• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
kcsully

CiD drive KCSully crazy

7 posts in this topic

Ran scans and logs below - Please help before I do something evil to my computer. - Thanks

 

Logfile of HijackThis v1.99.1

Scan saved at 1:01:04 PM, on 5/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Olympus\DeviceDetector\DM1Service.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\SpyCatcher\Protector.exe

C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe

C:\Program Files\SpyCatcher\Scheduler daemon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [error proxy mapi 64] C:\Documents and Settings\All Users\Application Data\beep dale error proxy\One Save.exe

O4 - HKLM\..\Run: [spyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: Directrec Configuration Tool.lnk = ?

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RingCentral Call Controller.lnk = C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe

O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41AA163E-EE55-4486-B1B7-634D7124968B} (PracticeAdminRunTime.RunTime) - https://www.practiceadmin.com/CABS/VBRunTime.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A569A5ED-19ED-42FB-8EE4-C8F01C4D541A} (PAClaimsNew.PALogin) - https://www.practiceadmin.com/claims/PAClaimNew.CAB

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {C41986F5-3EA3-4B23-A5F2-C3B9AD58FFBF} (CheckPARequirements.ucCheckPA) - https://www.practiceadmin.com/CABS/CheckPARequirements.CAB

O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - http://service.ringcentral.com/ActiveX/Rin...sage_Player.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab

O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.ringcentral.com/ActiveX/RCAXSetup.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: secuload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

 

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 12:39:22 PM 5/27/2007

 

+ Scan result:

 

 

 

C:\Documents and Settings\Jason_2\Application Data\CreativeMemo\wstdtcpp.exe -> Adware.Lop : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP150\A0038763.exe -> Adware.Lop : Cleaned with backup (quarantined).

C:\Documents and Settings\Jason_2\Desktop\MSC\dll\AIRCDLL.DLL -> Backdoor.Ircflood.s : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP82\A0013380.dll -> Backdoor.Ircflood.s : Cleaned with backup (quarantined).

C:\Documents and Settings\Jason_2\Desktop\MSC\data\updater.mrc -> Backdoor.Small.o : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP90\A0013710.exe -> Downloader.Agent.auv : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP90\A0013708.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP90\A0013709.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@cendantchg.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@networksolutions.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@grouplotto.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Jason_2\Local Settings\Temp\Cookies\jason_2@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@com[2].txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@e-2dj6wjlysmc5wkp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@e-2dj6whmykgajoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\RECYCLER\S-1-5-21-789336058-484763869-1060284298-1003\Dc41.txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@www.lop[1].txt -> TrackingCookie.Lop : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@overture[2].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@site.skype[1].txt -> TrackingCookie.Skype : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@skype[1].txt -> TrackingCookie.Skype : Cleaned.

C:\WINDOWS\system32\config\systemprofile\Cookies\system@skype[1].txt -> TrackingCookie.Skype : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\Jason_2\Local Settings\Temp\Cookies\jason_2@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Jason_2\Local Settings\Temp\Cookies\jason_2@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.

C:\Documents and Settings\Jason_2\Local Settings\Temp\Cookies\jason_2@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.

C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\Jason_2\Local Settings\Temp\Cookies\jason_2@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\Jason_2\Cookies\jason_2@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.

C:\Documents and Settings\Jason_2\Local Settings\Temp\Temporary Directory 1 for codecs divx [fastest wyzo download].zip\Wyzo Browser Setup.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP162\A0039282.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP90\A0013725.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).

C:\Documents and Settings\Jason_2\Local Settings\Temp\Temporary Directory 1 for WGA Windows Genuine Advantage KB905474 remover (v3).zip\Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).

 

 

::Report end

 

 

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Sunday, May 27, 2007 1:03:14 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R171 21.05.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):14 total references

Tracking Cookie(TAC index:3):39 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

5-27-2007 1:03:14 PM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\MOS-Bill\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\MOS-Bill\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word

 

 

MRU List Object Recognized!

Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\office\10.0\excel\recent files

Description : list of recent files used by microsoft excel

 

 

MRU List Object Recognized!

Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 416

ThreadCreationTime : 5-27-2007 5:41:37 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 472

ThreadCreationTime : 5-27-2007 5:41:38 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 496

ThreadCreationTime : 5-27-2007 5:41:39 PM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 540

ThreadCreationTime : 5-27-2007 5:41:39 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 552

ThreadCreationTime : 5-27-2007 5:41:39 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 712

ThreadCreationTime : 5-27-2007 5:41:40 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 776

ThreadCreationTime : 5-27-2007 5:41:40 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [msmpeng.exe]

FilePath : C:\Program Files\Windows Defender\

ProcessID : 848

ThreadCreationTime : 5-27-2007 5:41:41 PM

BasePriority : Normal

FileVersion : 1.1.1593.0

ProductVersion : 1.1.1593.0

ProductName : Windows Defender

CompanyName : Microsoft Corporation

FileDescription : Service Executable

InternalName : MsMpEng.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : MsMpEng.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 888

ThreadCreationTime : 5-27-2007 5:41:41 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 956

ThreadCreationTime : 5-27-2007 5:41:41 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1044

ThreadCreationTime : 5-27-2007 5:41:42 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [aswupdsv.exe]

FilePath : C:\Program Files\Alwil Software\Avast4\

ProcessID : 1164

ThreadCreationTime : 5-27-2007 5:41:43 PM

BasePriority : Normal

FileVersion : 4, 7, 997, 0

ProductVersion : 4, 7, 0, 0

ProductName : avast! Antivirus

CompanyName : ALWIL Software

FileDescription : avast! Antivirus updating service

InternalName : aswUpdSv.exe

LegalCopyright : Copyright © 2007 ALWIL Software

OriginalFilename : aswUpdSv.exe

 

#:13 [ashserv.exe]

FilePath : C:\Program Files\Alwil Software\Avast4\

ProcessID : 1220

ThreadCreationTime : 5-27-2007 5:41:43 PM

BasePriority : High

FileVersion : 4, 7, 997, 0

ProductVersion : 4, 7, 0, 0

ProductName : avast! Antivirus

CompanyName : ALWIL Software

FileDescription : avast! antivirus service

InternalName : aswServ

LegalCopyright : Copyright © 2007 ALWIL Software

OriginalFilename : aswServ.exe

 

#:14 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1440

ThreadCreationTime : 5-27-2007 5:41:49 PM

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:15 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1720

ThreadCreationTime : 5-27-2007 5:41:52 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:16 [guard.exe]

FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\

ProcessID : 1892

ThreadCreationTime : 5-27-2007 5:41:57 PM

BasePriority : Normal

FileVersion : 7, 5, 0, 47

ProductVersion : 7, 5, 0, 47

ProductName : AVG Anti-Spyware

CompanyName : Anti-Malware Development a.s.

FileDescription : AVG Anti-Spyware guard

InternalName : AVG Anti-Spyware guard

LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.

OriginalFilename : guard.exe

 

#:17 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1900

ThreadCreationTime : 5-27-2007 5:41:57 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:18 [gnotify.exe]

FilePath : C:\Program Files\Google\Gmail Notifier\

ProcessID : 1908

ThreadCreationTime : 5-27-2007 5:41:57 PM

BasePriority : Normal

FileVersion : 1.0.25.0

ProductVersion : 1.0.25.0

ProductName : Gmail

CompanyName : Google Inc.

FileDescription : Gmail Notifier

LegalCopyright : Copyright © Google Inc. 2004-2005

OriginalFilename : gnotify.exe

 

#:19 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.6.0_01\bin\

ProcessID : 1920

ThreadCreationTime : 5-27-2007 5:41:58 PM

BasePriority : Normal

 

 

#:20 [ashdisp.exe]

FilePath : C:\PROGRA~1\ALWILS~1\Avast4\

ProcessID : 1952

ThreadCreationTime : 5-27-2007 5:41:58 PM

BasePriority : Normal

FileVersion : 4, 7, 997, 0

ProductVersion : 4, 7, 0, 0

ProductName : avast! Antivirus

CompanyName : ALWIL Software

FileDescription : avast! service GUI component

InternalName : aswDisp

LegalCopyright : Copyright © 2007 ALWIL Software

OriginalFilename : aswDisp.exe

 

#:21 [sfagent.exe]

FilePath : C:\Program Files\SPAMfighter\

ProcessID : 1972

ThreadCreationTime : 5-27-2007 5:41:58 PM

BasePriority : Normal

 

 

#:22 [msascui.exe]

FilePath : C:\Program Files\Windows Defender\

ProcessID : 2016

ThreadCreationTime : 5-27-2007 5:41:59 PM

BasePriority : Normal

FileVersion : 1.1.1593.0

ProductVersion : 1.1.1593.0

ProductName : Windows Defender

CompanyName : Microsoft Corporation

FileDescription : Windows Defender User Interface

InternalName : MSASCUI

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : MSASCUI.exe

 

#:23 [avgamsvr.exe]

FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\

ProcessID : 192

ThreadCreationTime : 5-27-2007 5:42:00 PM

BasePriority : Normal

FileVersion : 7,1,0,365

ProductVersion : 7.1.0.365

ProductName : AVG Anti-Virus System

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Alert Manager

InternalName : avgamsvr

LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.

OriginalFilename : avgamsvr.EXE

 

#:24 [winampa.exe]

FilePath : C:\Program Files\Winamp\

ProcessID : 200

ThreadCreationTime : 5-27-2007 5:42:01 PM

BasePriority : Normal

 

 

#:25 [avgas.exe]

FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\

ProcessID : 252

ThreadCreationTime : 5-27-2007 5:42:03 PM

BasePriority : Normal

FileVersion : 7, 5, 0, 50

ProductVersion : 7, 5, 0, 50

ProductName : AVG Anti-Spyware

CompanyName : Anti-Malware Development a.s.

FileDescription : AVG Anti-Spyware

InternalName : AVG Anti-Spyware

LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.

OriginalFilename : avgas.exe

 

#:26 [skype.exe]

FilePath : C:\Program Files\Skype\Phone\

ProcessID : 336

ThreadCreationTime : 5-27-2007 5:42:04 PM

BasePriority : Normal

FileVersion : 3.2.0.148

ProductVersion : 3.2

ProductName : Skype

CompanyName : Skype Technologies S.A.

FileDescription : Skype. Take a deep breath

InternalName : Skype.exe

LegalCopyright : © Skype Technologies S.A.

OriginalFilename : Skype.exe

 

#:27 [weather.exe]

FilePath : C:\Program Files\AWS\WeatherBug\

ProcessID : 344

ThreadCreationTime : 5-27-2007 5:42:05 PM

BasePriority : Normal

FileVersion : 6, 7, 0, 10

ProductVersion : 6, 7, 0, 10

ProductName : WeatherBug

CompanyName : AWS Convergence Technologies, Inc.

InternalName : Desktop Weather

LegalCopyright : Copyright © 2001-2006

OriginalFilename : Weather.exe

Comments : World Largest Weather Network

 

#:28 [avgupsvc.exe]

FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\

ProcessID : 352

ThreadCreationTime : 5-27-2007 5:42:05 PM

BasePriority : Normal

FileVersion : 7,1,0,349

ProductVersion : 7.1.0.349

ProductName : AVG 7.0 Anti-Virus System

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Update Service

InternalName : avgupsvc

LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.

OriginalFilename : avgupdsvc.EXE

 

#:29 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 376

ThreadCreationTime : 5-27-2007 5:42:07 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:30 [dm1service.exe]

FilePath : C:\Program Files\Olympus\DeviceDetector\

ProcessID : 516

ThreadCreationTime : 5-27-2007 5:42:10 PM

BasePriority : Normal

FileVersion : 1, 2, 1, 0

ProductVersion : 1, 2, 1, 0

ProductName : DM1Service Module

CompanyName : OLYMPUS Corporation

FileDescription : DM1Servis Module (Alpha)

InternalName : DM1Service

LegalCopyright : Copyright © 2001-2003 OLYMPUS Corporation

OriginalFilename : DM1Servis.EXE

 

#:31 [googleupdaterservice.exe]

FilePath : C:\Program Files\Google\Common\Google Updater\

ProcessID : 988

ThreadCreationTime : 5-27-2007 5:42:14 PM

BasePriority : Normal

FileVersion : 2.2.824.5515.beta

ProductVersion : 2.2.824.5515.beta

ProductName : Google Updater

CompanyName : Google

FileDescription : gusvc

InternalName : gusvc

LegalCopyright : ©2005-2006 Google. All Rights Reserved.

OriginalFilename : GoogleUpdaterService.exe

Comments : Google Updater

 

#:32 [googleupdater.exe]

FilePath : C:\Program Files\Google\Google Updater\

ProcessID : 1616

ThreadCreationTime : 5-27-2007 5:42:15 PM

BasePriority : Normal

FileVersion : 2.1.850.19570.beta

ProductVersion : 2.1.850.19570.beta

ProductName : Google Updater

CompanyName : Google

FileDescription : Google Updater

InternalName : Google Updater

LegalCopyright : ©2005-2006 Google. All Rights Reserved.

OriginalFilename : GoogleUpdater.exe

Comments : Google Updater

 

#:33 [protector.exe]

FilePath : C:\Program Files\SpyCatcher\

ProcessID : 2148

ThreadCreationTime : 5-27-2007 5:42:27 PM

BasePriority : Normal

FileVersion : 0.10

ProductVersion : 4.0

ProductName : Protector

CompanyName : Tenebril Inc.

FileDescription : SpyCatcher Protector - manage spyware

InternalName : VehicleApp

LegalCopyright : Copyright © 2004 - 2005 Tenebril Inc

OriginalFilename : VehicleApp.exe

Comments : SpyCatcher anti-spyware system from Tenebril

 

#:34 [rcui.exe]

FilePath : C:\Program Files\RingCentral\RingCentral Call Controller\

ProcessID : 2160

ThreadCreationTime : 5-27-2007 5:42:27 PM

BasePriority : Normal

FileVersion : 3.00.183.32

ProductVersion : 3.00

ProductName : RingCentral

CompanyName : RingCentral, Inc.

FileDescription : RingCentral

InternalName : RingCentral

LegalCopyright : Copyright© RingCentral, Inc.

LegalTrademarks : RingCentral®

OriginalFilename : RCUI.exe

 

#:35 [scheduler daemon.exe]

FilePath : C:\Program Files\SpyCatcher\

ProcessID : 2464

ThreadCreationTime : 5-27-2007 5:42:49 PM

BasePriority : Normal

FileVersion : 0.10

ProductVersion : 3.00

ProductName : GhostSurf

CompanyName : Tenebril Incorporated

FileDescription : Scheduler daemon

InternalName : VehicleApp

LegalCopyright : Copyright © 2001 - 2004 Tenebril Inc

OriginalFilename : VehicleApp.exe

Comments : Scheduler daemon

 

#:36 [ashmaisv.exe]

FilePath : C:\Program Files\Alwil Software\Avast4\

ProcessID : 2728

ThreadCreationTime : 5-27-2007 5:43:08 PM

BasePriority : Normal

 

 

#:37 [ashwebsv.exe]

FilePath : C:\Program Files\Alwil Software\Avast4\

ProcessID : 2848

ThreadCreationTime : 5-27-2007 5:43:23 PM

BasePriority : Normal

 

 

#:38 [skypepm.exe]

FilePath : C:\Program Files\Skype\Plugin Manager\

ProcessID : 2984

ThreadCreationTime : 5-27-2007 5:43:50 PM

BasePriority : Normal

FileVersion : 1.2.0.255

ProductVersion : 1.0.0.0

CompanyName : Skype Technologies

FileDescription : Skype Extras Manager

LegalCopyright : Skype Limited

 

#:39 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 3428

ThreadCreationTime : 5-27-2007 5:44:00 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:40 [rchotkey.exe]

FilePath : C:\Program Files\RingCentral\RingCentral Call Controller\

ProcessID : 3684

ThreadCreationTime : 5-27-2007 5:44:09 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 5

ProductVersion : 3.00.183.32

ProductName : RCHotKey

CompanyName : RingCentral, Inc.

FileDescription : RC Hot Key Launcher

InternalName : RCHotKey

LegalCopyright : Copyright© RingCentral, Inc.

LegalTrademarks : RingCentral®

OriginalFilename : RCHotKey.exe

 

#:41 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 816

ThreadCreationTime : 5-27-2007 6:01:31 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 14

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 14

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 14

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@pch.122.2o7[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:mos-bill@pch.122.2o7.net/

Expires : 5-23-2012 12:47:30 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@cbs.112.2o7[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:16

Value : Cookie:mos-bill@cbs.112.2o7.net/

Expires : 5-19-2012 10:48:48 PM

LastSync : Hits:16

UseCount : 0

Hits : 16

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@cendantchg.112.2o7[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:mos-bill@cendantchg.112.2o7.net/

Expires : 5-21-2012 11:36:40 AM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@tribalfusion[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:5

Value : Cookie:mos-bill@tribalfusion.com/

Expires : 5-24-2008 12:56:22 PM

LastSync : Hits:5

UseCount : 0

Hits : 5

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@kontera[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:10

Value : Cookie:mos-bill@kontera.com/

Expires : 5-22-2008 9:14:24 AM

LastSync : Hits:10

UseCount : 0

Hits : 10

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@betanews[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:mos-bill@betanews.com/

Expires : 12-31-2010 7:00:00 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@247realmedia[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:4

Value : Cookie:mos-bill@247realmedia.com/

Expires : 12-31-2020 7:00:00 PM

LastSync : Hits:4

UseCount : 0

Hits : 4

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@tacoda[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:640

Value : Cookie:mos-bill@tacoda.net/

Expires : 5-26-2008 8:03:02 AM

LastSync : Hits:640

UseCount : 0

Hits : 640

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@trafficmp[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:42

Value : Cookie:mos-bill@trafficmp.com/

Expires : 5-21-2008 8:20:58 AM

LastSync : Hits:42

UseCount : 0

Hits : 42

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@freepay[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:3

Value : Cookie:mos-bill@freepay.com/

Expires : 1-17-2038 7:00:00 PM

LastSync : Hits:3

UseCount : 0

Hits : 3

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@as-eu.falkag[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:8

Value : Cookie:mos-bill@as-eu.falkag.net/

Expires : 5-23-2008 3:56:24 PM

LastSync : Hits:8

UseCount : 0

Hits : 8

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@date[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:4

Value : Cookie:mos-bill@date.com/

Expires : 1-17-2038 7:00:00 PM

LastSync : Hits:4

UseCount : 0

Hits : 4

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@ads.pointroll[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:26

Value : Cookie:mos-bill@ads.pointroll.com/

Expires : 12-31-2009 7:00:00 PM

LastSync : Hits:26

UseCount : 0

Hits : 26

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@2o7[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:78

Value : Cookie:mos-bill@2o7.net/

Expires : 5-24-2012 6:27:34 AM

LastSync : Hits:78

UseCount : 0

Hits : 78

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@www.ppctracking[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:mos-bill@www.ppctracking.net/

Expires : 5-15-2037 11:51:20 AM

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@e-2dj6whmykgajoco.stats.esomniture[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:mos-bill@e-2dj6whmykgajoco.stats.esomniture.com/

Expires : 5-24-2012 6:10:40 AM

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : mos-bill@buy[1].txt

TAC Rating : 3

Cat

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Do you have Netpumper or Bitgrabber or BitRoll installed? If so, uninstall them via start > Settings> Control Panel > add/remove programs. This because they are bundled with the malware you are dealing with (swizzor aka lop).

Also look if next are present in software > add/remove programs and uninstall them:

 

CiD Help / CiD Manager

Download Plugin for Internet Explorer

Zone Media

 

In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window

 

Then reboot. Important!

 

After reboot,

 

* Download Deljob.exe and save it on your desktop.

Doubleclick Deljob.exe.

 

A log, (logit.txt) should open afterwards. This log will be present on your desktop

Post the contents of the logfile in your next reply together with a new Hijackthis log.

Share this post


Link to post
Share on other sites

Hi,

 

Do you have Netpumper or Bitgrabber or BitRoll installed? If so, uninstall them via start > Settings> Control Panel > add/remove programs. This because they are bundled with the malware you are dealing with (swizzor aka lop).

Also look if next are present in software > add/remove programs and uninstall them:

 

CiD Help / CiD Manager

Download Plugin for Internet Explorer

Zone Media

 

In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window

 

Then reboot. Important!

 

After reboot,

 

* Download Deljob.exe and save it on your desktop.

Doubleclick Deljob.exe.

 

A log, (logit.txt) should open afterwards. This log will be present on your desktop

Post the contents of the logfile in your next reply together with a new Hijackthis log.

Share this post


Link to post
Share on other sites

Hi,

 

Do you have Netpumper or Bitgrabber or BitRoll installed? If so, uninstall them via start > Settings> Control Panel > add/remove programs. This because they are bundled with the malware you are dealing with (swizzor aka lop).

Also look if next are present in software > add/remove programs and uninstall them:

 

CiD Help / CiD Manager

Download Plugin for Internet Explorer

Zone Media

 

In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window

 

Then reboot. Important!

 

After reboot,

 

* Download Deljob.exe and save it on your desktop.

Doubleclick Deljob.exe.

 

A log, (logit.txt) should open afterwards. This log will be present on your desktop

Post the contents of the logfile in your next reply together with a new Hijackthis log.

 

 

I didn't have any of the above listed - new logs as requested below. - The popup have been reduce to almost none now -

 

--------------------------------------------------------

No LOP jobs found

--------------------------------------------------------

Files remaining after cleaning

 

MP Scheduled Scan.job

Spybot - Search & Destroy - Scheduled Task.job

--------------------------------------------------------

App data folders

 

Volume in drive C has no label.

Volume Serial Number is B886-CA79

 

Directory of C:\Documents and Settings\MOS-Bill\Application Data

 

06/05/2007 04:57 PM <DIR> .

06/05/2007 04:57 PM <DIR> ..

05/29/2007 09:53 AM <DIR> Adobe

05/18/2007 07:50 PM <DIR> AdobeUM

05/31/2007 04:00 PM <DIR> ArcSoft

05/31/2007 03:58 PM <DIR> EPSON

05/18/2007 08:11 PM <DIR> Google

05/21/2007 09:00 AM <DIR> Help

05/18/2007 11:23 AM <DIR> IDENTI~1 Identities

05/20/2007 05:19 PM <DIR> Lavasoft

05/18/2007 03:26 PM <DIR> MACROM~1 Macromedia

06/05/2007 03:36 PM <DIR> MICROS~1 Microsoft

05/31/2007 07:50 AM <DIR> Mozilla

05/21/2007 08:23 AM <DIR> Qualcomm

06/05/2007 04:59 PM <DIR> Real

06/07/2007 11:08 AM <DIR> Skype

05/18/2007 11:24 AM <DIR> SPAMFI~1 SPAMfighter

05/20/2007 01:26 PM <DIR> Sun

05/22/2007 05:19 PM <DIR> Tenebril

06/04/2007 08:40 PM <DIR> WEATHE~1 WeatherBug

0 File(s) 0 bytes

20 Dir(s) 23,303,483,392 bytes free

Volume in drive C has no label.

Volume Serial Number is B886-CA79

 

Directory of C:\Documents and Settings\All Users\Application Data

 

05/27/2007 01:31 PM <DIR> .

05/27/2007 01:31 PM <DIR> ..

05/27/2007 01:32 PM <DIR> Adobe

01/06/2007 09:33 PM <DIR> AOL

01/06/2007 09:32 PM <DIR> AOLDOW~1 AOL Downloads

01/06/2007 09:33 PM <DIR> AOLOCP~1 AOL OCP

02/22/2007 09:00 AM <DIR> avg7

05/31/2007 01:51 PM <DIR> BEEPDA~1 beep dale error proxy

01/05/2007 02:01 PM <DIR> Google

06/06/2007 09:56 PM <DIR> GOOGLE~1 Google Updater

11/17/2006 10:49 PM <DIR> Grisoft

05/18/2007 10:43 AM <DIR> MICROS~1 Microsoft

05/18/2007 08:03 PM <DIR> OFFICE~1 Office Genuine Advantage

05/01/2007 10:55 PM <DIR> PopCap

05/18/2007 03:13 PM <DIR> Skype

05/27/2007 02:22 PM <DIR> SPYBOT~1 Spybot - Search & Destroy

05/22/2007 05:13 PM <DIR> Tenebril

03/24/2007 10:46 AM <DIR> VIEWPO~1 Viewpoint

01/11/2007 05:51 PM <DIR> WINDOW~1 Windows Genuine Advantage

01/05/2007 01:17 PM <DIR> Yahoo!

0 File(s) 0 bytes

20 Dir(s) 23,303,483,392 bytes free

--------------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 11:22:24 AM, on 6/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Olympus\DeviceDetector\DM1Service.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\SkypeUSBPhoneDriver\Skype@phone.exe

C:\Program Files\SpyCatcher\Protector.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\SpyCatcher\Scheduler daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files\Olympus\DSSPlayer\DirectrecConfig.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\system32\winlogon.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

C:\Program Files\SPAMfighter\Clients\Outlook\SFOLMoni.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [error proxy mapi 64] C:\Documents and Settings\All Users\Application Data\beep dale error proxy\One Save.exe

O4 - HKLM\..\Run: [spyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P28 "EPSON Stylus CX3200 (Copy 1)" /O5 "LPT1:" /M "Stylus CX3200"

O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"

O4 - HKLM\..\Run: [skype@phone] C:\Program Files\SkypeUSBPhoneDriver\Skype@phone.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: Directrec Configuration Tool.lnk = ?

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RingCentral Call Controller.lnk = C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe

O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://gck.baseball.sportsline.com

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41AA163E-EE55-4486-B1B7-634D7124968B} (PracticeAdminRunTime.RunTime) - https://www.practiceadmin.com/CABS/VBRunTime.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A569A5ED-19ED-42FB-8EE4-C8F01C4D541A} (PAClaimsNew.PALogin) - https://www.practiceadmin.com/claims/PAClaimNew.CAB

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {C41986F5-3EA3-4B23-A5F2-C3B9AD58FFBF} (CheckPARequirements.ucCheckPA) - https://www.practiceadmin.com/CABS/CheckPARequirements.CAB

O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - http://service.ringcentral.com/ActiveX/Rin...sage_Player.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab

O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.ringcentral.com/ActiveX/RCAXSetup.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: secuload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe

O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Share this post


Link to post
Share on other sites

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Disable TeaTimer:

Please disable TeaTimer as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable TeaTimer:

  • Run Spybot-S&D
  • Go to the Mode menu , and make sure "Advanced Mode " is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer " and OK any prompts
  • Restart your computer.

After all of the fixes are complete it is very important that you enable TeaTimer again.

 

Disable Microsoft Windows Defender:

We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab[/b]

 

Click on Fix Checked when finished and exit HijackThis.

 

Restart the computer normally to reset the registry.

 

If still getting popups.

 

Download this file - combofix.exe

 

and save it to your desktop (Important). Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

 

"%userprofile%\desktop\combofix.exe"

 

Boot into safe mode by tapping the F8 key just before Windows starts to load.

 

go to start --> run and copy/paste in the following:

 

"%userprofile%\desktop\combofix.exe"

 

When finished, it shall produce a log for you. Save it and post that log in your next reply.

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

In your next post, please include

  • new hijackthis log
  • combofix log

*use separate posts to ensure the logs don't get cut off!

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0