Find your solution!

momo78 · 19-Oct-2007, 10:42 PM #1

Hi All - I am trying to get rid of this annoying popups that start with CiD. It is driving crazy.. i tried few antiadware but nothing worked. Below is the log file from HijackThis.. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:33 PM, on 10/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Loud Phone.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104w.bay104.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab58570.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by130fd.bay130.hotmail.msn.co...x/HMAtchmt.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 15202 bytes

MFDnNC · 20-Oct-2007, 05:47 PM #2

Please Download NoLop to your desktop from

http://www.thespykiller.co.uk/index....tpmod;dl=get16

First close any other programs you have running as this will require a reboot
· Double click NoLop.exe to run it
· Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
· When scanning is finished you will be prompted to reboot only if infected, Click OK
· Now click the "REBOOT" Button.
· A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
·
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download http://www.boletrice.com/downloads/mscomctl.ocx to your system32 folder then rerun the program. -

===============
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/supe...freevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me regardless of what it findswith a new HijackThis log.

This will take some time!!!!!!!!

momo78 · 21-Oct-2007, 11:13 PM #3

I downloaded the NoLop and here is the log file. It found no infected files so it didnt ask me to reboot although i still see the CiD Popups.

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\mohamed\Desktop
[10/21/2007]
[11:02:44 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Aol
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Intel
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Toshiba
C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bvrp Software
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Intel
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Pure Networks
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Roam Program Comp About
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Wildtangent
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Aol
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intel
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Toshiba
C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Guest\Application Data\Adobe
C:\Documents and Settings\Guest\Application Data\Aol
C:\Documents and Settings\Guest\Application Data\Identities
C:\Documents and Settings\Guest\Application Data\Intel
C:\Documents and Settings\Guest\Application Data\Mcafee.com Personal Firewall -- EMPTY Directory
C:\Documents and Settings\Guest\Application Data\Microsoft
C:\Documents and Settings\Guest\Application Data\Toshiba
C:\Documents and Settings\Guest\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Localservice\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Mohamed\Application Data\Adobe
C:\Documents and Settings\Mohamed\Application Data\Adobeum
C:\Documents and Settings\Mohamed\Application Data\Aol
C:\Documents and Settings\Mohamed\Application Data\Apple Computer
C:\Documents and Settings\Mohamed\Application Data\Bearshare
C:\Documents and Settings\Mohamed\Application Data\Google
C:\Documents and Settings\Mohamed\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Mohamed\Application Data\Identities
C:\Documents and Settings\Mohamed\Application Data\Intel
C:\Documents and Settings\Mohamed\Application Data\Intervideo
C:\Documents and Settings\Mohamed\Application Data\Limewire
C:\Documents and Settings\Mohamed\Application Data\Macromedia
C:\Documents and Settings\Mohamed\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\Mohamed\Application Data\Microsoft
C:\Documents and Settings\Mohamed\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Mohamed\Application Data\Move Networks
C:\Documents and Settings\Mohamed\Application Data\Real
C:\Documents and Settings\Mohamed\Application Data\Sopcast
C:\Documents and Settings\Mohamed\Application Data\Sun
C:\Documents and Settings\Mohamed\Application Data\Template
C:\Documents and Settings\Mohamed\Application Data\Toshiba
C:\Documents and Settings\Mohamed\Application Data\U3
C:\Documents and Settings\Mohamed\Application Data\Viewpoint
C:\Documents and Settings\Mohamed\Application Data\Vso -- EMPTY Directory
C:\Documents and Settings\Mohamed\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Mohamed\Application Data\Yahoo! -- EMPTY Directory
C:\Documents and Settings\Mohamed\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Mohamed_2\Application Data\Adobe
C:\Documents and Settings\Mohamed_2\Application Data\Aol
C:\Documents and Settings\Mohamed_2\Application Data\Google
C:\Documents and Settings\Mohamed_2\Application Data\Grisoft
C:\Documents and Settings\Mohamed_2\Application Data\Identities
C:\Documents and Settings\Mohamed_2\Application Data\Intel
C:\Documents and Settings\Mohamed_2\Application Data\Macromedia
C:\Documents and Settings\Mohamed_2\Application Data\Mcafee.com Personal Firewall -- EMPTY Directory
C:\Documents and Settings\Mohamed_2\Application Data\Microsoft
C:\Documents and Settings\Mohamed_2\Application Data\Real
C:\Documents and Settings\Mohamed_2\Application Data\Sun
C:\Documents and Settings\Mohamed_2\Application Data\Toshiba
C:\Documents and Settings\Mohamed_2\Application Data\Yahoo!
C:\Documents and Settings\Mohamed_2\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Networkservice\Application Data\Intel
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Noname\Application Data\Adobe
C:\Documents and Settings\Noname\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Noname\Application Data\Aol
C:\Documents and Settings\Noname\Application Data\Apple Computer
C:\Documents and Settings\Noname\Application Data\Bearshare
C:\Documents and Settings\Noname\Application Data\Google
C:\Documents and Settings\Noname\Application Data\Grisoft
C:\Documents and Settings\Noname\Application Data\Identities
C:\Documents and Settings\Noname\Application Data\Infolonglist
C:\Documents and Settings\Noname\Application Data\Intel
C:\Documents and Settings\Noname\Application Data\Intervideo
C:\Documents and Settings\Noname\Application Data\Limewire
C:\Documents and Settings\Noname\Application Data\Macromedia
C:\Documents and Settings\Noname\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\Noname\Application Data\Microsoft
C:\Documents and Settings\Noname\Application Data\Musicnet
C:\Documents and Settings\Noname\Application Data\Real
C:\Documents and Settings\Noname\Application Data\Template
C:\Documents and Settings\Noname\Application Data\Toshiba
C:\Documents and Settings\Noname\Application Data\Vso -- EMPTY Directory
C:\Documents and Settings\Noname\Application Data\Wildtangent
C:\Documents and Settings\Noname\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Noname\Application Data\Yahoo!
C:\Documents and Settings\Noname\Application Data\You've Got Pictures Screensaver

Here is the HijackThis Log file. I will download the SAS and follow the rest of the steps

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:46 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ltmoh\Ltmoh.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Loud Phone.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104w.bay104.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab58570.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by130fd.bay130.hotmail.msn.co...x/HMAtchmt.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 14886 bytes

momo78 · 22-Oct-2007, 01:46 AM #4

Hi, I downloaded the superantispyware and here is the log for the scan

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/22/2007 at 01:25 AM

Application Version : 3.9.1008

Core Rules Database Version : 3328
Trace Rules Database Version: 1329

Scan type : Complete Scan
Total Scan Time : 01:57:41

Memory items scanned : 612
Memory threats detected : 0
Registry items scanned : 6614
Registry threats detected : 1
File items scanned : 105958
File threats detected : 294

Adware.Lop-Variant
[Comp about extra bin] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ROAM PROGRAM COMP ABOUT\LOUD PHONE.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ROAM PROGRAM COMP ABOUT\LOUD PHONE.EXE
C:\DOCUMENTS AND SETTINGS\MOHAMED\LOCAL SETTINGS\TEMP\BIS1A.EXE
C:\DOCUMENTS AND SETTINGS\MOHAMED\LOCAL SETTINGS\TEMP\STA5.EXE
C:\DOCUMENTS AND SETTINGS\MOHAMED\LOCAL SETTINGS\TEMP\STA6.EXE
C:\DOCUMENTS AND SETTINGS\MOHAMED\LOCAL SETTINGS\TEMP\STA7.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP211\A0048927.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP212\A0048935.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP212\A0048953.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP213\A0048958.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP213\A0048973.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP214\A0049983.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP214\A0049998.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP214\A0050013.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050153.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050154.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050155.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050156.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050157.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050158.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050159.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050160.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050161.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050162.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050239.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP221\A0050467.EXE
C:\WINDOWS\Prefetch\LOUD PHONE.EXE-06B8C257.pf

Adware.Tracking Cookie
C:\Documents and Settings\mohamed\Cookies\mohamed@azoogleads[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@realmedia[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@calc.avsystemcare[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adserver.adreactor[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@msnportal.112.2o7[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.adbrite[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@web-stat[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@imrworldwide[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@sales.liveperson[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@publishers.clickbooth[4].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@advertising[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adopt.specificclick[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@precisionclick[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@xiti[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@metacafe.122.2o7[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@pt.crossmediaservices[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@pro-market[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.pointroll[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adrevolver[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adlegend[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.googleadservices[5].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@cpvfeed[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@jamster[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@mediaplex[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@server.iad.liveperson[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@trafficmp[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@login.tracking101[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@roiservice[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adopt.euroclick[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@questionmarket[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@nextag[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@media.adrevolver[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@snapfish.112.2o7[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.clickxchange[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.levelclick[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@indexstats[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@exitexchange[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@affiliate.eadvtracker[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@tour.splash.sexsearch[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adultfriendfinder[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ad.yieldmanager[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@flixbanner.bearshare[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@azjmp[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adtech[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@2o7[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@linkstattrack[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@partner2profit[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@qnsr[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@path.pureadstracking[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.glispa[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@banner.bearflix[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.monster[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.adserver5[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@cnn.122.2o7[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adbrite[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@skysports[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.techguy[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@sec1.liveperson[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.us.e-planning[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@dist.belnk[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.as4x.tmcs[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@statse.webtrendslive[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@fastclick[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@burstnet[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.burstnet[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@redorbit.us.intellitxt[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@a.websponsors[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@a1.interclick[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ad.depositfiles[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ad.islamonline[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ad.yieldmanager[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ad.zanox[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ad.zanox[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adbrite[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adinterax[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adopt.euroclick[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adopt.specificclick[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.addynamix[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.ak.facebook[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.bridgetrack[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.cnn[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.digitalmedianet[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.expedia[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.expedia[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.expedia[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.glispa[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.hi5[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.joinaxxess[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.revsci[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.us.e-planning[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads.us.e-planning[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ads3.blastro[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adserver2.teracent[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adserver3.teracent[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adserving.autotrader[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adultfriendfinder[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@adultfriendfinder[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@advertising[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@advertising[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@angleinteractive.directtrack[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@azjmp[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@azoogleads[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@beachsidecompanies.directtrack[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@bidzcom.112.2o7[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@casalemedia[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@clicksor[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@crackle[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@da-tracking[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@digitalmediaonline.us.intellitxt[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@directtrack[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@directtrack[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@eas.apm.emediate[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@ehg-netquote.hitbox[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@exitexchange[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@eyewonder[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@findwhat[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@forums.digitalmedianet[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@hitbox[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@hotlog[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@imrworldwide[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@indexstats[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@indextools[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@interclick[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@interclick[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@jamster[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@kanoodle[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@libstats.arlingtonva[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@linkstattrack[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@login.tracking101[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@lsfnetwork.122.2o7[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@m1.webstats.motigo[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@media.hotels[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@media.mtvnservices[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@msnportal.112.2o7[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@northwestairlines.112.2o7[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@northwestairlines.112.2o7[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@publishers.clickbooth[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@publishers.clickbooth[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@questionmarket[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@revenue[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@revsci[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@revsci[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@server.iad.liveperson[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@server.lon.liveperson[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@shakiramedia[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@specificclick[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@specificclick[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@stat.errclean[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@statcounter[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@stats.channel4[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@stats.mycokerewards[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@statse.webtrendslive[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@track.advantixmedia[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@track.bestbuy[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@tracker.pegsanalytics[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@tracker.pegsanalytics[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@tracking.10e20[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@tracking.quisma[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@valueclick[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@webtracking.touchclarity[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.addfreestats[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.addfreestats[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.adserver5[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.adserver5[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.burstbeacon[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.burstnet[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.clash-media[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.clickfln[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.googleadservices[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.googleadservices[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.googleadservices[3].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.googleadservices[6].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.incentaclick[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.ppctracking[1].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@www.zanox-affiliate[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@yadro[2].txt
C:\Documents and Settings\mohamed\Cookies\mohamed@yourmedia[1].txt
C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@ads.hi5[1].txt
C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@atwola[1].txt
C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@banners.pictures.sprintpcs[2].txt
C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@crackle[1].txt
C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@imrworldwide[2].txt
C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@interclick[2].txt
C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@partner2profit[1].txt
C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@precisionclick[2].txt
C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@sec1.liveperson[2].txt
C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@track.bestbuy[2].txt
C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@xiti[1].txt
C:\Documents and Settings\noname\Cookies\noname@a.websponsors[1].txt
C:\Documents and Settings\noname\Cookies\noname@ad.abum[2].txt
C:\Documents and Settings\noname\Cookies\noname@ad.thewheelof[2].txt
C:\Documents and Settings\noname\Cookies\noname@ad.xplusone[2].txt
C:\Documents and Settings\noname\Cookies\noname@ad.yieldmanager[1].txt
C:\Documents and Settings\noname\Cookies\noname@ad.yieldmanager[3].txt
C:\Documents and Settings\noname\Cookies\noname@ad.zanox[1].txt
C:\Documents and Settings\noname\Cookies\noname@ad2.adnetinteractive[2].txt
C:\Documents and Settings\noname\Cookies\noname@adbrite[2].txt
C:\Documents and Settings\noname\Cookies\noname@adecn[2].txt
C:\Documents and Settings\noname\Cookies\noname@ads.as4x.tmcs[1].txt
C:\Documents and Settings\noname\Cookies\noname@ads.hi5[2].txt
C:\Documents and Settings\noname\Cookies\noname@ads.monster[1].txt
C:\Documents and Settings\noname\Cookies\noname@adtrack.pichunter[1].txt
C:\Documents and Settings\noname\Cookies\noname@adult.dvdempire[2].txt
C:\Documents and Settings\noname\Cookies\noname@adultadworld[2].txt
C:\Documents and Settings\noname\Cookies\noname@adultfriendfinder[1].txt
C:\Documents and Settings\noname\Cookies\noname@adultlocals[2].txt
C:\Documents and Settings\noname\Cookies\noname@advertising[1].txt
C:\Documents and Settings\noname\Cookies\noname@alladultchannel[1].txt
C:\Documents and Settings\noname\Cookies\noname@athomesexnetwork[1].txt
C:\Documents and Settings\noname\Cookies\noname@azjmp[1].txt
C:\Documents and Settings\noname\Cookies\noname@azoogleads[2].txt
C:\Documents and Settings\noname\Cookies\noname@banner.bearflix[1].txt
C:\Documents and Settings\noname\Cookies\noname@banner.bearflix[2].txt
C:\Documents and Settings\noname\Cookies\noname@belnk[1].txt
C:\Documents and Settings\noname\Cookies\noname@bestpornvod[1].txt
C:\Documents and Settings\noname\Cookies\noname@c.alladultchannel[1].txt
C:\Documents and Settings\noname\Cookies\noname@casalemedia[2].txt
C:\Documents and Settings\noname\Cookies\noname@click.xxxofferz[1].txt
C:\Documents and Settings\noname\Cookies\noname@clicktorrent[2].txt
C:\Documents and Settings\noname\Cookies\noname@connectify.directtrack[2].txt
C:\Documents and Settings\noname\Cookies\noname@directtrack[1].txt
C:\Documents and Settings\noname\Cookies\noname@dist.belnk[2].txt
C:\Documents and Settings\noname\Cookies\noname@fastclick[2].txt
C:\Documents and Settings\noname\Cookies\noname@flixbanner.bearshare[1].txt
C:\Documents and Settings\noname\Cookies\noname@i.screensavers[1].txt
C:\Documents and Settings\noname\Cookies\noname@i.screensavers[3].txt
C:\Documents and Settings\noname\Cookies\noname@imedia.foxsports[1].txt
C:\Documents and Settings\noname\Cookies\noname@imrworldwide[2].txt
C:\Documents and Settings\noname\Cookies\noname@indextools[2].txt
C:\Documents and Settings\noname\Cookies\noname@msnportal.112.2o7[1].txt
C:\Documents and Settings\noname\Cookies\noname@msnportal.112.2o7[2].txt
C:\Documents and Settings\noname\Cookies\noname@myfirstsexteacher[1].txt
C:\Documents and Settings\noname\Cookies\noname@myfirstsexteacher[2].txt
C:\Documents and Settings\noname\Cookies\noname@nsasex[2].txt
C:\Documents and Settings\noname\Cookies\noname@partner2profit[1].txt
C:\Documents and Settings\noname\Cookies\noname@pornholio[1].txt
C:\Documents and Settings\noname\Cookies\noname@pornstar.co[2].txt
C:\Documents and Settings\noname\Cookies\noname@precisionclick[1].txt
C:\Documents and Settings\noname\Cookies\noname@sales.liveperson[2].txt
C:\Documents and Settings\noname\Cookies\noname@screensavers[1].txt
C:\Documents and Settings\noname\Cookies\noname@server.iad.liveperson[3].txt
C:\Documents and Settings\noname\Cookies\noname@sex-nsa[2].txt
C:\Documents and Settings\noname\Cookies\noname@sexpost[2].txt
C:\Documents and Settings\noname\Cookies\noname@stats.nawebmasters[2].txt
C:\Documents and Settings\noname\Cookies\noname@store.sexzpictures[2].txt
C:\Documents and Settings\noname\Cookies\noname@store.sexz[1].txt
C:\Documents and Settings\noname\Cookies\noname@toplist.bitcomet[2].txt
C:\Documents and Settings\noname\Cookies\noname@tour.pornstarslikeitbig[2].txt
C:\Documents and Settings\noname\Cookies\noname@track.bestbuy[1].txt
C:\Documents and Settings\noname\Cookies\noname@track.hotmovies[1].txt
C:\Documents and Settings\noname\Cookies\noname@tracker.esecure-transaction[1].txt
C:\Documents and Settings\noname\Cookies\noname@try.screensavers[2].txt
C:\Documents and Settings\noname\Cookies\noname@us.adrevenue[1].txt
C:\Documents and Settings\noname\Cookies\noname@vhost.oddcast[2].txt
C:\Documents and Settings\noname\Cookies\noname@videoegg.adbureau[2].txt
C:\Documents and Settings\noname\Cookies\noname@www.3dstats[1].txt
C:\Documents and Settings\noname\Cookies\noname@www.adultdvdhits[2].txt
C:\Documents and Settings\noname\Cookies\noname@www.adultlocals[1].txt
C:\Documents and Settings\noname\Cookies\noname@www.alladultchannel[1].txt
C:\Documents and Settings\noname\Cookies\noname@www.sexzvod[2].txt
C:\Documents and Settings\noname\Cookies\noname@www.sex[1].txt
C:\Documents and Settings\noname\Cookies\noname@www5.addfreestats[1].txt
C:\Documents and Settings\noname\Cookies\noname@xiti[1].txt
C:\Documents and Settings\noname\Cookies\noname@zedo[2].txt

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE

I noticed it removed my P2P program. May be i downloaded an infected file from there. Can i unistall it and then re-install this program again?

The Hijackthis file log will make the text too long for the post. I will post after this.

momo78 · 22-Oct-2007, 01:47 AM #5

Here is the HijackThis log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:38 AM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104w.bay104.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab58570.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by130fd.bay130.hotmail.msn.co...x/HMAtchmt.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 14740 bytes

Thanks for the help and i really do appreciate the assistance.

momo78 · 03:08 AM

It seems that the superantispyware worked. I dont see the Popups anymore. I will still wait for your advice to confirm.
thanks

MFDnNC · 22-Oct-2007, 05:24 PM #7

Fix these with HiJackThis – mark them, close IE, click fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)

O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)

O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin

Tag Cloud
adware audio bios blue screen boot bsod computer connection crash dell desktop email error excel firefox freeze freezing google hard drive hardware hijackthis install internet laptop linux malware network no sound outlook problem recovery router screen slow sound speakers spyware startup trojan usb video virus vista vundo webcam windows windows 7 windows vista windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)