Jump to content


Photo

Sluggish and Pop-ups


  • This topic is locked This topic is locked
34 replies to this topic

#1 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 13 June 2007 - 09:27 PM

I have been getting on pop-up evertime I log on to my computer. I'm not sure where it is from. I also get transferred to different search sites everytime I click on a link in google. My computer is extremely slow. Please help. Here is my AVG report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:16:34 PM 6/13/2007

+ Scan result:



C:\System Volume Information\_restore{015F9C6B-3427-4DFB-9B03-C41AF729ECF8}\RP1048\A0062422.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{015F9C6B-3427-4DFB-9B03-C41AF729ECF8}\RP1071\A0063191.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1770027372-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1770027372-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
C:\WINDOWS\browser.exe -> Hijacker.Small : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.29:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.35:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.37:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.38:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.39:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.40:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.41:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.42:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Paulie\Cookies\paulie@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Paulie\Cookies\paulie@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.61:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp -> TrackingCookie.Addynamix : Cleaned.
:mozilla.32:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.94:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.95:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.96:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.97:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.68:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> TrackingCookie.Advertising : Cleaned.
:mozilla.84:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp -> TrackingCookie.Atdmt : Cleaned.
:mozilla.85:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.183:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.200:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.48:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.121:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.123:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.57:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.58:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Paulie\Cookies\paulie@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.65:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.112:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.113:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.114:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.115:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.116:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.29:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.38:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.39:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.40:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrackingCookie.Fastclick : Cleaned.
:mozilla.77:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.78:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.79:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.86:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.87:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.88:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> TrackingCookie.Hitbox : Cleaned.
:mozilla.80:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.81:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.191:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.192:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Liveperson : Cleaned.
:mozilla.188:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Tina\Local Settings\Temp\Cookies\tina@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.74:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.103:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.104:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.105:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.107:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.106:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.132:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.31:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.32:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.33:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.34:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.66:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.67:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.72:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Pointroll : Cleaned.
:mozilla.118:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.119:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.120:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Tina\Cookies\tina@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> TrackingCookie.Ru4 : Cleaned.
:mozilla.10:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.11:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.120:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.122:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.12:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.15:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.8:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.9:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Specificclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Tina\Cookies\tina@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Tina\Cookies\tina@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.100:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.101:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.102:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.103:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.104:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.138:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.139:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.140:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.141:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.142:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.143:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.144:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.145:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.98:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.99:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.105:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.106:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.107:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.108:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.109:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.110:C:\Documents and Settings\Paulie\Application Data\Netscape\NSB\Profiles\7mecyioy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.178:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.179:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.180:C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Zedo : Cleaned.


::Report end

Here is my hijack this report:

Logfile of HijackThis v1.99.1
Scan saved at 8:41:18 PM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Tina\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
N4 - Mozilla: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {610FB8B8-2427-4375-BCF9-2F7AE17173A6} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124758975312
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{22252045-B675-4C68-AC0D-0A2AD78A05D3}: NameServer = 85.255.116.152,85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.152 85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{22252045-B675-4C68-AC0D-0A2AD78A05D3}: NameServer = 85.255.116.152,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.152 85.255.112.8
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Please Help!!!! THank you so much. Christina

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 16 June 2007 - 06:31 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 17 June 2007 - 04:01 PM

Welcome to the forum :wave:

I apologize for the delay getting to you, the helpers here are all volunteers and we have been very busy here lately.

Please download Smitfraudfix . If you have previously downloaded Smitfraudfix, please delete that version and download the new one.
Then double click Smitfraudfix.exe. Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present, after a few minutes).
Please copy/paste the content of that report into your next reply.
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#4 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 17 June 2007 - 04:12 PM

Thank you. Here is the report that you asked me to run.

SmitFraudFix v2.195

Scan done at 16:10:09.60, Sun 06/17/2007
Run from C:\Documents and Settings\Tina\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tina


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tina\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Tina\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdruf.exe"

kdruf.exe detected !


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 85.255.116.152
DNS Server Search Order: 85.255.112.8

HKLM\SYSTEM\CCS\Services\Tcpip\..\{22252045-B675-4C68-AC0D-0A2AD78A05D3}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{22252045-B675-4C68-AC0D-0A2AD78A05D3}: NameServer=85.255.116.152,85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4CBEAFC8-D39D-4831-AA32-ADF18D4EB72B}: DhcpNameServer=85.255.116.152,85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{22252045-B675-4C68-AC0D-0A2AD78A05D3}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{22252045-B675-4C68-AC0D-0A2AD78A05D3}: NameServer=85.255.116.152,85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4CBEAFC8-D39D-4831-AA32-ADF18D4EB72B}: DhcpNameServer=85.255.116.152,85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{22252045-B675-4C68-AC0D-0A2AD78A05D3}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{22252045-B675-4C68-AC0D-0A2AD78A05D3}: NameServer=85.255.116.152,85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4CBEAFC8-D39D-4831-AA32-ADF18D4EB72B}: DhcpNameServer=85.255.116.152,85.255.112.8
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.152 85.255.112.8
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.152 85.255.112.8
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.152 85.255.112.8


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#5 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 17 June 2007 - 04:35 PM

* Please download FixwareOut from one of the following sites:
http://www.bleepingc.../Fixwareout.exe
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

A log will open after reboot please post that log for review as well as a fresh HijackThis log.
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#6 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 17 June 2007 - 05:36 PM

Okay, here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 5:33:38 PM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Tina\My Documents\HijackThis.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\YUM\yum.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
N4 - Mozilla: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {610FB8B8-2427-4375-BCF9-2F7AE17173A6} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124758975312
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

And, here is the other from fixware



Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdruf.exe"

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.


Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kdruf.ren 66454 08/04/2004

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"
"DeviceDiscovery"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"BJPD HID Control"="C:\\Program Files\\Canon\\BJPV\\TVMon.exe"
"BJLaunchEXE"="C:\\Program Files\\Canon\\BJCard\\BJLaunch.exe"
"MoneyStartUp10.0"="\"C:\\Program Files\\Microsoft Money\\System\\Activation.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe"
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"CaAvTray"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\Yahoo!\\Antivirus\\CAVRID.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"YSearchProtection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

#7 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 17 June 2007 - 08:26 PM

That looks better :thumbsup:

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

REBOOT afterwards!

Then let me know how your computer is running now and if you are still having any symptoms.
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#8 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 17 June 2007 - 09:45 PM

Well, I can now use google search and get to that direct site instead of to another search site. So, that is great! However, my computer is still extremely slow at start-up and also to load any application, including the internet. I don't have any sound coming from my computer, I can't use any media program. It either acts like I'm not giving it the command to play, and when I try to use real play I get this message:

*Cannot open the audio device. Another application may be using it. I have been getting these messages saying that windows cannot find software for Multimedia Audio Controller. I click for it to check windows update and it doesn't find anything. There is an other folder under my Device Manager and inside it is the Multimedia Audio Controller with a question mark. I'm not sure what this is, but I'm pretty sure this is why I can't here anything.

I also have a blank search box that is popping us everytime I start-up the computer. I'm sorry, but this is soooo frustrating. I thank you sooooo much for all of your help.

#9 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 17 June 2007 - 10:21 PM

Okay, so I fixed the sound on my own. So, no need to worry about that. :D I had to use my dell resources cd and reinstall the driver. I'm interested to know how it just disappeared all of a sudden though. Thanks!

#10 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 17 June 2007 - 10:35 PM

Are you still having problems with other multimedia programs and the blank search box?
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#11 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 18 June 2007 - 05:37 AM

No, once I reinstalled the driver the other multimedia programs started to work again. However, the blank search box is still appearing.

#12 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 18 June 2007 - 09:16 PM

Could you take a screen shot of it and upload it somewhere so I can see this box?
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#13 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 18 June 2007 - 09:44 PM

My Webpage

#14 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 18 June 2007 - 09:46 PM

I don't think that is going to work. I can't figure out how to get it on this screen.

#15 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 19 June 2007 - 08:50 PM

I got your screen shot. That is one I haven't seen before. When did this start? While you were infected or after running fixes?

[*]Run HijackThis, Choose "Do a system scan only" and checkmark the box next to the following entries.O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (file missing)
[*]Close all other windows and browsers, then click "Fix Checked".

How is the computer speed still abnormally slow? And did that start when you became infected as well? or has it happened slowly over time?
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#16 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 19 June 2007 - 09:50 PM

Well, I ran hijackthis and removed the file, but that didn't make any difference. This box started appearing after I was infected. The computer became extremely slow after infection too. It is still really slow, but not as slow as it was.

#17 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 20 June 2007 - 12:34 AM

Did you install AVG-AS after you were infected? If so, let's go ahead and uninstall it, recently it has been slowing people down a little. Let it remove the reports and quarantine files.

Go to Start->Control Panel->Add or Remove Programs and uninstall AVG Antispyware.

Please reboot your computer and then lets run another scan to see if anything else is hiding.

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply along with a fresh HijackThis log.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#18 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 20 June 2007 - 07:21 PM

ComboFix 07-06-18.2
"Tina" - 2007-06-20 19:10:49 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\msxml3a.dll


((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))


2007-06-20 19:09 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 22:06 545,024 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-06-17 22:06 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-06-17 22:06 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2007-06-17 22:06 4,816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-06-17 22:06 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys
2007-06-17 22:06 <DIR> d-------- C:\Program Files\Analog Devices
2007-06-17 17:22 6,962 --a------ C:\dnsbak.reg
2007-06-17 16:10 4,804 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-17 16:08 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-17 16:08 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-17 16:08 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-17 16:07 <DIR> d-------- C:\DOCUME~1\Tina\SmitfraudFix
2007-06-13 20:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-13 20:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-13 18:50 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-12 22:02 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-06-04 21:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-03 17:26 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-03 17:23 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-05-26 07:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-25 17:06 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-05-25 17:06 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-05-25 17:06 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-05-25 17:06 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-05-25 17:06 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-05-25 17:06 5,632 --a------ C:\WINDOWS\system32\kbd103.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-20 22:17:08 13,300 ----a-w C:\WINDOWS\mozver.dat
2007-06-20 21:13:40 630,432 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-06-20 21:13:39 108,624 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-06-18 03:06:38 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-15 22:18:28 -------- d-----w C:\Program Files\PokerStars
2007-06-15 16:38:52 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-15 16:38:52 -------- d-----w C:\Program Files\AIM
2007-06-14 23:14:59 -------- d-----w C:\Program Files\AIM6
2007-06-05 02:20:33 -------- d-----w C:\DOCUME~1\Tina\APPLIC~1\Lavasoft
2007-06-05 02:15:41 -------- d-----w C:\Program Files\Lavasoft
2007-05-27 19:04:51 -------- d-----w C:\Program Files\Yahoo!
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 23:17:05 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-07 03:55:00 -------- d-----w C:\Program Files\Las Vegas Casino
2007-05-04 23:54:46 -------- d-----w C:\DOCUME~1\Tina\APPLIC~1\Yahoo!
2007-05-02 02:41:36 -------- d-----w C:\Program Files\Symantec
2007-05-02 02:41:33 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-02 02:40:34 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-02 02:35:33 -------- d-----w C:\Program Files\Google
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-22 20:47:35 46,344 ----a-w C:\WINDOWS\NSSetDefaultBrowser.EXE
2006-10-05 00:11:25 88 --sh--r C:\WINDOWS\system32\5C77CF5ECF.sys
2006-10-05 00:11:38 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll [2007-03-20 16:39]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:29]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}=C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 17:07]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}=C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 10:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"BJPD HID Control"="C:\Program Files\Canon\BJPV\TVMon.exe" [2003-05-07 13:15]
"BJLaunchEXE"="C:\Program Files\Canon\BJCard\BJLaunch.exe" [2003-04-30 16:31]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-12 21:24]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-08-17 19:55]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-08-12 10:03]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-08-12 10:03]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-07 19:52]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49]
"Aim6"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 20:42]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 17:10]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-06-20 23:46:57 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-20 19:15:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn

scan completed successfully
hidden files: 2

**************************************************************************

Completion time: 2007-06-20 19:16:58
C:\ComboFix-quarantined-files.txt ... 2007-06-20 19:16

--- E O F ---


Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 7:20:38 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Tina\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
N4 - Mozilla: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {610FB8B8-2427-4375-BCF9-2F7AE17173A6} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124758975312
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#19 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 20 June 2007 - 07:50 PM

ComboFix 07-06-18.2
"Tina" - 2007-06-20 19:10:49 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\msxml3a.dll


((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))


2007-06-20 19:09 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 22:06 545,024 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-06-17 22:06 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-06-17 22:06 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2007-06-17 22:06 4,816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-06-17 22:06 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys
2007-06-17 22:06 <DIR> d-------- C:\Program Files\Analog Devices
2007-06-17 17:22 6,962 --a------ C:\dnsbak.reg
2007-06-17 16:10 4,804 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-17 16:08 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-17 16:08 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-17 16:08 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-17 16:07 <DIR> d-------- C:\DOCUME~1\Tina\SmitfraudFix
2007-06-13 20:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-13 20:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-13 18:50 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-12 22:02 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-06-04 21:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-03 17:26 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-03 17:23 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-05-26 07:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-25 17:06 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-05-25 17:06 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-05-25 17:06 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-05-25 17:06 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-05-25 17:06 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-05-25 17:06 5,632 --a------ C:\WINDOWS\system32\kbd103.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-20 22:17:08 13,300 ----a-w C:\WINDOWS\mozver.dat
2007-06-20 21:13:40 630,432 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-06-20 21:13:39 108,624 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-06-18 03:06:38 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-15 22:18:28 -------- d-----w C:\Program Files\PokerStars
2007-06-15 16:38:52 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-15 16:38:52 -------- d-----w C:\Program Files\AIM
2007-06-14 23:14:59 -------- d-----w C:\Program Files\AIM6
2007-06-05 02:20:33 -------- d-----w C:\DOCUME~1\Tina\APPLIC~1\Lavasoft
2007-06-05 02:15:41 -------- d-----w C:\Program Files\Lavasoft
2007-05-27 19:04:51 -------- d-----w C:\Program Files\Yahoo!
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 23:17:05 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-07 03:55:00 -------- d-----w C:\Program Files\Las Vegas Casino
2007-05-04 23:54:46 -------- d-----w C:\DOCUME~1\Tina\APPLIC~1\Yahoo!
2007-05-02 02:41:36 -------- d-----w C:\Program Files\Symantec
2007-05-02 02:41:33 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-02 02:40:34 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-05-02 02:35:33 -------- d-----w C:\Program Files\Google
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-22 20:47:35 46,344 ----a-w C:\WINDOWS\NSSetDefaultBrowser.EXE
2006-10-05 00:11:25 88 --sh--r C:\WINDOWS\system32\5C77CF5ECF.sys
2006-10-05 00:11:38 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll [2007-03-20 16:39]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 16:29]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}=C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 17:07]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}=C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 10:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"BJPD HID Control"="C:\Program Files\Canon\BJPV\TVMon.exe" [2003-05-07 13:15]
"BJLaunchEXE"="C:\Program Files\Canon\BJCard\BJLaunch.exe" [2003-04-30 16:31]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-12 21:24]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-08-17 19:55]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-08-12 10:03]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-08-12 10:03]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-07 19:52]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 10:49]
"Aim6"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 20:42]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 17:10]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-06-20 23:46:57 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-20 19:15:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn

scan completed successfully
hidden files: 2

**************************************************************************

Completion time: 2007-06-20 19:16:58
C:\ComboFix-quarantined-files.txt ... 2007-06-20 19:16

--- E O F ---


Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 7:20:38 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Tina\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
N4 - Mozilla: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Tina\Application Data\Mozilla\Profiles\default\k2jtgsdr.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {610FB8B8-2427-4375-BCF9-2F7AE17173A6} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124758975312
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#20 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 21 June 2007 - 08:31 PM

[*]Open notepad and copy and paste the text inside the following code box into it:

regedit /e sec.txt "HKEY_CLASSES_ROOT\Directory\shell"
type sec.txt>>report.txt
notepad report.txt
del /q sec.txt
del /q report.txt
  • Save the file to the desktop as export.bat and make sure the "Save as Type" field says "All Files".
  • Then please go to the desktop and double-click on export.bat, a log file will open in notepad, post it's contents here.

[*]Please make sure that you can view all hidden files.
  • Click "Start"->"My Computer".
  • From the "Tools" menu, click "Folder Options".
  • Select the View Tab.
  • Under "Hidden files and folders" select "Show hidden files and folders".
  • Uncheck the "Hide protected operating system files (recommended)" option.
  • Click "Yes" to confirm.
  • Click "Ok".
[*]Please upload the following file to Jotti virus scan.C:\WINDOWS\system32\5C77CF5ECF.sys
[/list]
  • Post the results back into this thread.

<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#21 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 21 June 2007 - 08:53 PM

export.bat report is:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell]
@="none"

[HKEY_CLASSES_ROOT\Directory\shell\find]
"SuppressionPolicy"=dword:00000080

[HKEY_CLASSES_ROOT\Directory\shell\find\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00

[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec]
@="[FindFolder(\"%l\", %I)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec\application]
@="Folders"

[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec\topic]
@="AppProperties"

[HKEY_CLASSES_ROOT\Directory\shell\FinePix]
@="Open by FinePixViewer"

[HKEY_CLASSES_ROOT\Directory\shell\FinePix\Command]
@="\"C:\\Program Files\\FinePixViewer\\FinePixViewer.exe\" \"%1\""

[HKEY_CLASSES_ROOT\Directory\shell\FinePixPrint]
@="Print with FinePixViewer"

[HKEY_CLASSES_ROOT\Directory\shell\FinePixPrint\Command]
@="\"C:\\Program Files\\FinePixViewer\\FinePixViewer.exe\" /p \"%1\""



Jotti's report results:

Service load: 0% 100%

File: 5C77CF5ECF.sys
Status: OK
MD5: f5844ab2485b3e953d17a38e61d7bdfc
Packers detected: -
Bit9 reports: File not found

#22 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 21 June 2007 - 09:28 PM

Was there more information to the jotti report? Something that looked kinda like this:

AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found Downloader.Generic2.TFP
BitDefender
Found Trojan.Downloader.Agent.APP
ClamAV
Found Trojan.Downloader.Small-2854
Dr.Web
Found Trojan.DownLoader.14120
F-Prot Antivirus
Found W32/Goldun.NK
Fortinet
Found W32/Dloader.AYT!tr.dldr
Kaspersky Anti-Virus
Found Trojan.Win32.Small.kn
NOD32
Found Win32/TrojanDownloader.Small.NPO
Norman Virus Control
Found W32/DLoader.BAOZ
VirusBuster
Found nothing
VBA32
Found nothing

If so please post that part too.
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#23 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 21 June 2007 - 09:41 PM

Okay, I just reran the scan, and here are the results:

Scan taken on 22 Jun 2007 02:32:13 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing



However, at the bottom it says this:

Statistics
Last file scanned at least one scanner reported something about: darkmo0n.exe (MD5: aaf73d38a4f52481cf8535c06a5dee03, size: 78336 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir SPR/PSW.PassV.162.1
ArcaVir X
Avast X
AVG Antivirus X
BitDefender Generic.PWStealer.D140172E
ClamAV Trojan.Spy-517
Dr.Web Tool.MessenPass
F-Prot Antivirus X
F-Secure Anti-Virus Trojan-Spy.Win32.Agent.in
Fortinet X
Kaspersky Anti-Virus Trojan-Spy.Win32.Agent.in
NOD32 Win32/Spy.Agent.IN
Norman Virus Control Sandbox: W32/FileInfector
Panda Antivirus X
Rising Antivirus X
VirusBuster X
VBA32 SpamTool.Agent.1

#24 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 22 June 2007 - 07:20 PM

The bottom part does not apply to your file. So that file appears to be fine.

I am temporarily out of ideas on the search window problem, let me talk to some of the experts here and see if they have any other ideas.
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#25 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 22 June 2007 - 07:27 PM

Okay, thanks for your help. I really appreciate it.

#26 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 22 June 2007 - 07:55 PM

I actually thought of one more thing to try before asking the others.

Restart you computer so that search window opens, then in that window, go to View->Toolbars, and check Address Bar. Then click the arrow next to the word search in the address bar and scroll up. Starting from C:\ , please list all the folders down to and including search. They are probably different than the ones in my example, but it will give you an idea what I am looking for.

See the linked picture for an example.
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#27 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 22 June 2007 - 08:31 PM

Okay, this is what I found

C:\Program Files\Yahoo!\Search
CD DRive (d:)
CD-RW Drive (e)
Control Panel
Shared Docs
Paulie's Docs
My Network Places
Recycle Bin
My eMusic
Unused Desktop Shortcuts

#28 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 22 June 2007 - 08:53 PM

Ok, I think something is broken with yahoo search. Please get me the following log, so I can try to determine which part of yahoo to uninstall. You can always reinstall it later if you want.

[*]Please run HijackThis.
  • Choose Open the Misc Tools section.
  • Choose Open Uninstall Manager....
  • Choose Save list.., save it to a convenient place.

<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#29 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 22 June 2007 - 08:59 PM

I will probably have to reinstall it as I use AT&T, or SBCglobal.net for my internet. Anyway, here is the list...

Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Reader 7.0.7
AIM 6
AIM 6.0
Alltel Jump Music 1.0.0
AOL Instant Messenger
ArcSoft Funhouse
Art Explosion Greeting Card Factory Express
AT&T Self Support Tool
AT&T Yahoo! Applications
Canon Camera Window for ZoomBrowser EX
Canon i475D
Canon Photo Viewer
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Conexant SmartHSFi V92 56K DF PCI Modem
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Easy CD Creator 5 Basic
Easy-WebPrint
FinePixViewer Ver.4.2
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp deskjet 3500
hp deskjet 3500 series
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
HP Software Update
HP Update
ImageMixer VCD2 for FinePix
Intel® PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Java™ SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Las Vegas Casino
Macromedia Shockwave Player
Memory Card Utility
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
MicroStaff WINASPI
Netscape Browser (remove only)
Norton Spyware Scan provided by Yahoo!
Norton WMI Update
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
PokerStars
QuickTime
RAW FILE CONVERTER LE
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
SoundMAX
Spybot - Search & Destroy 1.4
Symantec Network Driver Update
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update Manager
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Browser Services
Yahoo! Search Protection

#30 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 22 June 2007 - 09:29 PM

Go to Start->Control Panel->Add or Remove Programs and uninstall the following:

Yahoo! Search Protection

While you are there you should also uninstall the following outdated versions of Java, the outdated versions make you more suseptible to certain infections:

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05

Then reboot and let me know if you still have the seach window problem, if so we may have to look at other yahoo programs.
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#31 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 22 June 2007 - 10:19 PM

Well, that fixed the search box. Thank you sooo much. You have been such a great help. By the way, the AVG scanner found quite a few problems on my computer. Would it be safe for me to reinstall it and use it?

#32 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 22 June 2007 - 10:29 PM

I am glad that worked :D

Yes it is safe to reinstall AVG-AntiSpyware, I was just concerned it might be slowing you down. After the trial period ends it will not provide real-time protection and will not automatically update, so you can either do manual updates like we did before and run scans or purchase the program at the end of the trial.
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#33 costorga

costorga

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 22 June 2007 - 10:34 PM

Great, thank you so much. You are a lifesaver!

#34 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 22 June 2007 - 10:51 PM

Your Welcome :D


Below I have included a couple recommendations for how to protect your computer in order to prevent future malware infections.

[*]Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows.
  • I suggest you visit this site often or you can turn on automatic updates.
[*]Please make sure to run your antivirus software regularly, and to keep it up-to-date.If your subscription is expired let me know and I can recommend some alternatives.
[*] In order to protect yourself against spyware, you may also want to consider installing and running the following free programs:
  • Spybot-Search & Destroy
    A tutorial on using Spybot to remove spyware from your computer may be found here.
  • SpywareBlaster
    A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
    Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.
[*]Finally if you do not already have one, consider maintaining a firewall.[*]Please also read Tony Klein's excellent article: How I got Infected in the First Place
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#35 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 01 July 2007 - 12:38 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button