• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Gcambert33

HIjackThis log help

8 posts in this topic

Logfile of HijackThis v1.99.1

Scan saved at 6:50:44 PM, on 6/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe

C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Wireless-G USB Network Adapter\WLService.exe

C:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe

C:\WINDOWS\surfmonkey\smproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\STEM32~1\mshta.exe

C:\Documents and Settings\Gabriel\My Documents\??sembly\m?config.exe

C:\Program Files\EarthLink TotalAccess\TaskPanl.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\Gabriel\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {1C97684F-D7F1-F820-8458-AC7F136AD59A} - C:\WINDOWS\system32\osqweu.dll (file missing)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {039CA9EF-4F56-6187-2690-65834CADCD98} - C:\WINDOWS\system32\hdwzrvf.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll

O2 - BHO: (no name) - {1C97684F-D7F1-F820-8458-AC7F136AD59A} - C:\WINDOWS\system32\osqweu.dll (file missing)

O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll

O2 - BHO: (no name) - {530946B0-F80D-DEDB-2CF4-D3F8F8E2CFEE} - C:\WINDOWS\system32\vzopttq.dll (file missing)

O2 - BHO: (no name) - {530946B0-F80F-DED8-2CF6-D6F888E6CF98} - C:\WINDOWS\system32\vzopttq.dll (file missing)

O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_01\bin\ssv.dll (file missing)

O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll

O2 - BHO: (no name) - {E65F4A43-F7A6-882C-8A0B-8CADAF9070EA} - C:\WINDOWS\system32\qyup.dll

O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll

O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe" /tray

O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [GChelper] c:\Program Files\Group Calendar\GChelper.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [Jjvmbp] C:\WINDOWS\system32\j?vaw.exe

O4 - HKCU\..\Run: [Ncao] "C:\PROGRA~1\STEM32~1\mshta.exe" -vt ndrv

O4 - HKCU\..\Run: [Lcc] "C:\Documents and Settings\Gabriel\Application Data\??pPatch\s?anregw.exe"

O4 - HKCU\..\Run: [suhjxqkc] "C:\Documents and Settings\Gabriel\My Documents\??sembly\m?config.exe"

O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129065023012

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: ADSService - Aluria Software, a division of EarthLink, Inc. - C:\Program Files\Common Files\ADS\ADSService.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe

O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe" EarthLinkSafeConnectAgent (file missing)

O23 - Service: ELNK Update Service (ELNKUpdateService) - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: ProtectionService - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe

O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe" "WUSB54G.exe (file missing)

 

 

 

 

 

 

 

help?!

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi Gcambert33,

 

Welcome to SWI Forums and sorry for our delay in replying to your log.

 

First download AVG Anti-Spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

  1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan .

You are running HijackThis in Winzip which after running will delete HijackThis and any backups that it may have created. Please extract it to its own folder. To create a folder:

  • Go to My Documents.
  • Right-click and select New> Folder.
  • Name the folder as "HijackThis".
  • Extracy HijackThis into this folder.
  • Run a scan and post a fresh HijackThis log.

Edited by tj416

Share this post


Link to post
Share on other sites

AVG results:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 12:37:16 PM 6/20/2007

 

+ Scan result:

 

 

 

C:\WINDOWS\oviabxc.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).

HKU\.DEFAULT\Software\BTGrab -> Adware.BetterInternet : Cleaned with backup (quarantined).

HKU\S-1-5-18\Software\BTGrab -> Adware.BetterInternet : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\axuninstall.exe -> Adware.BlazeFind : Cleaned with backup (quarantined).

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00F1D395-4744-40F0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00F1D395-4744-40F0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2B8.tmp -> Adware.EZula : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2B9.tmp -> Adware.EZula : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2BC.tmp -> Adware.EZula : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\topsys.exe -> Adware.EZula : Cleaned with backup (quarantined).

HKU\.DEFAULT\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).

HKU\.DEFAULT\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).

HKU\.DEFAULT\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).

HKU\S-1-5-18\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).

HKU\S-1-5-18\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).

HKU\S-1-5-18\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

C:\Program Files\ISTsvc -> Adware.ISTBar : Cleaned with backup (quarantined).

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} -> Adware.LinkMaker : Cleaned with backup (quarantined).

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} -> Adware.LinkMaker : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\oins.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).

C:\Documents and Settings\Gabriel\My Documents\аѕsembly\mѕconfig.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\Program Files\Outerinfo\OiUninstaller.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP447\A0078720.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP449\A0078745.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP466\A0079134.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP466\A0079135.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP467\A0079150.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP467\A0079151.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP484\A0081082.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP484\A0081083.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP501\A0082931.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP501\A0082932.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP501\A0082933.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP515\A0086417.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP517\A0086484.exe -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\qxrftldh.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\qyup.dll -> Adware.PurityScan : Cleaned with backup (quarantined).

C:\Program Files\SearchRelevant\SearchRelevant.dll -> Adware.Relevance : Cleaned with backup (quarantined).

C:\temp\SAHPackage.exe -> Adware.Sahat : Cleaned with backup (quarantined).

HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup (quarantined).

HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned with backup (quarantined).

C:\Program Files\SideFind -> Adware.SideFind : Cleaned with backup (quarantined).

C:\Program Files\SideFind\update -> Adware.SideFind : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP500\A0082917.dll -> Adware.Suggestor : Cleaned with backup (quarantined).

C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup (quarantined).

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-F09C-02B4-6EC2-AD0300000000} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-F09C-02B4-6EC2-AD0300000000} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).

C:\WINDOWS\Downloaded Program Files\istactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2.tmp -> TrackingCookie.2o7 : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq3.tmp -> TrackingCookie.7search : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.

C:\Documents and Settings\Gabriel\Local Settings\Temp\Cookies\gabriel@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq87.tmp -> TrackingCookie.Adserver : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq78.tmp -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq8.tmp -> TrackingCookie.Advertising : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqB.tmp -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqC.tmp -> TrackingCookie.Atdmt : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqE.tmp -> TrackingCookie.Bfast : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq10.tmp -> TrackingCookie.Bluestreak : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1C.tmp -> TrackingCookie.Bridgetrack : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq13.tmp -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq14.tmp -> TrackingCookie.Casalemedia : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq15.tmp -> TrackingCookie.Casalemedia : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq16.tmp -> TrackingCookie.Centrport : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1D.tmp -> TrackingCookie.Clickagents : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@cliks[2].txt -> TrackingCookie.Cliks : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1E.tmp -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq21.tmp -> TrackingCookie.Coremetrics : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq7D.tmp -> TrackingCookie.Coremetrics : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq22.tmp -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq23.tmp -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Gabriel\Local Settings\Temp\Cookies\gabriel@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2E.tmp -> TrackingCookie.Euniverseads : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq9.tmp -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppqA.tmp -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq30.tmp -> TrackingCookie.Fastclick : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq31.tmp -> TrackingCookie.Fastclick : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq32.tmp -> TrackingCookie.Findwhat : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq35.tmp -> TrackingCookie.Gator : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq36.tmp -> TrackingCookie.Gator : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq25.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq26.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq27.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq28.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq29.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2A.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2B.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2C.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2D.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@ehg-comcast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq6E.tmp -> TrackingCookie.Internetfuel : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq6F.tmp -> TrackingCookie.Linksynergy : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq71.tmp -> TrackingCookie.Mediaplex : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq73.tmp -> TrackingCookie.Pro-market : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq74.tmp -> TrackingCookie.Qksrv : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq75.tmp -> TrackingCookie.Questionmarket : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq76.tmp -> TrackingCookie.Realmedia : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.

C:\Documents and Settings\LocalService\Cookies\system@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq77.tmp -> TrackingCookie.Revenue : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq24.tmp -> TrackingCookie.Ru4 : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq12.tmp -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq79.tmp -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq7A.tmp -> TrackingCookie.Sexlist : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq1F.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq20.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq86.tmp -> TrackingCookie.Shopathomeselect : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq7B.tmp -> TrackingCookie.Specificclick : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq7C.tmp -> TrackingCookie.Targetnet : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq7E.tmp -> TrackingCookie.Tradedoubler : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq7F.tmp -> TrackingCookie.Trafficmp : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq80.tmp -> TrackingCookie.Trafficmp : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq81.tmp -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq82.tmp -> TrackingCookie.Valueclick : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.

C:\Documents and Settings\Gabriel\Local Settings\Temp\Cookies\gabriel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq88.tmp -> TrackingCookie.Zedo : Cleaned.

C:\WINDOWS\Temp\Cookies\gabriel@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP447\A0078723.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP466\A0079138.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP467\A0079154.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP484\A0081086.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP501\A0082936.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP515\A0086420.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\wtsicom.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\SYSTEM32\wtssvtr.exe -> Trojan.Small : Cleaned with backup (quarantined).

 

 

::Report end

 

 

 

 

 

 

 

 

 

 

 

 

HijackThis results:

 

Logfile of HijackThis v1.99.1

Scan saved at 1:20:46 PM, on 6/20/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe

C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Wireless-G USB Network Adapter\WLService.exe

C:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe

C:\WINDOWS\surfmonkey\smproxy.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\PROGRA~1\STEM32~1\mshta.exe

C:\Program Files\EarthLink TotalAccess\TaskPanl.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\AuthFw.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Documents and Settings\Gabriel\My Documents\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie...ton/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie...ton/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {1C97684F-D7F1-F820-8458-AC7F136AD59A} - C:\WINDOWS\system32\osqweu.dll (file missing)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {039CA9EF-4F56-6187-2690-65834CADCD98} - C:\WINDOWS\system32\hdwzrvf.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll

O2 - BHO: (no name) - {1C97684F-D7F1-F820-8458-AC7F136AD59A} - C:\WINDOWS\system32\osqweu.dll (file missing)

O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll

O2 - BHO: (no name) - {530946B0-F80D-DEDB-2CF4-D3F8F8E2CFEE} - C:\WINDOWS\system32\vzopttq.dll (file missing)

O2 - BHO: (no name) - {530946B0-F80F-DED8-2CF6-D6F888E6CF98} - C:\WINDOWS\system32\vzopttq.dll (file missing)

O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_01\bin\ssv.dll (file missing)

O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll

O2 - BHO: (no name) - {E65F4A43-F7A6-882C-8A0B-8CADAF9070EA} - C:\WINDOWS\system32\qyup.dll (file missing)

O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll

O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe" /tray

O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [GChelper] c:\Program Files\Group Calendar\GChelper.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [Jjvmbp] C:\WINDOWS\system32\j?vaw.exe

O4 - HKCU\..\Run: [Ncao] "C:\PROGRA~1\STEM32~1\mshta.exe" -vt ndrv

O4 - HKCU\..\Run: [Lcc] "C:\Documents and Settings\Gabriel\Application Data\??pPatch\s?anregw.exe"

O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129065023012

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: ADSService - Aluria Software, a division of EarthLink, Inc. - C:\Program Files\Common Files\ADS\ADSService.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe

O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe" EarthLinkSafeConnectAgent (file missing)

O23 - Service: ELNK Update Service (ELNKUpdateService) - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: ProtectionService - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe" "WUSB54G.exe (file missing)

 

 

 

 

 

 

Help!

Thanks

Share this post


Link to post
Share on other sites

Hi Gcambert33,

 

You may want to print out these instructions or save them to your desktop as a text file with Notepad because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.

 

Go to Start -> Settings -> Control Panel -> Add/Remove Programs and uninstall (if present):

Surf Monkey

 

Then, open HijackThis, run a scan and check these items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {1C97684F-D7F1-F820-8458-AC7F136AD59A} - C:\WINDOWS\system32\osqweu.dll (file missing)

 

O2 - BHO: (no name) - {039CA9EF-4F56-6187-2690-65834CADCD98} - C:\WINDOWS\system32\hdwzrvf.dll (file missing)

O2 - BHO: (no name) - {1C97684F-D7F1-F820-8458-AC7F136AD59A} - C:\WINDOWS\system32\osqweu.dll (file missing)

O2 - BHO: (no name) - {530946B0-F80D-DEDB-2CF4-D3F8F8E2CFEE} - C:\WINDOWS\system32\vzopttq.dll (file missing)

O2 - BHO: (no name) - {530946B0-F80F-DED8-2CF6-D6F888E6CF98} - C:\WINDOWS\system32\vzopttq.dll (file missing)

O2 - BHO: (no name) - {E65F4A43-F7A6-882C-8A0B-8CADAF9070EA} - C:\WINDOWS\system32\qyup.dll (file missing)

 

O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe

O4 - HKCU\..\Run: [Jjvmbp] C:\WINDOWS\system32\j?vaw.exe

O4 - HKCU\..\Run: [Ncao] "C:\PROGRA~1\STEM32~1\mshta.exe" -vt ndrv

O4 - HKCU\..\Run: [Lcc] "C:\Documents and Settings\Gabriel\Application Data\??pPatch\s?anregw.exe"

 

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

 

If you didn't set these restrictions using a program like Spybot's TeaTimer or if your Administrator didn't set them, check these items too.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Now please close all windows and browsers, except HijackThis, and have HijackThis fix them by clicking on Fix Checked.

 

Then, reboot in Safe mode. To reboot in Safe mode:

Restart your computer and immediately begin tapping the F8 key on your keyboard. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

 

You will need to configure Windows XP to show all files and folders.

  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Then, delete these folders (if present):

C:\WINDOWS\surfmonkey

C:\PROGRA~1\STEM32~1 - This folder begins with STEM32 and is in a folder starting with PROGRA.

 

Then, reboot (in the normal mode).

 

Then, copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

dir C:\WINDOWS\system32\j?vaw.exe /a h > files.txt

dir C:\Documents and Settings\Gabriel\Application Data\??pPatch /a h >> files.txt

notepad files.txt

Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here along with a new HiJackThis log.

Edited by tj416

Share this post


Link to post
Share on other sites

Notepad results:

 

Volume in drive C has no label.

Volume Serial Number is 704D-AC53

 

Directory of C:\WINDOWS\system32

 

 

Directory of C:\Documents and Settings\Gabriel\Desktop

 

 

 

 

 

 

 

 

 

HijackThis results:

 

Logfile of HijackThis v1.99.1

Scan saved at 4:50:46 PM, on 6/20/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe

C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Wireless-G USB Network Adapter\WLService.exe

C:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\EarthLink TotalAccess\TaskPanl.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Gabriel\My Documents\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie...ton/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie...ton/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll

O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll

O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_01\bin\ssv.dll (file missing)

O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll

O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll

O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Earthlink Protection Control Center] "C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\elnk_pcc2.exe" /tray

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [GChelper] c:\Program Files\Group Calendar\GChelper.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129065023012

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: ADSService - Aluria Software, a division of EarthLink, Inc. - C:\Program Files\Common Files\ADS\ADSService.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe

O23 - Service: EarthLinkSafeConnectAgent - Unknown owner - C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe" EarthLinkSafeConnectAgent (file missing)

O23 - Service: ELNK Update Service (ELNKUpdateService) - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: ProtectionService - EarthLink, Inc. - C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe" "WUSB54G.exe (file missing)

 

 

 

 

 

 

 

HELP!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0