Jump to content


Photo

CiD drive KCSully crazy


  • This topic is locked This topic is locked
6 replies to this topic

#1 kcsully

kcsully

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 27 May 2007 - 01:50 PM

Ran scans and logs below - Please help before I do something evil to my computer. - Thanks

Logfile of HijackThis v1.99.1
Scan saved at 1:01:04 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [error proxy mapi 64] C:\Documents and Settings\All Users\Application Data\beep dale error proxy\One Save.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RingCentral Call Controller.lnk = C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41AA163E-EE55-4486-B1B7-634D7124968B} (PracticeAdminRunTime.RunTime) - https://www.practice...S/VBRunTime.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A569A5ED-19ED-42FB-8EE4-C8F01C4D541A} (PAClaimsNew.PALogin) - https://www.practice.../PAClaimNew.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C41986F5-3EA3-4B23-A5F2-C3B9AD58FFBF} (CheckPARequirements.ucCheckPA) - https://www.practice...equirements.CAB
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - http://service.ringc...sage_Player.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.ringc...X/RCAXSetup.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:39:22 PM 5/27/2007

+ Scan result:



C:\Documents and Settings\Jason_2\Application Data\CreativeMemo\wstdtcpp.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP150\A0038763.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\Jason_2\Desktop\MSC\dll\AIRCDLL.DLL -> Backdoor.Ircflood.s : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP82\A0013380.dll -> Backdoor.Ircflood.s : Cleaned with backup (quarantined).
C:\Documents and Settings\Jason_2\Desktop\MSC\data\updater.mrc -> Backdoor.Small.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP90\A0013710.exe -> Downloader.Agent.auv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP90\A0013708.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP90\A0013709.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@cendantchg.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@networksolutions.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@grouplotto.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jason_2\Local Settings\Temp\Cookies\jason_2@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@e-2dj6wjlysmc5wkp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@e-2dj6whmykgajoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-789336058-484763869-1060284298-1003\Dc41.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@www.lop[1].txt -> TrackingCookie.Lop : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@site.skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Jason_2\Local Settings\Temp\Cookies\jason_2@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jason_2\Local Settings\Temp\Cookies\jason_2@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Jason_2\Local Settings\Temp\Cookies\jason_2@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\MOS-Bill\Cookies\mos-bill@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jason_2\Local Settings\Temp\Cookies\jason_2@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jason_2\Cookies\jason_2@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Jason_2\Local Settings\Temp\Temporary Directory 1 for codecs divx [fastest wyzo download].zip\Wyzo Browser Setup.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP162\A0039282.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8D24C0E2-0CFA-4074-8A8C-FC5ACDC74FFE}\RP90\A0013725.exe -> Trojan.Obfuscated.en : Cleaned with backup (quarantined).
C:\Documents and Settings\Jason_2\Local Settings\Temp\Temporary Directory 1 for WGA Windows Genuine Advantage KB905474 remover (v3).zip\Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end




Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, May 27, 2007 1:03:14 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R171 21.05.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):14 total references
Tracking Cookie(TAC index:3):39 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-27-2007 1:03:14 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\MOS-Bill\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\MOS-Bill\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-789336058-484763869-1060284298-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 416
ThreadCreationTime : 5-27-2007 5:41:37 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 472
ThreadCreationTime : 5-27-2007 5:41:38 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 5-27-2007 5:41:39 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 5-27-2007 5:41:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 5-27-2007 5:41:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 5-27-2007 5:41:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 776
ThreadCreationTime : 5-27-2007 5:41:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 848
ThreadCreationTime : 5-27-2007 5:41:41 PM
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 888
ThreadCreationTime : 5-27-2007 5:41:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 956
ThreadCreationTime : 5-27-2007 5:41:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1044
ThreadCreationTime : 5-27-2007 5:41:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1164
ThreadCreationTime : 5-27-2007 5:41:43 PM
BasePriority : Normal
FileVersion : 4, 7, 997, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : avast! Antivirus updating service
InternalName : aswUpdSv.exe
LegalCopyright : Copyright © 2007 ALWIL Software
OriginalFilename : aswUpdSv.exe

#:13 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1220
ThreadCreationTime : 5-27-2007 5:41:43 PM
BasePriority : High
FileVersion : 4, 7, 997, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright © 2007 ALWIL Software
OriginalFilename : aswServ.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1440
ThreadCreationTime : 5-27-2007 5:41:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1720
ThreadCreationTime : 5-27-2007 5:41:52 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1892
ThreadCreationTime : 5-27-2007 5:41:57 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:17 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1900
ThreadCreationTime : 5-27-2007 5:41:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:18 [gnotify.exe]
FilePath : C:\Program Files\Google\Gmail Notifier\
ProcessID : 1908
ThreadCreationTime : 5-27-2007 5:41:57 PM
BasePriority : Normal
FileVersion : 1.0.25.0
ProductVersion : 1.0.25.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004-2005
OriginalFilename : gnotify.exe

#:19 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0_01\bin\
ProcessID : 1920
ThreadCreationTime : 5-27-2007 5:41:58 PM
BasePriority : Normal


#:20 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 1952
ThreadCreationTime : 5-27-2007 5:41:58 PM
BasePriority : Normal
FileVersion : 4, 7, 997, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright © 2007 ALWIL Software
OriginalFilename : aswDisp.exe

#:21 [sfagent.exe]
FilePath : C:\Program Files\SPAMfighter\
ProcessID : 1972
ThreadCreationTime : 5-27-2007 5:41:58 PM
BasePriority : Normal


#:22 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 2016
ThreadCreationTime : 5-27-2007 5:41:59 PM
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe

#:23 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 192
ThreadCreationTime : 5-27-2007 5:42:00 PM
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:24 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 200
ThreadCreationTime : 5-27-2007 5:42:01 PM
BasePriority : Normal


#:25 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 252
ThreadCreationTime : 5-27-2007 5:42:03 PM
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:26 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 336
ThreadCreationTime : 5-27-2007 5:42:04 PM
BasePriority : Normal
FileVersion : 3.2.0.148
ProductVersion : 3.2
ProductName : Skype
CompanyName : Skype Technologies S.A.
FileDescription : Skype. Take a deep breath
InternalName : Skype.exe
LegalCopyright : © Skype Technologies S.A.
OriginalFilename : Skype.exe

#:27 [weather.exe]
FilePath : C:\Program Files\AWS\WeatherBug\
ProcessID : 344
ThreadCreationTime : 5-27-2007 5:42:05 PM
BasePriority : Normal
FileVersion : 6, 7, 0, 10
ProductVersion : 6, 7, 0, 10
ProductName : WeatherBug
CompanyName : AWS Convergence Technologies, Inc.
InternalName : Desktop Weather
LegalCopyright : Copyright © 2001-2006
OriginalFilename : Weather.exe
Comments : World Largest Weather Network

#:28 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 352
ThreadCreationTime : 5-27-2007 5:42:05 PM
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:29 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 376
ThreadCreationTime : 5-27-2007 5:42:07 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:30 [dm1service.exe]
FilePath : C:\Program Files\Olympus\DeviceDetector\
ProcessID : 516
ThreadCreationTime : 5-27-2007 5:42:10 PM
BasePriority : Normal
FileVersion : 1, 2, 1, 0
ProductVersion : 1, 2, 1, 0
ProductName : DM1Service Module
CompanyName : OLYMPUS Corporation
FileDescription : DM1Servis Module (Alpha)
InternalName : DM1Service
LegalCopyright : Copyright © 2001-2003 OLYMPUS Corporation
OriginalFilename : DM1Servis.EXE

#:31 [googleupdaterservice.exe]
FilePath : C:\Program Files\Google\Common\Google Updater\
ProcessID : 988
ThreadCreationTime : 5-27-2007 5:42:14 PM
BasePriority : Normal
FileVersion : 2.2.824.5515.beta
ProductVersion : 2.2.824.5515.beta
ProductName : Google Updater
CompanyName : Google
FileDescription : gusvc
InternalName : gusvc
LegalCopyright : ©2005-2006 Google. All Rights Reserved.
OriginalFilename : GoogleUpdaterService.exe
Comments : Google Updater

#:32 [googleupdater.exe]
FilePath : C:\Program Files\Google\Google Updater\
ProcessID : 1616
ThreadCreationTime : 5-27-2007 5:42:15 PM
BasePriority : Normal
FileVersion : 2.1.850.19570.beta
ProductVersion : 2.1.850.19570.beta
ProductName : Google Updater
CompanyName : Google
FileDescription : Google Updater
InternalName : Google Updater
LegalCopyright : ©2005-2006 Google. All Rights Reserved.
OriginalFilename : GoogleUpdater.exe
Comments : Google Updater

#:33 [protector.exe]
FilePath : C:\Program Files\SpyCatcher\
ProcessID : 2148
ThreadCreationTime : 5-27-2007 5:42:27 PM
BasePriority : Normal
FileVersion : 0.10
ProductVersion : 4.0
ProductName : Protector
CompanyName : Tenebril Inc.
FileDescription : SpyCatcher Protector - manage spyware
InternalName : VehicleApp
LegalCopyright : Copyright © 2004 - 2005 Tenebril Inc
OriginalFilename : VehicleApp.exe
Comments : SpyCatcher anti-spyware system from Tenebril

#:34 [rcui.exe]
FilePath : C:\Program Files\RingCentral\RingCentral Call Controller\
ProcessID : 2160
ThreadCreationTime : 5-27-2007 5:42:27 PM
BasePriority : Normal
FileVersion : 3.00.183.32
ProductVersion : 3.00
ProductName : RingCentral
CompanyName : RingCentral, Inc.
FileDescription : RingCentral
InternalName : RingCentral
LegalCopyright : Copyright© RingCentral, Inc.
LegalTrademarks : RingCentral®
OriginalFilename : RCUI.exe

#:35 [scheduler daemon.exe]
FilePath : C:\Program Files\SpyCatcher\
ProcessID : 2464
ThreadCreationTime : 5-27-2007 5:42:49 PM
BasePriority : Normal
FileVersion : 0.10
ProductVersion : 3.00
ProductName : GhostSurf
CompanyName : Tenebril Incorporated
FileDescription : Scheduler daemon
InternalName : VehicleApp
LegalCopyright : Copyright © 2001 - 2004 Tenebril Inc
OriginalFilename : VehicleApp.exe
Comments : Scheduler daemon

#:36 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2728
ThreadCreationTime : 5-27-2007 5:43:08 PM
BasePriority : Normal


#:37 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2848
ThreadCreationTime : 5-27-2007 5:43:23 PM
BasePriority : Normal


#:38 [skypepm.exe]
FilePath : C:\Program Files\Skype\Plugin Manager\
ProcessID : 2984
ThreadCreationTime : 5-27-2007 5:43:50 PM
BasePriority : Normal
FileVersion : 1.2.0.255
ProductVersion : 1.0.0.0
CompanyName : Skype Technologies
FileDescription : Skype Extras Manager
LegalCopyright : Skype Limited

#:39 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3428
ThreadCreationTime : 5-27-2007 5:44:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:40 [rchotkey.exe]
FilePath : C:\Program Files\RingCentral\RingCentral Call Controller\
ProcessID : 3684
ThreadCreationTime : 5-27-2007 5:44:09 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 5
ProductVersion : 3.00.183.32
ProductName : RCHotKey
CompanyName : RingCentral, Inc.
FileDescription : RC Hot Key Launcher
InternalName : RCHotKey
LegalCopyright : Copyright© RingCentral, Inc.
LegalTrademarks : RingCentral®
OriginalFilename : RCHotKey.exe

#:41 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 816
ThreadCreationTime : 5-27-2007 6:01:31 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@pch.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:mos-bill@pch.122.2o7.net/
Expires : 5-23-2012 12:47:30 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@cbs.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:mos-bill@cbs.112.2o7.net/
Expires : 5-19-2012 10:48:48 PM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@cendantchg.112.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:mos-bill@cendantchg.112.2o7.net/
Expires : 5-21-2012 11:36:40 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:mos-bill@tribalfusion.com/
Expires : 5-24-2008 12:56:22 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@kontera[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:mos-bill@kontera.com/
Expires : 5-22-2008 9:14:24 AM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@betanews[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:mos-bill@betanews.com/
Expires : 12-31-2010 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:mos-bill@247realmedia.com/
Expires : 12-31-2020 7:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@tacoda[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:640
Value : Cookie:mos-bill@tacoda.net/
Expires : 5-26-2008 8:03:02 AM
LastSync : Hits:640
UseCount : 0
Hits : 640

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@trafficmp[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:42
Value : Cookie:mos-bill@trafficmp.com/
Expires : 5-21-2008 8:20:58 AM
LastSync : Hits:42
UseCount : 0
Hits : 42

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@freepay[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:mos-bill@freepay.com/
Expires : 1-17-2038 7:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@as-eu.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:mos-bill@as-eu.falkag.net/
Expires : 5-23-2008 3:56:24 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@date[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:mos-bill@date.com/
Expires : 1-17-2038 7:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:mos-bill@ads.pointroll.com/
Expires : 12-31-2009 7:00:00 PM
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:78
Value : Cookie:mos-bill@2o7.net/
Expires : 5-24-2012 6:27:34 AM
LastSync : Hits:78
UseCount : 0
Hits : 78

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@www.ppctracking[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:mos-bill@www.ppctracking.net/
Expires : 5-15-2037 11:51:20 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@e-2dj6whmykgajoco.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:mos-bill@e-2dj6whmykgajoco.stats.esomniture.com/
Expires : 5-24-2012 6:10:40 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@buy[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:mos-bill@buy.com/
Expires : 6-4-2007 2:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mos-bill@insightexpressai[1].txt


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 30 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 31 May 2007 - 12:13 PM

Hi,

Do you have Netpumper or Bitgrabber or BitRoll installed? If so, uninstall them via start > Settings> Control Panel > add/remove programs. This because they are bundled with the malware you are dealing with (swizzor aka lop).
Also look if next are present in software > add/remove programs and uninstall them:

CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media


In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window

Then reboot. Important!

After reboot,

* Download Deljob.exe and save it on your desktop.
Doubleclick Deljob.exe.

A log, (logit.txt) should open afterwards. This log will be present on your desktop
Post the contents of the logfile in your next reply together with a new Hijackthis log.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 kcsully

kcsully

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 07 June 2007 - 11:25 AM

Hi,

Do you have Netpumper or Bitgrabber or BitRoll installed? If so, uninstall them via start > Settings> Control Panel > add/remove programs. This because they are bundled with the malware you are dealing with (swizzor aka lop).
Also look if next are present in software > add/remove programs and uninstall them:

CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media


In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window

Then reboot. Important!

After reboot,

* Download Deljob.exe and save it on your desktop.
Doubleclick Deljob.exe.

A log, (logit.txt) should open afterwards. This log will be present on your desktop
Post the contents of the logfile in your next reply together with a new Hijackthis log.



#5 kcsully

kcsully

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 07 June 2007 - 11:28 AM


Hi,

Do you have Netpumper or Bitgrabber or BitRoll installed? If so, uninstall them via start > Settings> Control Panel > add/remove programs. This because they are bundled with the malware you are dealing with (swizzor aka lop).
Also look if next are present in software > add/remove programs and uninstall them:

CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media


In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window

Then reboot. Important!

After reboot,

* Download Deljob.exe and save it on your desktop.
Doubleclick Deljob.exe.

A log, (logit.txt) should open afterwards. This log will be present on your desktop
Post the contents of the logfile in your next reply together with a new Hijackthis log.



I didn't have any of the above listed - new logs as requested below. - The popup have been reduce to almost none now -

--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

MP Scheduled Scan.job
Spybot - Search & Destroy - Scheduled Task.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is B886-CA79

Directory of C:\Documents and Settings\MOS-Bill\Application Data

06/05/2007 04:57 PM <DIR> .
06/05/2007 04:57 PM <DIR> ..
05/29/2007 09:53 AM <DIR> Adobe
05/18/2007 07:50 PM <DIR> AdobeUM
05/31/2007 04:00 PM <DIR> ArcSoft
05/31/2007 03:58 PM <DIR> EPSON
05/18/2007 08:11 PM <DIR> Google
05/21/2007 09:00 AM <DIR> Help
05/18/2007 11:23 AM <DIR> IDENTI~1 Identities
05/20/2007 05:19 PM <DIR> Lavasoft
05/18/2007 03:26 PM <DIR> MACROM~1 Macromedia
06/05/2007 03:36 PM <DIR> MICROS~1 Microsoft
05/31/2007 07:50 AM <DIR> Mozilla
05/21/2007 08:23 AM <DIR> Qualcomm
06/05/2007 04:59 PM <DIR> Real
06/07/2007 11:08 AM <DIR> Skype
05/18/2007 11:24 AM <DIR> SPAMFI~1 SPAMfighter
05/20/2007 01:26 PM <DIR> Sun
05/22/2007 05:19 PM <DIR> Tenebril
06/04/2007 08:40 PM <DIR> WEATHE~1 WeatherBug
0 File(s) 0 bytes
20 Dir(s) 23,303,483,392 bytes free
Volume in drive C has no label.
Volume Serial Number is B886-CA79

Directory of C:\Documents and Settings\All Users\Application Data

05/27/2007 01:31 PM <DIR> .
05/27/2007 01:31 PM <DIR> ..
05/27/2007 01:32 PM <DIR> Adobe
01/06/2007 09:33 PM <DIR> AOL
01/06/2007 09:32 PM <DIR> AOLDOW~1 AOL Downloads
01/06/2007 09:33 PM <DIR> AOLOCP~1 AOL OCP
02/22/2007 09:00 AM <DIR> avg7
05/31/2007 01:51 PM <DIR> BEEPDA~1 beep dale error proxy
01/05/2007 02:01 PM <DIR> Google
06/06/2007 09:56 PM <DIR> GOOGLE~1 Google Updater
11/17/2006 10:49 PM <DIR> Grisoft
05/18/2007 10:43 AM <DIR> MICROS~1 Microsoft
05/18/2007 08:03 PM <DIR> OFFICE~1 Office Genuine Advantage
05/01/2007 10:55 PM <DIR> PopCap
05/18/2007 03:13 PM <DIR> Skype
05/27/2007 02:22 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
05/22/2007 05:13 PM <DIR> Tenebril
03/24/2007 10:46 AM <DIR> VIEWPO~1 Viewpoint
01/11/2007 05:51 PM <DIR> WINDOW~1 Windows Genuine Advantage
01/05/2007 01:17 PM <DIR> Yahoo!
0 File(s) 0 bytes
20 Dir(s) 23,303,483,392 bytes free
--------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:22:24 AM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\SkypeUSBPhoneDriver\Skype@phone.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Olympus\DSSPlayer\DirectrecConfig.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\SPAMfighter\Clients\Outlook\SFOLMoni.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [error proxy mapi 64] C:\Documents and Settings\All Users\Application Data\beep dale error proxy\One Save.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P28 "EPSON Stylus CX3200 (Copy 1)" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Skype@phone] C:\Program Files\SkypeUSBPhoneDriver\Skype@phone.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RingCentral Call Controller.lnk = C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://gck.baseball.sportsline.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41AA163E-EE55-4486-B1B7-634D7124968B} (PracticeAdminRunTime.RunTime) - https://www.practice...S/VBRunTime.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A569A5ED-19ED-42FB-8EE4-C8F01C4D541A} (PAClaimsNew.PALogin) - https://www.practice.../PAClaimNew.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C41986F5-3EA3-4B23-A5F2-C3B9AD58FFBF} (CheckPARequirements.ucCheckPA) - https://www.practice...equirements.CAB
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - http://service.ringc...sage_Player.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.ringc...X/RCAXSetup.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 07 June 2007 - 12:43 PM

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Disable TeaTimer:
Please disable TeaTimer as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable TeaTimer:
  • Run Spybot-S&D
  • Go to the Mode menu , and make sure "Advanced Mode " is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer " and OK any prompts
  • Restart your computer.
After all of the fixes are complete it is very important that you enable TeaTimer again.

Disable Microsoft Windows Defender:
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ader_v10.cab[/B]

Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally to reset the registry.

If still getting popups.

Download this file - combofix.exe

and save it to your desktop (Important). Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

"%userprofile%\desktop\combofix.exe"

Boot into safe mode by tapping the F8 key just before Windows starts to load.

go to start --> run and copy/paste in the following:

[b]"%userprofile%\desktop\combofix.exe"


When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log
*use separate posts to ensure the logs don't get cut off!
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 18 June 2007 - 08:34 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button