16:20:25 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-05-15 07:59:45 0 d-------- C:\Program Files\Messenger

2008-05-15 07:59:21 0 d-------- C:\Program Files\Movie Maker

2008-05-15 07:56:14 0 d-------- C:\Program Files\Windows NT

2008-05-14 12:54:47 0 d-------- C:\Program Files\Java

2008-05-14 12:54:02 0 d-------- C:\Program Files\Common Files

2008-05-10 13:55:22 0 d-------- C:\Documents and Settings\Sandi\Application Data\dvdcss

2008-05-08 07:35:46 0 d-------- C:\Program Files\Dell

2008-04-29 15:40:03 0 d-------- C:\Documents and Settings\Sandi\Application Data\Adobe

2008-03-13 16:50:50 577536 --a------ C:\WINDOWS\SiteHoundServer.dll <Not Verified; Firetrust Limited.; SiteHound>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 10:05 PM]

"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 06:20 PM C:\WINDOWS\stsystra.exe]

"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [01/17/2007 04:30 PM]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [08/24/2007 05:57 PM]

"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [02/01/2005 03:00 PM]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [04/25/2008 01:31 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="" []

"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 10:59 AM]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/08/2008 12:26 PM]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]

C:\Documents and Settings\Sandi\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 5:45:42 AM]

SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 4:40:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 04:39 PM 294400]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/24/2008 08:32 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 11/14/2007 04:31 PM 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.EXE" -b

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

eapsvcs eaphost

dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

napagent

hkmsvc

-- End of Deckard's System Scanner: finished at 2008-06-09 17:46:10 ------------

Link to post
Share on other sites

No problem, I totally understand when life calls. :lol:

Just wanted to let you know I have been using IE as my browser because firefox still gets the occasional adzgalore popups. When you had me delete firefox the other day, I don't think it fully removed the program. I went into add/remove programs to remove it and then downloaded it from the mozilla site like you told me but after I installed it, I noticed that it still had all of the history from previous days in there. If the program was a clean install, shouldn't there be no history?

I will wait for further instructions.

Link to post
Share on other sites

  • Root Admin

Please follow these steps in the EXACT ORDER GIVEN

First start a DOS prompt again.

Click on START - RUN and type in CMD then press the Enter key.

Then type in the following commands followed by pressing the Enter key.

attrib -r -a -s -h C:\*.tmp /s
DEL "C:\*.TMP" /S

Make sure you TYPE the above entry CORRECTLY - there is no space after the * for the *.TMP - Doing this wrong will delete all files on your system

Download CCleaner from here to clean temp files from your computer.

  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location.
  • Under Install Options, choose all the default settings except I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.
  • Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items. Click on Issues and make sure Registry Integrity is UNchecked!
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • After CCleaner has completed its process, click Exit.

Please go into the Add/Remove and remove FireFox again, then remove the folders below

After (not before) the system has been cleaned up then go download a new fresh copy of FireFox

Temporarily uninstall Malwarebytes from the Add/Remove applet in Control Panel

You may want to remove all the Google items in your Add/Remove as well since this FireFox removal will break some of that. Then when we're done you can reinstall the Google stuff.

Please delete the following folders after running the above items

  • C:\38a84861d0b7e4fb12
  • C:\VETlog.dmp
  • C:\VETlog.txt
  • C:\VundoFix.txt
  • C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla
  • C:\Documents and Settings\Alex\Application Data\Mozilla
  • You may want to copy these BOOKMARK files first somewhere safe before removing the folder
  • C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\fjsd3jr7.default\bookmarks.html
  • C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\8v270zaa.default\bookmarks.html
  • C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\1gmhhbjy.default\bookmarks.html
  • C:\Documents and Settings\All Users\Application Data\Google
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes
  • C:\Documents and Settings\Lee\Application Data\Malwarebytes
  • C:\Documents and Settings\Lee\Application Data\Mozilla
  • C:\Documents and Settings\Lee\Recent\ {delete all the links here}
  • C:\Documents and Settings\Sandi\Application Data\Malwarebytes
  • C:\Documents and Settings\Sandi\Application Data\Mozilla

Click on START - RUN and type in ComboFix /U and remove ComboFix

The file list you attached is not complete. It does not list the Programs folder or the Windows folder and sub-folders of which the Windows folder is the most important one.

Please remove the items above. Reboot and then reinstall new versions of

FIREFOX

MALWAREYBYTES

GOOGLE TOOLBAR

Update Malwarebytes and do another FULL scan and and a new HJT log and post back both of those, as well as a list of files in the Windows folder.

DIR C:\Windows\*.* /AD /AH /AS /AR /AA /A /O:G /O:N /S  >C:\WindowsFiles.txt

Then zip and upload that files as well.

.

Link to post
Share on other sites

I have a couple of questions about that code, especially the one where you said it could delete all my files. That is scaring me. does the word DEL have to be in caps? How many spaces after DEL and before "C and also how many spaces before the /S Maybe you can type it out exactly so I can just copy and paste it.

What about those other two codes? Can you type those out for me too exactly how I should put it in the command line. I really don't want to mess any of this up because then I'll have more problems than I do now.

Thanks,

Sandi

Link to post
Share on other sites

  • Root Admin

Copy the text from the CODE box below starting with the line @ECHO OFF and paste it into a new NOTEPAD document

(you must use NOTEPAD - do not use Word or Wordpad)

Then select save and in the Save as type: click the down arrow and select All Files and save the file to C:\NOTMPS.BAT

@ECHO OFF
attrib -r -a -s -h C:\*.tmp /s
DEL "C:\*.TMP" /S
DIR C:\Windows\*.* /AD /AH /AS /AR /AA /A /O:G /O:N /S >C:\WindowsFiles.txt
ECHO All done removing TMP files...
ECHO Also created the file WindowsFiles.txt for uploading to MB site
ECHO.
pause

Then you can locate and double-click on the file C:\NOTMPS.BAT and it should run and say something like:

All done removing TMP files... Press any key to continue...

This batch file will also create the C:\WindowsFiles.txt that I requested. When done please find that file and zip it up and attach it to your next reply.

.

Link to post
Share on other sites

Copy the text from the CODE box below starting with the line @ECHO OFF and paste it into a new NOTEPAD document

(you must use NOTEPAD - do not use Word or Wordpad)

Then select save and in the Save as type: click the down arrow and select All Files and save the file to C:\NOTMPS.BAT

@ECHO OFF

attrib -r -a -s -h C:\*.tmp /s

DEL "C:\*.TMP" /S

DIR C:\Windows\*.* /AD /AH /AS /AR /AA /A /O:G /O:N /S >C:\WindowsFiles.txt

ECHO All done removing TMP files...

ECHO Also created the file WindowsFiles.txt for uploading to MB site

ECHO.

pause

Then you can locate and double-click on the file C:\NOTMPS.BAT and it should run and say something like:

All done removing TMP files... Press any key to continue...

This batch file will also create the C:\WindowsFiles.txt that I requested. When done please find that file and zip it up and attach it to your next reply.

.

After I do all this stuff....do I then do the other instructions on the previous page?

I just want to make sure that I have all of your instructions correct.

Link to post
Share on other sites

  • Root Admin

You need to create it

Then select save and in the Save as type: click the down arrow and select All Files and save the file to C:\NOTMPS.BAT

Please take your time and read the original as well as this last post. Maybe print it out if that makes more sense to read it easily.

Link to post
Share on other sites

You need to create it

Please take your time and read the original as well as this last post. Maybe print it out if that makes more sense to read it easily.

I am taking my time. I did print out the instructions. I created that file in the C Drive and when I double click it, the black command line box opens up but nothing happens. Nothing ran. I did it twice just to make sure but still nothing.

Link to post
Share on other sites

  • Root Admin

STEP 1

Download
CCleaner
from
here
to clean temp files from your computer.

  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click
    OK
    , then
    next
    .

  • Read the license agreement and click
    I Agree
    .

  • Click
    next
    to use the default install location.

  • Under Install Options, choose all the default settings except
    I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.

  • Click
    Install
    then
    finish
    to complete installation.

  • Double click the
    CCleaner
    shortcut on the desktop to start the program.

  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).

  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.

  • Click on the "Options" icon at the left side of the window, then click on "Advanced."

    deselect
    "Only delete files in Windows Temp folders older than 48 hours."

  • Caution:
    It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
    Click on Issues and make sure Registry Integrity is UNchecked!

  • Click on the "Cleaner" icon on the left side of the window, then click
    Run Cleaner
    to run the program.

  • After
    CCleaner
    has completed its process, click
    Exit.

STEP 2

Please go into the Add/Remove and remove
FireFox
again

After (not before) the system has been cleaned up then go download a new fresh copy of FireFox

Temporarily uninstall Malwarebytes from the Add/Remove applet in Control Panel

You may want to remove all the Google items in your Add/Remove as well since this FireFox removal will break some of that. Then
when we're done
you can reinstall the Google stuff.

STEP 3

Download the attached zip file named
SANDI.ZIP
and open and run the file
SANDI.BAT
inside it by double clicking it. It should take a minute or so to run.

This is a batch file that will do most of the work for you.

STEP 4

Please delete the following folders
after
uninstalling FireFox and the Google applications

Make sure the folder
C:\MBSAVE
exists and has the bookmark files before proceeding

If the folder C:\MBSAVE does not have the names of your family and their bookmarks then don't continue

REMOVE the following folders if all is okay up to this point and you've uninstalled FireFox and Google
  • C:\Documents and Settings\Alex\Local Settings\Application Data\Mozilla
  • C:\Documents and Settings\Alex\Application Data\Mozilla

  • C:\Documents and Settings\All Users\Application Data\Google

  • C:\Documents and Settings\All Users\Application Data\Malwarebytes

  • C:\Documents and Settings\Lee\Application Data\Malwarebytes

  • C:\Documents and Settings\Lee\Application Data\Mozilla

  • C:\Documents and Settings\Lee\Recent\ {delete all the links here}

  • C:\Documents and Settings\Sandi\Application Data\Malwarebytes

  • C:\Documents and Settings\Sandi\Application Data\Mozilla

STEP 5

Click on
START - RUN
and type in
ComboFix /U
and remove ComboFix

STEP 6

Please remove the items above. Reboot and then reinstall new versions of

STEP 7

Update Malwarebytes and do another FULL scan and and a new HJT log and post back both of those logs

STEP 8

Zip and upload the file
C:\WindowsFiles.txt
along with your next post

.

sandi.zip

sandi.zip

Link to post
Share on other sites

Ok....did everything you told me to. When I reinstalled firefox I'm still getting those adzgalore popups.

The Mbam scan came totally clean. Here is the log from HijackThis. I tried to attach that zipped WindowsFiles.txt but it says it's too large.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:12:42 AM, on 6/16/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\McAfee\MSK\MskAgent.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\PROGRA~1\Comodo\CBOClean\BOC426.EXE

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Comodo\CBOClean\BOCORE.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [bOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.EXE

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab

O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 12388 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.