• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
Harley123

Adware: TVMediaDisplay

21 posts in this topic

Windows Defender reports "Adware: Win32/TVMediaDisplay".

I read the FAQ's and followed instructions:

a. Installed and ran AVG Anti-Spyware 7.5. Log enclosed.

b. Installed and ran Hijack This. Log enclosed.

c. Updated and ran Ad-Aware.

d. Updated and ran Spybot.

 

My computer uses Windows XP, SP2.

I haven't noticed an increase in pop-ups or a decrease in speed or performance.

 

Thank you for your help.

 

 

 

 

-----------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 9:41:09 PM 6/29/2007

 

+ Scan result:

 

 

 

C:\RECYCLER\NPROTECT\01043286.TXT -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd goldstein@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.

C:\RECYCLER\NPROTECT\01043340.TXT -> TrackingCookie.Adserver : Cleaned.

C:\RECYCLER\NPROTECT\01043283.TXT -> TrackingCookie.Advertising : Cleaned.

C:\RECYCLER\NPROTECT\01043285.TXT -> TrackingCookie.Advertising : Cleaned.

C:\RECYCLER\NPROTECT\01043291.TXT -> TrackingCookie.Advertising : Cleaned.

C:\RECYCLER\NPROTECT\01043325.TXT -> TrackingCookie.Advertising : Cleaned.

C:\RECYCLER\NPROTECT\01043292.TXT -> TrackingCookie.Atdmt : Cleaned.

C:\RECYCLER\NPROTECT\01043293.TXT -> TrackingCookie.Atdmt : Cleaned.

C:\RECYCLER\NPROTECT\01043294.TXT -> TrackingCookie.Bfast : Cleaned.

C:\RECYCLER\NPROTECT\01043297.TXT -> TrackingCookie.Bluemountain : Cleaned.

C:\RECYCLER\NPROTECT\01043298.TXT -> TrackingCookie.Bluestreak : Cleaned.

C:\RECYCLER\NPROTECT\01043300.TXT -> TrackingCookie.Bridgetrack : Cleaned.

C:\RECYCLER\NPROTECT\01043302.TXT -> TrackingCookie.Bridgetrack : Cleaned.

C:\RECYCLER\NPROTECT\01043301.TXT -> TrackingCookie.Centrport : Cleaned.

C:\RECYCLER\NPROTECT\01043303.TXT -> TrackingCookie.Commission-junction : Cleaned.

C:\RECYCLER\NPROTECT\01043336.TXT -> TrackingCookie.Commission-junction : Cleaned.

C:\RECYCLER\NPROTECT\01043305.TXT -> TrackingCookie.Coremetrics : Cleaned.

C:\RECYCLER\NPROTECT\01043306.TXT -> TrackingCookie.Dealtime : Cleaned.

C:\RECYCLER\NPROTECT\01043329.TXT -> TrackingCookie.Dealtime : Cleaned.

C:\RECYCLER\S-1-5-21-1092955589-2281530263-1118204768-1007\Dc387.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\RECYCLER\S-1-5-21-1092955589-2281530263-1118204768-1007\Dc388.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\RECYCLER\S-1-5-21-1092955589-2281530263-1118204768-1007\Dc389.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\RECYCLER\NPROTECT\01043313.TXT -> TrackingCookie.Fastclick : Cleaned.

C:\RECYCLER\NPROTECT\01043314.TXT -> TrackingCookie.Fastclick : Cleaned.

C:\RECYCLER\NPROTECT\01043315.TXT -> TrackingCookie.Fastclick : Cleaned.

C:\RECYCLER\NPROTECT\01043316.TXT -> TrackingCookie.Gator : Cleaned.

C:\RECYCLER\NPROTECT\01043335.TXT -> TrackingCookie.Gator : Cleaned.

C:\RECYCLER\NPROTECT\01043308.TXT -> TrackingCookie.Hitbox : Cleaned.

C:\RECYCLER\NPROTECT\01043309.TXT -> TrackingCookie.Hitbox : Cleaned.

C:\RECYCLER\NPROTECT\01043310.TXT -> TrackingCookie.Hitbox : Cleaned.

C:\RECYCLER\NPROTECT\01043317.TXT -> TrackingCookie.Hitbox : Cleaned.

C:\RECYCLER\NPROTECT\01043318.TXT -> TrackingCookie.Linksynergy : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd_goldstein@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd_goldstein@sec1.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.

C:\RECYCLER\NPROTECT\01043327.TXT -> TrackingCookie.Liveperson : Cleaned.

C:\RECYCLER\NPROTECT\01043319.TXT -> TrackingCookie.Mediaplex : Cleaned.

C:\RECYCLER\NPROTECT\01043320.TXT -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd goldstein@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@search.msn[3].txt -> TrackingCookie.Msn : Cleaned.

C:\Program Files\EarthLink 5.0\ljgold@mindspring.com\Cookies\lloyd@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd_goldstein@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd_goldstein@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.

C:\RECYCLER\NPROTECT\01043321.TXT -> TrackingCookie.Pointroll : Cleaned.

C:\RECYCLER\NPROTECT\01043299.TXT -> TrackingCookie.Porngraph : Cleaned.

C:\RECYCLER\NPROTECT\01043322.TXT -> TrackingCookie.Qksrv : Cleaned.

C:\RECYCLER\NPROTECT\01043337.TXT -> TrackingCookie.Qksrv : Cleaned.

C:\RECYCLER\NPROTECT\01043323.TXT -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\anyuser@www.real[1].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@home.real[2].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@realguide.real[2].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@realguide.real[3].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@realguide.real[4].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@realguide.real[5].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@realguide.real[6].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@www.real[1].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@www.real[2].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd@www.real[4].txt -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd_goldstein@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.

C:\Program Files\EarthLink 5.0\ljgold@mindspring.com\Cookies\lloyd@home.real[2].txt -> TrackingCookie.Real : Cleaned.

C:\Program Files\EarthLink 5.0\ljgold@mindspring.com\Cookies\lloyd@realguide.real[6].txt -> TrackingCookie.Real : Cleaned.

C:\RECYCLER\NPROTECT\01043324.TXT -> TrackingCookie.Real : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd_goldstein@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.

C:\RECYCLER\NPROTECT\01043307.TXT -> TrackingCookie.Ru4 : Cleaned.

C:\RECYCLER\NPROTECT\01043304.TXT -> TrackingCookie.Sextracker : Cleaned.

C:\RECYCLER\NPROTECT\01043328.TXT -> TrackingCookie.Sextracker : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd_goldstein@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.

C:\RECYCLER\NPROTECT\01043288.TXT -> TrackingCookie.Specificpop : Cleaned.

C:\RECYCLER\NPROTECT\01043289.TXT -> TrackingCookie.Specificpop : Cleaned.

C:\RECYCLER\NPROTECT\01043332.TXT -> TrackingCookie.Trafficmp : Cleaned.

C:\RECYCLER\NPROTECT\01043333.TXT -> TrackingCookie.Tribalfusion : Cleaned.

C:\RECYCLER\NPROTECT\01043287.TXT -> TrackingCookie.Valuead : Cleaned.

C:\RECYCLER\NPROTECT\01043326.TXT -> TrackingCookie.Valuead : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd_goldstein@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Lloyd Goldstein\Cookies\lloyd_goldstein@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.

C:\RECYCLER\NPROTECT\01043330.TXT -> TrackingCookie.Webtrendslive : Cleaned.

C:\RECYCLER\NPROTECT\01043338.TXT -> TrackingCookie.X10 : Cleaned.

C:\RECYCLER\NPROTECT\01043339.TXT -> TrackingCookie.X10 : Cleaned.

C:\RECYCLER\NPROTECT\01043341.TXT -> TrackingCookie.Zedo : Cleaned.

 

 

::Report end

 

Logfile of HijackThis v1.99.1

Scan saved at 2:03:48 PM, on 6/29/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\bin\tgcmd.exe

C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\WINDOWS\System32\DSentry.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

C:\WINDOWS\System32\dllhost.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\PROGRA~1\INCRED~1\bin\IncMail.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tr.earthlink.net/t/lnk?id=1031551&a.../home/software/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: ElnkScamBHO Class - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll

O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [tgcmd] "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [sSRunScript] "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

O4 - HKCU\..\Run: [QuickenScheduledUpdates] \bagent.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -winstart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bcont.exe" /flow /flow=diagnosenetwork /confirmfixused=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=0f52506f-6e39-4dfd-b0bf-2aad762f3323

O4 - Startup: Shortcut to BBLauncher.exe.lnk = C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Billminder.lnk = C:\BILLMIND.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Quicken Startup.lnk = C:\QWDLLS.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk

O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126816509781

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.eaglesonar.com/Downloads/Emulat..._480/isetup.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://74.229.68.165/activex/AxisCamControl.ocx

O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D0} (EZListings) - http://www.therealyellowpageslive.net/live/ezlistng.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/Lig...loadControl.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup...p1/imloader.cab

O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE (file missing)

O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi Harley123,

 

Welcome to SpywareInfo! :wave:

 

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

 

We need to disable your Windows Defender real-time protection as it may interfere with the fixes that we need to make.

 

To disable Windows Defender:

  • Open Windows Defender.
  • Click on Tools -> General Settings.
  • Scroll down and uncheck "Turn on real-time protection (recommended)".
  • After you uncheck this, click on the "Save" button and close Windows Defender.

 

NEXT:

 

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". This will change from what we know in 2006, read this article: http://www.clickz.com/news/article.php/3561546

 

Additional info: http://vil.nai.com/vil/content/v_137262.htm

 

I suggest you remove the program now. Go to Start -> Control Panel -> Add/Remove Programs and remove the following programs (if present):

 

Viewpoint

Viewpoint Manager

Viewpoint Media Player

Viewpoint Toolbar

 

 

If you have problems with Viewpoint regenerating after uninstallation, then please follow these instructions:

 

Open AOL and go to Help on the toolbar. Select About AOL. Next is the SECRET STEP. You must then press Ctrl + D to access a "secret" panel to disable all of the desktop and IM fancy features that are associated with viewpoint. This is the only way to prevent AOL from re-installing Viewpoint at AOL startup.

 

 

NEXT:

 

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

 

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

 

Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

 

Then please exit HijackThis.

 

 

NEXT:

 

Please go to Start -> Run and type (or copy and paste) the following lines in the "Open" field, ONE AT A TIME, then click "OK":

 

sc stop "Viewpoint Manager Service"

 

sc delete "Viewpoint Manager Service"

 

 

NEXT:

 

Using Windows Explorer (right-click your "Start" button and select "Explore"), please navigate to and delete the following FOLDERS (if they exist):

 

C:\Program Files\Viewpoint

 

 

NEXT:

 

Let's run another diagnostic scan to make sure we're not leaving anything behind.

 

Please download ComboFix by sUBs:

 

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.

  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.

 

 

NEXT:

 

Please reboot your computer normally into Windows, and then please post the ComboFix log and a new HijackThis log.

 

How are things running now?

Share this post


Link to post
Share on other sites

"Lloyd Goldstein" - 2007-07-05 11:35:19 - ComboFix 07-07-04.4 - Service Pack 2

 

 

((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))

 

 

2007-07-05 11:28 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-06-29 18:22 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys

2007-06-27 11:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fidelity Investments

2007-06-23 09:53 <DIR> d-------- C:\Program Files\Simple Sudoku

2007-06-23 09:53 <DIR> d-------- C:\DOCUME~1\LLOYDG~1\APPLIC~1\Simple Sudoku

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-04 23:29:14 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-09 14:03:22 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-07 14:52:38 1,279 ----a-w C:\WINDOWS\unins000.dat

2007-05-07 14:52:35 -------- d-----w C:\Program Files\Yahoo!

2007-04-25 14:21:15 144,896 ------w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]

2006-09-06 02:18 93400 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

2003-08-06 03:04 106548 --------- C:\WINDOWS\system32\dla\tfswshx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66252F33-BE30-4188-9199-63F2AC8BA137}]

2004-10-19 14:30 173136 --------- C:\Program Files\EarthLink TotalAccess\EScamBlk.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c1ce531-09e9-4fc5-9803-1c2956615786}]

2006-10-16 22:53 114176 --------- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-01-20 00:55 2403392 -r------- c:\program files\google\googletoolbar3.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-11-11 04:39]

"tgcmd"="C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\bin\tgcmd.exe" [2003-05-14 06:21]

"SSRunScript"="C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bin\SSRunScript.exe" [2003-02-19 17:16]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-16 22:53]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-05 17:23]

"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 03:01]

"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]

"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" []

"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 15:30]

"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 11:55]

"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" []

"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 17:39]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 22:22]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2007-06-24 13:43]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickenScheduledUpdates"="\bagent.exe" []

"Sonic RecordNow!"="" []

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 11:14]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

"CheckNetworkConnection"="C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bcont.exe" /flow /flow=diagnosenetwork /confirmfixused=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=0f52506f-6e39-4dfd-b0bf-2aad762f3323

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"=0 (0x0)

"NoRecentDocsMenu"=1 (0x1)

"NoRecentDocsHistory"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages :\WINDOWS\syste

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

*Newly Created Service* - COMHOST

*Newly Created Service* - UPS

 

Contents of the 'Scheduled Tasks' folder

2007-07-05 06:19:30 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-06-23 02:57:58 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Lloyd Goldstein.job

2007-07-03 14:03:25 C:\WINDOWS\tasks\UPS System Shutdown Program.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-05 11:38:21

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-07-05 11:40:44

 

--- E O F ---

 

Logfile of HijackThis v1.99.1

Scan saved at 12:04:58 PM, on 7/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\bin\tgcmd.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tr.earthlink.net/t/lnk?id=1031551&a.../home/software/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: ElnkScamBHO Class - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll

O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [tgcmd] "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [sSRunScript] "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [QuickenScheduledUpdates] \bagent.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -winstart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bcont.exe" /flow /flow=diagnosenetwork /confirmfixused=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=0f52506f-6e39-4dfd-b0bf-2aad762f3323

O4 - Startup: Shortcut to BBLauncher.exe.lnk = C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Billminder.lnk = C:\BILLMIND.EXE

O4 - Global Startup: Quicken Startup.lnk = C:\QWDLLS.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126816509781

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.eaglesonar.com/Downloads/Emulat..._480/isetup.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://74.229.68.165/activex/AxisCamControl.ocx

O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D0} (EZListings) - http://www.therealyellowpageslive.net/live/ezlistng.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/Lig...loadControl.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup...p1/imloader.cab

O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE (file missing)

O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

 

 

Hi, Sempurna:

Windows Defender still reports TVMediaDisplay; I can't find an AOL program to open.

Share this post


Link to post
Share on other sites

Hi Harley123, :wave

 

Windows Defender is probably flagging a stray registry entry. Could you give me some info on what it is flagging? Filepath, file name, or registry path? Thanks. :)

 

No worries about not finding AOL on your machine. Just uninstall Viewpoint and things should get better. :)

 

OK, let’s do this next.

 

Please download the Registry Search Tool and save it to your desktop:

  • Unzip (extract) it to your desktop and double-click on regsrch.vbs
    (if you have script protection, please allow this to run).
  • In the dialog that opens enter the following:
     
    TVMediaDisplay
     
     
  • Press "OK".
  • The search will run for a while, then alert you when it is finished.
  • Press "OK" and copy the contents of the WordPad window and post in this thread.

 

NEXT:

 

Please download CCleaner (freeware) and save it to your desktop:

  1. Run the CCleaner installer.
  2. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  3. Once installed, run CCleaner and click the "Windows" tab.
  4. Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

[*]Then, click the "Applications" tab:

  • CHECK everything there.

[*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

  • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".

[*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

[*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

 

 

NEXT:

 

Let's run an online scan to make sure we're not leaving anything behind.

 

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):

  1. Click on "Kaspersky Online Scanner".
  2. You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  3. The program will launch and then begin downloading the latest definition files.
  4. Once the files have been downloaded click on "Next".
  5. Now click on "Scan Settings".
  6. In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases

[*]Click "OK".

[*]Now under select a target to scan:

  • Select "My Computer".

[*]This program will start and scan your system.

[*]The scan will take a while so be patient and let it run.

[*]Once the scan is complete it will display if your system has been infected.

  • Now click on the "Save Report As" button.
  • In the "File name:" field, type kavscan.
  • In the "Save as type:" field, select "Text file (*.txt)".

[*]Save the file to your desktop.

[*]Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

 

 

NEXT:

 

Please REBOOT your computer normally into Windows and post these logs in your next reply:

  1. The log from the RegSrch scan.
  2. The log from the Kaspersky scan.
  3. A new ComboFix log.
  4. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Share this post


Link to post
Share on other sites

REGEDIT4

; RegSrch.vbs © Bill James

 

; Registry search results for string "TVMediaDisplay" 7/6/2007 2:32:20 PM

 

; NOTE: This file will be deleted when you close WordPad.

; You must manually save this file to a new location if you want to refer to it again later.

; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

 

 

[HKEY_USERS\S-1-5-21-1092955589-2281530263-1118204768-1007\Software\Microsoft\Search Assistant\ACMru\5603]

"003"="TVMediaDisplay"

Share this post


Link to post
Share on other sites

KASPERSKY ONLINE SCANNER REPORT

Friday, July 06, 2007 5:04:46 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 6/07/2007

Kaspersky Anti-Virus database records: 359149

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

 

Scan Statistics:

Total number of scanned objects: 165559

Number of viruses found: 3

Number of infected objects: 4 / 0

Number of suspicious objects: 0

Duration of the scan process: 01:39:40

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteNSE.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteUI.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-11262006-134510.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Support.com\profiles\Lloyd Goldstein\triggers.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-07-06_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45D02378.exe Infected: not-a-virus:Downloader.Win32.ImLoader.c skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63D924D9.exe Infected: not-a-virus:AdWare.Win32.TotalVelocity.a skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66721D5E.exe Infected: Trojan-Dropper.Win32.Totacity.a skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67676A51.exe Infected: not-a-virus:Downloader.Win32.ImLoader.c skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\43538438.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\7CC18C09.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\dbc2em.cf1 Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\dbc2emh.ht1 Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\dbu2dm.cf1 Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\dbu2dmh.ht1 Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\History\History.IE5\MSHist012007070620070707\index.dat Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Temp\~DFA26E.tmp Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Temp\~DFA856.tmp Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Temp\~DFA892.tmp Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\ntuser.dat Object is locked skipped

C:\Documents and Settings\Lloyd Goldstein\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Carbonite\Carbonite Backup\data\Carbonite.log Object is locked skipped

C:\Program Files\Carbonite\Carbonite Backup\data\CarboniteConfig.DAT Object is locked skipped

C:\Program Files\Carbonite\Carbonite Backup\data\CarboniteDelta.dat Object is locked skipped

C:\Program Files\Carbonite\Carbonite Backup\data\CarboniteFiles.DAT Object is locked skipped

C:\Program Files\Carbonite\Carbonite Backup\data\CarboniteRestores.DAT Object is locked skipped

C:\Program Files\Carbonite\Carbonite Backup\data\CarboniteVersions.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1359\change.log Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ329048$\reg00002 Object is locked skipped

C:\WINDOWS\$NtUninstallQ329115$\reg00002 Object is locked skipped

C:\WINDOWS\$NtUninstallQ329115$\reg00003 Object is locked skipped

C:\WINDOWS\$NtUninstallQ329390$\reg00002 Object is locked skipped

C:\WINDOWS\$NtUninstallQ329834$\reg00002 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{FFC2878B-8A12-4677-8FBB-96462367ACA1}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_10c.dat Object is locked skipped

C:\WINDOWS\Temp\T30DebugLogFile.txt Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

Share this post


Link to post
Share on other sites

"Lloyd Goldstein" - 2007-07-06 17:42:53 - ComboFix 07-07-04.4 - Service Pack 2

 

 

((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))

 

 

2007-07-06 15:17 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab

2007-07-06 14:39 <DIR> d-------- C:\Program Files\CCleaner

2007-07-05 11:28 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-06-29 18:22 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys

2007-06-27 11:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fidelity Investments

2007-06-23 09:53 <DIR> d-------- C:\Program Files\Simple Sudoku

2007-06-23 09:53 <DIR> d-------- C:\DOCUME~1\LLOYDG~1\APPLIC~1\Simple Sudoku

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-06 17:08:52 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-07-05 21:54:06 -------- d-----w C:\Program Files\CMS Peripherals

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-09 14:03:22 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-07 14:52:38 1,279 ----a-w C:\WINDOWS\unins000.dat

2007-05-07 14:52:35 -------- d-----w C:\Program Files\Yahoo!

2007-04-25 14:21:15 144,896 ------w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]

2006-09-06 02:18 93400 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

2003-08-06 03:04 106548 --------- C:\WINDOWS\system32\dla\tfswshx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66252F33-BE30-4188-9199-63F2AC8BA137}]

2004-10-19 14:30 173136 --------- C:\Program Files\EarthLink TotalAccess\EScamBlk.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c1ce531-09e9-4fc5-9803-1c2956615786}]

2006-10-16 22:53 114176 --------- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-01-20 00:55 2403392 -r------- c:\program files\google\googletoolbar3.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-11-11 04:39]

"tgcmd"="C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\bin\tgcmd.exe" [2003-05-14 06:21]

"SSRunScript"="C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bin\SSRunScript.exe" [2003-02-19 17:16]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-16 22:53]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-05 17:23]

"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 03:01]

"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]

"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" []

"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 15:30]

"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 11:55]

"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" []

"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 17:39]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 22:22]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2007-06-24 13:43]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickenScheduledUpdates"="\bagent.exe" []

"Sonic RecordNow!"="" []

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 11:14]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

"CheckNetworkConnection"="C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bcont.exe" /flow /flow=diagnosenetwork /confirmfixused=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=0f52506f-6e39-4dfd-b0bf-2aad762f3323

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"=0 (0x0)

"NoRecentDocsMenu"=1 (0x1)

"NoRecentDocsHistory"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages :\WINDOWS\syste

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

*Newly Created Service* - COMHOST

 

Contents of the 'Scheduled Tasks' folder

2007-07-06 21:27:37 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-06-23 02:57:58 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Lloyd Goldstein.job

2007-07-03 14:03:25 C:\WINDOWS\tasks\UPS System Shutdown Program.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-06 17:49:18

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-06 17:51:03

C:\ComboFix2.txt ... 2007-07-05 11:40

 

--- E O F ---

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 5:54:14 PM, on 7/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\bin\tgcmd.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tr.earthlink.net/t/lnk?id=1031551&a.../home/software/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: ElnkScamBHO Class - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll

O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [tgcmd] "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [sSRunScript] "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [QuickenScheduledUpdates] \bagent.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -winstart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bcont.exe" /flow /flow=diagnosenetwork /confirmfixused=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=0f52506f-6e39-4dfd-b0bf-2aad762f3323

O4 - Startup: Shortcut to BBLauncher.exe.lnk = C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Billminder.lnk = C:\BILLMIND.EXE

O4 - Global Startup: Quicken Startup.lnk = C:\QWDLLS.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126816509781

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.eaglesonar.com/Downloads/Emulat..._480/isetup.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://74.229.68.165/activex/AxisCamControl.ocx

O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D0} (EZListings) - http://www.therealyellowpageslive.net/live/ezlistng.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/Lig...loadControl.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup...p1/imloader.cab

O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE (file missing)

O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Share this post


Link to post
Share on other sites

Hi Harley123, :wave:

 

I’m glad to hear that Windows Defender is no longer flagging it. :)

 

Just a leftover to fix, and then we could probably let you go home. :)

 

For this next step, please ensure that ComboFix.exe is on your desktop:

  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "Registry::")
     
     
    Registry::
    [HKEY_USERS\S-1-5-21-1092955589-2281530263-1118204768-1007\Software\Microsoft\Search Assistant\ACMru\5603]
    "003"=-
    


     
     

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
     
    CFScript.gif
     
     
     
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION:

Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.

Also, please do NOT adjust your time format while ComboFix is running.

 

 

NEXT:

 

Please REBOOT your computer normally into Windows and post these logs in your next reply:

  1. The log from the ComboFix scan located at C:\ComboFix.txt.
  2. A new HijackThis log.

How are things running now?

Share this post


Link to post
Share on other sites

"Lloyd Goldstein" - 2007-07-07 11:49:08 - ComboFix 07-07-04.4 - Service Pack 2

Command switches used :: C:\Documents and Settings\Lloyd Goldstein\Desktop\CFScript.txt

 

 

((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))

 

 

2007-07-06 15:17 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab

2007-07-06 14:39 <DIR> d-------- C:\Program Files\CCleaner

2007-07-05 11:28 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-06-29 18:22 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys

2007-06-27 11:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fidelity Investments

2007-06-23 09:53 <DIR> d-------- C:\Program Files\Simple Sudoku

2007-06-23 09:53 <DIR> d-------- C:\DOCUME~1\LLOYDG~1\APPLIC~1\Simple Sudoku

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-06 17:08:52 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-07-05 21:54:06 -------- d-----w C:\Program Files\CMS Peripherals

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-09 14:03:22 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-07 14:52:38 1,279 ----a-w C:\WINDOWS\unins000.dat

2007-05-07 14:52:35 -------- d-----w C:\Program Files\Yahoo!

2007-04-25 14:21:15 144,896 ------w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]

2006-09-06 02:18 93400 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

2003-08-06 03:04 106548 --------- C:\WINDOWS\system32\dla\tfswshx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66252F33-BE30-4188-9199-63F2AC8BA137}]

2004-10-19 14:30 173136 --------- C:\Program Files\EarthLink TotalAccess\EScamBlk.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c1ce531-09e9-4fc5-9803-1c2956615786}]

2006-10-16 22:53 114176 --------- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-01-20 00:55 2403392 -r------- c:\program files\google\googletoolbar3.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-11-11 04:39]

"tgcmd"="C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\bin\tgcmd.exe" [2003-05-14 06:21]

"SSRunScript"="C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bin\SSRunScript.exe" [2003-02-19 17:16]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-16 22:53]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-05 17:23]

"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 03:01]

"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]

"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" []

"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 15:30]

"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 11:55]

"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" []

"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 17:39]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 22:22]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2007-06-24 13:43]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickenScheduledUpdates"="\bagent.exe" []

"Sonic RecordNow!"="" []

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 11:14]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

"CheckNetworkConnection"="C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bcont.exe" /flow /flow=diagnosenetwork /confirmfixused=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=0f52506f-6e39-4dfd-b0bf-2aad762f3323

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"=0 (0x0)

"NoRecentDocsMenu"=1 (0x1)

"NoRecentDocsHistory"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages :\WINDOWS\syste

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

*Newly Created Service* - COMHOST

 

Contents of the 'Scheduled Tasks' folder

2007-07-07 05:33:58 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-07-07 03:29:18 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Lloyd Goldstein.job

2007-07-03 14:03:25 C:\WINDOWS\tasks\UPS System Shutdown Program.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-07 11:51:36

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-07 11:53:50

C:\ComboFix2.txt ... 2007-07-06 17:51

C:\ComboFix3.txt ... 2007-07-05 11:40

 

--- E O F ---

Share this post


Link to post
Share on other sites

"Lloyd Goldstein" - 2007-07-07 11:49:08 - ComboFix 07-07-04.4 - Service Pack 2

Command switches used :: C:\Documents and Settings\Lloyd Goldstein\Desktop\CFScript.txt

 

 

((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))

 

 

2007-07-06 15:17 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab

2007-07-06 14:39 <DIR> d-------- C:\Program Files\CCleaner

2007-07-05 11:28 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-06-29 18:22 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys

2007-06-27 11:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fidelity Investments

2007-06-23 09:53 <DIR> d-------- C:\Program Files\Simple Sudoku

2007-06-23 09:53 <DIR> d-------- C:\DOCUME~1\LLOYDG~1\APPLIC~1\Simple Sudoku

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-06 17:08:52 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-07-05 21:54:06 -------- d-----w C:\Program Files\CMS Peripherals

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-09 14:03:22 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-07 14:52:38 1,279 ----a-w C:\WINDOWS\unins000.dat

2007-05-07 14:52:35 -------- d-----w C:\Program Files\Yahoo!

2007-04-25 14:21:15 144,896 ------w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]

2006-09-06 02:18 93400 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

2003-08-06 03:04 106548 --------- C:\WINDOWS\system32\dla\tfswshx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66252F33-BE30-4188-9199-63F2AC8BA137}]

2004-10-19 14:30 173136 --------- C:\Program Files\EarthLink TotalAccess\EScamBlk.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c1ce531-09e9-4fc5-9803-1c2956615786}]

2006-10-16 22:53 114176 --------- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-01-20 00:55 2403392 -r------- c:\program files\google\googletoolbar3.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2003-10-06 15:16 C:\WINDOWS\SYSTEM32\nwiz.exe]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-11-11 04:39]

"tgcmd"="C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\bin\tgcmd.exe" [2003-05-14 06:21]

"SSRunScript"="C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bin\SSRunScript.exe" [2003-02-19 17:16]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-10-16 22:53]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-05 17:23]

"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 03:01]

"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]

"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" []

"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 15:30]

"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 11:55]

"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" []

"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 17:39]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 22:22]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2007-06-24 13:43]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickenScheduledUpdates"="\bagent.exe" []

"Sonic RecordNow!"="" []

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 11:14]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

"CheckNetworkConnection"="C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bcont.exe" /flow /flow=diagnosenetwork /confirmfixused=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=0f52506f-6e39-4dfd-b0bf-2aad762f3323

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"=0 (0x0)

"NoRecentDocsMenu"=1 (0x1)

"NoRecentDocsHistory"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages :\WINDOWS\syste

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

*Newly Created Service* - COMHOST

 

Contents of the 'Scheduled Tasks' folder

2007-07-07 05:33:58 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-07-07 03:29:18 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Lloyd Goldstein.job

2007-07-03 14:03:25 C:\WINDOWS\tasks\UPS System Shutdown Program.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-07 11:51:36

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-07 11:53:50

C:\ComboFix2.txt ... 2007-07-06 17:51

C:\ComboFix3.txt ... 2007-07-05 11:40

 

--- E O F ---

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 12:33:06 PM, on 7/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\bin\tgcmd.exe

C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tr.earthlink.net/t/lnk?id=1031551&a.../home/software/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: ElnkScamBHO Class - {66252F33-BE30-4188-9199-63F2AC8BA137} - C:\Program Files\EarthLink TotalAccess\EScamBlk.dll

O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [tgcmd] "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf

O4 - HKLM\..\Run: [sSRunScript] "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [QuickenScheduledUpdates] \bagent.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [E6TaskPanel] C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -winstart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Documents and Settings\Lloyd Goldstein\Application Data\Support.com\Charter\bcont.exe" /flow /flow=diagnosenetwork /confirmfixused=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=0f52506f-6e39-4dfd-b0bf-2aad762f3323

O4 - Startup: Shortcut to BBLauncher.exe.lnk = C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Billminder.lnk = C:\BILLMIND.EXE

O4 - Global Startup: Quicken Startup.lnk = C:\QWDLLS.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126816509781

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.eaglesonar.com/Downloads/Emulat..._480/isetup.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://74.229.68.165/activex/AxisCamControl.ocx

O16 - DPF: {A1337CC4-FF8E-11D1-9C48-00A0CC20E0D0} (EZListings) - http://www.therealyellowpageslive.net/live/ezlistng.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll

O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/Lig...loadControl.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup...p1/imloader.cab

O18 - Protocol: x-atng - {7E8717B0-D862-11D5-8C9E-00010304F989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~4\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE (file missing)

O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

 

 

During the night Windows Defender ran an unattended scan, then flagged TVMediaDisplay.

After following your lastest instructions, I again ran a Defender Quick Scan, and received the following:

 

Adware:Win32/TVMediaDisplay

Error: 0x80501001

Share this post


Link to post
Share on other sites

I just performed a "search". It returned:

 

AOL MediaPlaybackControl.exe (In Folder C:\Program Files\Common Files\Nullsoft\ActiveX).

 

While I was viewing that search, an additional hit was registered:

 

AOL MEDIAPLAYBACKCONTROL.exe-2a2258F2.pf (In Folder ::\Windows\Prefetch

 

 

Hope this helps. :!:

Share this post


Link to post
Share on other sites

Those look like legit apps, and Windows Defender could be flagging a false positive there.

 

Upload those files to VirusTotal and see if any other scanners flag them as malware.

 

If the scans at VirusTotal come up with some hits, please copy and paste the results for me to see, please.

 

~~~

Share this post


Link to post
Share on other sites

Okay, Sempurna, I ran VirusTotal scans on both the files; it returned "Found Nothing". I then shut down my computer, re-booted and ran Windows Defender. It again flagged "Adware: Win32/TVMediaDisplay".

 

Questions:

 

1. Is my computer clean?

2. If so, can I instruct Windows Defender not to flag that persistent hit?

3. Since I don't, and never will, use AOL should I delete the two files (AOL MediaPlaybackControl.exe and AOL MEDIAPLAYBACKCONTROL.exe-2A2258f2.PF) in order to prevent a regeneration of "Viewpoint"?

Share this post


Link to post
Share on other sites

Okay, Sempurna, I ran TotalScan's on both files; "Found Nothing". Then I shut down my computer, re-booted and ran Windows Defender. It again flagged "Adware:Win32/TVMediaDisplay".

 

Questons:

 

1. Is my computer clean?

2. If so, can I set Windows Defender so that it doesn't flag that persistent hit?

3. Since I don't, and never intend to, use AOL should I delete "AOL MediaPlaybackControl.exe" and "AOL MEDIAPLAYBACKCONTROL.EXE-2A2258f2.PF" in order to prevent regeneration of "Viewpoint"?

Share this post


Link to post
Share on other sites

Hi Harley, :wave:

 

Answers:

 

1) Yes, your system is clean. :)

 

2) You may set Windows Defender to ignore those entries.

 

3) Has Viewpoint come back into your system? If it has, uninstall it, then you may delete those two files. They are not malicious, but could be the files that AOL uses to reinstall Viewpoint into your system.

 

Let me know how things go, please. :thumbsup:

Share this post


Link to post
Share on other sites

"Viewpoint" has not come back, but, unless you post to the contrary, I'd prefer to innoculate against that possibility by deleting the two references to AOL.

 

Thank you very much for your extended efforts on my behalf, Sempurna. I'm going to make a grateful donation, now.

 

Harley :wave:

Share this post


Link to post
Share on other sites

You're most welcome, Harley. :)

 

Thank you for the kind donation. We all appreciate all the support that we can get to keep this site open so that we may help other people. :thumbsup:

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0