Login 
 Search | |
| |
| Thread Tools |
19-Oct-2007, 11:42 PM
#1 | ||||||
| need help with removing these CiD popups Hi All - I am trying to get rid of this annoying popups that start with CiD. It is driving crazy.. i tried few antiadware but nothing worked. Below is the log file from HijackThis.. Thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:41:33 PM, on 10/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\program files\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\program files\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\TPSBattM.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\toshiba\ivp\ism\ivpsvmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Loud Phone.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104w.bay104.mail.live.com/m...s/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab58570.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by130fd.bay130.hotmail.msn.co...x/HMAtchmt.ocx O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe -- End of file - 15202 bytes |
| |
20-Oct-2007, 06:47 PM
#2 | |||||
| Please Download NoLop to your desktop from http://www.thespykiller.co.uk/index....tpmod;dl=get16 First close any other programs you have running as this will require a reboot · Double click NoLop.exe to run it · Now click the button labelled "Search and Destroy" <<your computer will now be scanned for infected files>> · When scanning is finished you will be prompted to reboot only if infected, Click OK · Now click the "REBOOT" Button. · A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log · --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download http://www.boletrice.com/downloads/mscomctl.ocx to your system32 folder then rerun the program. - =============== Download Superantispyware (SAS) free home version http://www.superantispyware.com/supe...freevspro.html Install it and double-click the icon on your desktop to run it. · It will ask if you want to update the program definitions, click Yes. · Under Configuration and Preferences, click the Preferences button. · Click the Scanning Control tab. · Under Scanner Options make sure the following are checked: o Close browsers before scanning o Scan for tracking cookies o Terminate memory threats before quarantining. o Please leave the others unchecked. o Click the Close button to leave the control center screen. · On the main screen, under Scan for Harmful Software click Scan your computer. · On the left check C:\Fixed Drive. · On the right, under Complete Scan, choose Perform Complete Scan. · Click Next to start the scan. Please be patient while it scans your computer. · After the scan is complete a summary box will appear. Click OK. · Make sure everything in the white box has a check next to it, then click Next. · It will quarantine what it found and if it asks if you want to reboot, click Yes. · To retrieve the removal information for me please do the following: o After reboot, double-click the SUPERAntispyware icon on your desktop. o Click Preferences. Click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o It will open in your default text editor (such as Notepad/Wordpad). o Please highlight everything in the notepad, then right-click and choose copy. · Click close and close again to exit the program. · Please paste that information here for me regardless of what it findswith a new HijackThis log. This will take some time!!!!!!!! |
22-Oct-2007, 12:13 AM
#3 | ||||||
| I downloaded the NoLop and here is the log file. It found no infected files so it didnt ask me to reboot although i still see the CiD Popups. NoLop! Log by Skate_Punk_21 Please Note: any existing old logs will have now been renamed to NoLop!OLD.log Fix running from: C:\Documents and Settings\mohamed\Desktop [10/21/2007] [11:02:44 PM] ---Infection Files Found/Removed--- NO INFECTION FILES FOUND - Cleaning Aborted. ---Listing AppData sub directories--- C:\Documents and Settings\Administrator\Application Data\Adobe C:\Documents and Settings\Administrator\Application Data\Aol C:\Documents and Settings\Administrator\Application Data\Identities C:\Documents and Settings\Administrator\Application Data\Intel C:\Documents and Settings\Administrator\Application Data\Microsoft C:\Documents and Settings\Administrator\Application Data\Toshiba C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Aol C:\Documents and Settings\All Users\Application Data\Apple C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Bvrp Software C:\Documents and Settings\All Users\Application Data\Google C:\Documents and Settings\All Users\Application Data\Grisoft C:\Documents and Settings\All Users\Application Data\Intel C:\Documents and Settings\All Users\Application Data\Mcafee C:\Documents and Settings\All Users\Application Data\Mcafee.com C:\Documents and Settings\All Users\Application Data\Mcafee.com Personal Firewall C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Microsoft Help C:\Documents and Settings\All Users\Application Data\Pure Networks C:\Documents and Settings\All Users\Application Data\Quicktime C:\Documents and Settings\All Users\Application Data\Roam Program Comp About C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy C:\Documents and Settings\All Users\Application Data\Viewpoint C:\Documents and Settings\All Users\Application Data\Wildtangent C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\All Users\Application Data\Yahoo C:\Documents and Settings\All Users\Application Data\Yahoo! C:\Documents and Settings\Default User\Application Data\Adobe C:\Documents and Settings\Default User\Application Data\Aol C:\Documents and Settings\Default User\Application Data\Identities C:\Documents and Settings\Default User\Application Data\Intel C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Default User\Application Data\Toshiba C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver C:\Documents and Settings\Guest\Application Data\Adobe C:\Documents and Settings\Guest\Application Data\Aol C:\Documents and Settings\Guest\Application Data\Identities C:\Documents and Settings\Guest\Application Data\Intel C:\Documents and Settings\Guest\Application Data\Mcafee.com Personal Firewall -- EMPTY Directory C:\Documents and Settings\Guest\Application Data\Microsoft C:\Documents and Settings\Guest\Application Data\Toshiba C:\Documents and Settings\Guest\Application Data\You've Got Pictures Screensaver C:\Documents and Settings\Localservice\Application Data\Mcafee.com Personal Firewall C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Mohamed\Application Data\Adobe C:\Documents and Settings\Mohamed\Application Data\Adobeum C:\Documents and Settings\Mohamed\Application Data\Aol C:\Documents and Settings\Mohamed\Application Data\Apple Computer C:\Documents and Settings\Mohamed\Application Data\Bearshare C:\Documents and Settings\Mohamed\Application Data\Google C:\Documents and Settings\Mohamed\Application Data\Help -- EMPTY Directory C:\Documents and Settings\Mohamed\Application Data\Identities C:\Documents and Settings\Mohamed\Application Data\Intel C:\Documents and Settings\Mohamed\Application Data\Intervideo C:\Documents and Settings\Mohamed\Application Data\Limewire C:\Documents and Settings\Mohamed\Application Data\Macromedia C:\Documents and Settings\Mohamed\Application Data\Mcafee.com Personal Firewall C:\Documents and Settings\Mohamed\Application Data\Microsoft C:\Documents and Settings\Mohamed\Application Data\Microsoft Web Folders -- EMPTY Directory C:\Documents and Settings\Mohamed\Application Data\Move Networks C:\Documents and Settings\Mohamed\Application Data\Real C:\Documents and Settings\Mohamed\Application Data\Sopcast C:\Documents and Settings\Mohamed\Application Data\Sun C:\Documents and Settings\Mohamed\Application Data\Template C:\Documents and Settings\Mohamed\Application Data\Toshiba C:\Documents and Settings\Mohamed\Application Data\U3 C:\Documents and Settings\Mohamed\Application Data\Viewpoint C:\Documents and Settings\Mohamed\Application Data\Vso -- EMPTY Directory C:\Documents and Settings\Mohamed\Application Data\Winrar -- EMPTY Directory C:\Documents and Settings\Mohamed\Application Data\Yahoo! -- EMPTY Directory C:\Documents and Settings\Mohamed\Application Data\You've Got Pictures Screensaver C:\Documents and Settings\Mohamed_2\Application Data\Adobe C:\Documents and Settings\Mohamed_2\Application Data\Aol C:\Documents and Settings\Mohamed_2\Application Data\Google C:\Documents and Settings\Mohamed_2\Application Data\Grisoft C:\Documents and Settings\Mohamed_2\Application Data\Identities C:\Documents and Settings\Mohamed_2\Application Data\Intel C:\Documents and Settings\Mohamed_2\Application Data\Macromedia C:\Documents and Settings\Mohamed_2\Application Data\Mcafee.com Personal Firewall -- EMPTY Directory C:\Documents and Settings\Mohamed_2\Application Data\Microsoft C:\Documents and Settings\Mohamed_2\Application Data\Real C:\Documents and Settings\Mohamed_2\Application Data\Sun C:\Documents and Settings\Mohamed_2\Application Data\Toshiba C:\Documents and Settings\Mohamed_2\Application Data\Yahoo! C:\Documents and Settings\Mohamed_2\Application Data\You've Got Pictures Screensaver C:\Documents and Settings\Networkservice\Application Data\Intel C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\Noname\Application Data\Adobe C:\Documents and Settings\Noname\Application Data\Adobeum -- EMPTY Directory C:\Documents and Settings\Noname\Application Data\Aol C:\Documents and Settings\Noname\Application Data\Apple Computer C:\Documents and Settings\Noname\Application Data\Bearshare C:\Documents and Settings\Noname\Application Data\Google C:\Documents and Settings\Noname\Application Data\Grisoft C:\Documents and Settings\Noname\Application Data\Identities C:\Documents and Settings\Noname\Application Data\Infolonglist C:\Documents and Settings\Noname\Application Data\Intel C:\Documents and Settings\Noname\Application Data\Intervideo C:\Documents and Settings\Noname\Application Data\Limewire C:\Documents and Settings\Noname\Application Data\Macromedia C:\Documents and Settings\Noname\Application Data\Mcafee.com Personal Firewall C:\Documents and Settings\Noname\Application Data\Microsoft C:\Documents and Settings\Noname\Application Data\Musicnet C:\Documents and Settings\Noname\Application Data\Real C:\Documents and Settings\Noname\Application Data\Template C:\Documents and Settings\Noname\Application Data\Toshiba C:\Documents and Settings\Noname\Application Data\Vso -- EMPTY Directory C:\Documents and Settings\Noname\Application Data\Wildtangent C:\Documents and Settings\Noname\Application Data\Winrar -- EMPTY Directory C:\Documents and Settings\Noname\Application Data\Yahoo! C:\Documents and Settings\Noname\Application Data\You've Got Pictures Screensaver Here is the HijackThis Log file. I will download the SAS and follow the rest of the steps Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:11:46 PM, on 10/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\program files\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ltmoh\Ltmoh.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\msnmsgr.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\toshiba\ivp\ism\ivpsvmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Loud Phone.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104w.bay104.mail.live.com/m...s/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab58570.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by130fd.bay130.hotmail.msn.co...x/HMAtchmt.ocx O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe -- End of file - 14886 bytes |
22-Oct-2007, 02:46 AM
#4 | ||||||
| Hi, I downloaded the superantispyware and here is the log for the scan SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/22/2007 at 01:25 AM Application Version : 3.9.1008 Core Rules Database Version : 3328 Trace Rules Database Version: 1329 Scan type : Complete Scan Total Scan Time : 01:57:41 Memory items scanned : 612 Memory threats detected : 0 Registry items scanned : 6614 Registry threats detected : 1 File items scanned : 105958 File threats detected : 294 Adware.Lop-Variant [Comp about extra bin] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ROAM PROGRAM COMP ABOUT\LOUD PHONE.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\ROAM PROGRAM COMP ABOUT\LOUD PHONE.EXE C:\DOCUMENTS AND SETTINGS\MOHAMED\LOCAL SETTINGS\TEMP\BIS1A.EXE C:\DOCUMENTS AND SETTINGS\MOHAMED\LOCAL SETTINGS\TEMP\STA5.EXE C:\DOCUMENTS AND SETTINGS\MOHAMED\LOCAL SETTINGS\TEMP\STA6.EXE C:\DOCUMENTS AND SETTINGS\MOHAMED\LOCAL SETTINGS\TEMP\STA7.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP211\A0048927.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP212\A0048935.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP212\A0048953.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP213\A0048958.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP213\A0048973.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP214\A0049983.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP214\A0049998.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP214\A0050013.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050153.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050154.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050155.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050156.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050157.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050158.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050159.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050160.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050161.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050162.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP218\A0050239.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP221\A0050467.EXE C:\WINDOWS\Prefetch\LOUD PHONE.EXE-06B8C257.pf Adware.Tracking Cookie C:\Documents and Settings\mohamed\Cookies\mohamed@azoogleads[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@realmedia[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@calc.avsystemcare[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adserver.adreactor[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@msnportal.112.2o7[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.as4x.tmcs.ticketmaster[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.adbrite[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@web-stat[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@imrworldwide[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@sales.liveperson[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@publishers.clickbooth[4].txt C:\Documents and Settings\mohamed\Cookies\mohamed@advertising[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adopt.specificclick[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@precisionclick[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@xiti[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@metacafe.122.2o7[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@pt.crossmediaservices[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@pro-market[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.pointroll[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adrevolver[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adlegend[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.googleadservices[5].txt C:\Documents and Settings\mohamed\Cookies\mohamed@cpvfeed[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@jamster[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@mediaplex[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@server.iad.liveperson[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@trafficmp[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@login.tracking101[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@roiservice[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adopt.euroclick[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@questionmarket[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@nextag[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@media.adrevolver[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@snapfish.112.2o7[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.clickxchange[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.levelclick[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@indexstats[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@exitexchange[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@affiliate.eadvtracker[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@microsoftwga.112.2o7[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@tour.splash.sexsearch[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adultfriendfinder[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ad.yieldmanager[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@flixbanner.bearshare[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@azjmp[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adtech[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@2o7[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@linkstattrack[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@partner2profit[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@qnsr[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@path.pureadstracking[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.glispa[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@banner.bearflix[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.monster[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.adserver5[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@cnn.122.2o7[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adbrite[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@skysports[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.techguy[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@sec1.liveperson[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.us.e-planning[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@dist.belnk[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.as4x.tmcs[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@statse.webtrendslive[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@fastclick[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@burstnet[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.burstnet[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@redorbit.us.intellitxt[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@a.websponsors[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@a1.interclick[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ad.depositfiles[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ad.islamonline[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ad.yieldmanager[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ad.zanox[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ad.zanox[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adbrite[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adinterax[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adopt.euroclick[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adopt.specificclick[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.addynamix[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.ak.facebook[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.bridgetrack[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.cnn[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.digitalmedianet[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.expedia[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.expedia[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.expedia[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.glispa[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.hi5[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.joinaxxess[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.revsci[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.us.e-planning[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads.us.e-planning[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ads3.blastro[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adserver2.teracent[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adserver3.teracent[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adserving.autotrader[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adultfriendfinder[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@adultfriendfinder[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@advertising[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@advertising[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@angleinteractive.directtrack[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@azjmp[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@azoogleads[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@beachsidecompanies.directtrack[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@bidzcom.112.2o7[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@casalemedia[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@clicksor[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@crackle[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@da-tracking[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@digitalmediaonline.us.intellitxt[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@directtrack[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@directtrack[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@eas.apm.emediate[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@ehg-netquote.hitbox[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@exitexchange[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@eyewonder[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@findwhat[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@forums.digitalmedianet[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@hitbox[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@hotlog[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@imrworldwide[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@indexstats[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@indextools[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@interclick[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@interclick[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@jamster[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@kanoodle[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@libstats.arlingtonva[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@linkstattrack[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@login.tracking101[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@lsfnetwork.122.2o7[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@m1.webstats.motigo[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@media.hotels[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@media.mtvnservices[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@msnportal.112.2o7[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@northwestairlines.112.2o7[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@northwestairlines.112.2o7[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@publishers.clickbooth[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@publishers.clickbooth[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@questionmarket[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@revenue[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@revsci[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@revsci[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@server.iad.liveperson[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@server.lon.liveperson[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@shakiramedia[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@specificclick[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@specificclick[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@stat.errclean[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@statcounter[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@stats.channel4[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@stats.mycokerewards[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@statse.webtrendslive[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@track.advantixmedia[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@track.bestbuy[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@tracker.pegsanalytics[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@tracker.pegsanalytics[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@tracking.10e20[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@tracking.quisma[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@valueclick[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@webtracking.touchclarity[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.addfreestats[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.addfreestats[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.adserver5[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.adserver5[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.burstbeacon[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.burstnet[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.clash-media[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.clickfln[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.googleadservices[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.googleadservices[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.googleadservices[3].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.googleadservices[6].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.incentaclick[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.ppctracking[1].txt C:\Documents and Settings\mohamed\Cookies\mohamed@www.zanox-affiliate[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@yadro[2].txt C:\Documents and Settings\mohamed\Cookies\mohamed@yourmedia[1].txt C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@ads.as4x.tmcs[2].txt C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@ads.hi5[1].txt C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@atwola[1].txt C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@banners.pictures.sprintpcs[2].txt C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@crackle[1].txt C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@imrworldwide[2].txt C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@interclick[2].txt C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@partner2profit[1].txt C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@precisionclick[2].txt C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@sec1.liveperson[2].txt C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@track.bestbuy[2].txt C:\Documents and Settings\Mohamed_2\Cookies\mohamed_2@xiti[1].txt C:\Documents and Settings\noname\Cookies\noname@a.websponsors[1].txt C:\Documents and Settings\noname\Cookies\noname@ad.abum[2].txt C:\Documents and Settings\noname\Cookies\noname@ad.thewheelof[2].txt C:\Documents and Settings\noname\Cookies\noname@ad.xplusone[2].txt C:\Documents and Settings\noname\Cookies\noname@ad.yieldmanager[1].txt C:\Documents and Settings\noname\Cookies\noname@ad.yieldmanager[3].txt C:\Documents and Settings\noname\Cookies\noname@ad.zanox[1].txt C:\Documents and Settings\noname\Cookies\noname@ad2.adnetinteractive[2].txt C:\Documents and Settings\noname\Cookies\noname@adbrite[2].txt C:\Documents and Settings\noname\Cookies\noname@adecn[2].txt C:\Documents and Settings\noname\Cookies\noname@ads.as4x.tmcs[1].txt C:\Documents and Settings\noname\Cookies\noname@ads.hi5[2].txt C:\Documents and Settings\noname\Cookies\noname@ads.monster[1].txt C:\Documents and Settings\noname\Cookies\noname@adtrack.pichunter[1].txt C:\Documents and Settings\noname\Cookies\noname@adult.dvdempire[2].txt C:\Documents and Settings\noname\Cookies\noname@adultadworld[2].txt C:\Documents and Settings\noname\Cookies\noname@adultfriendfinder[1].txt C:\Documents and Settings\noname\Cookies\noname@adultlocals[2].txt C:\Documents and Settings\noname\Cookies\noname@advertising[1].txt C:\Documents and Settings\noname\Cookies\noname@alladultchannel[1].txt C:\Documents and Settings\noname\Cookies\noname@athomesexnetwork[1].txt C:\Documents and Settings\noname\Cookies\noname@azjmp[1].txt C:\Documents and Settings\noname\Cookies\noname@azoogleads[2].txt C:\Documents and Settings\noname\Cookies\noname@banner.bearflix[1].txt C:\Documents and Settings\noname\Cookies\noname@banner.bearflix[2].txt C:\Documents and Settings\noname\Cookies\noname@belnk[1].txt C:\Documents and Settings\noname\Cookies\noname@bestpornvod[1].txt C:\Documents and Settings\noname\Cookies\noname@c.alladultchannel[1].txt C:\Documents and Settings\noname\Cookies\noname@casalemedia[2].txt C:\Documents and Settings\noname\Cookies\noname@click.xxxofferz[1].txt C:\Documents and Settings\noname\Cookies\noname@clicktorrent[2].txt C:\Documents and Settings\noname\Cookies\noname@connectify.directtrack[2].txt C:\Documents and Settings\noname\Cookies\noname@directtrack[1].txt C:\Documents and Settings\noname\Cookies\noname@dist.belnk[2].txt C:\Documents and Settings\noname\Cookies\noname@fastclick[2].txt C:\Documents and Settings\noname\Cookies\noname@flixbanner.bearshare[1].txt C:\Documents and Settings\noname\Cookies\noname@i.screensavers[1].txt C:\Documents and Settings\noname\Cookies\noname@i.screensavers[3].txt C:\Documents and Settings\noname\Cookies\noname@imedia.foxsports[1].txt C:\Documents and Settings\noname\Cookies\noname@imrworldwide[2].txt C:\Documents and Settings\noname\Cookies\noname@indextools[2].txt C:\Documents and Settings\noname\Cookies\noname@msnportal.112.2o7[1].txt C:\Documents and Settings\noname\Cookies\noname@msnportal.112.2o7[2].txt C:\Documents and Settings\noname\Cookies\noname@myfirstsexteacher[1].txt C:\Documents and Settings\noname\Cookies\noname@myfirstsexteacher[2].txt C:\Documents and Settings\noname\Cookies\noname@nsasex[2].txt C:\Documents and Settings\noname\Cookies\noname@partner2profit[1].txt C:\Documents and Settings\noname\Cookies\noname@pornholio[1].txt C:\Documents and Settings\noname\Cookies\noname@pornstar.co[2].txt C:\Documents and Settings\noname\Cookies\noname@precisionclick[1].txt C:\Documents and Settings\noname\Cookies\noname@sales.liveperson[2].txt C:\Documents and Settings\noname\Cookies\noname@screensavers[1].txt C:\Documents and Settings\noname\Cookies\noname@server.iad.liveperson[3].txt C:\Documents and Settings\noname\Cookies\noname@sex-nsa[2].txt C:\Documents and Settings\noname\Cookies\noname@sexpost[2].txt C:\Documents and Settings\noname\Cookies\noname@stats.nawebmasters[2].txt C:\Documents and Settings\noname\Cookies\noname@store.sexzpictures[2].txt C:\Documents and Settings\noname\Cookies\noname@store.sexz[1].txt C:\Documents and Settings\noname\Cookies\noname@toplist.bitcomet[2].txt C:\Documents and Settings\noname\Cookies\noname@tour.pornstarslikeitbig[2].txt C:\Documents and Settings\noname\Cookies\noname@track.bestbuy[1].txt C:\Documents and Settings\noname\Cookies\noname@track.hotmovies[1].txt C:\Documents and Settings\noname\Cookies\noname@tracker.esecure-transaction[1].txt C:\Documents and Settings\noname\Cookies\noname@try.screensavers[2].txt C:\Documents and Settings\noname\Cookies\noname@us.adrevenue[1].txt C:\Documents and Settings\noname\Cookies\noname@vhost.oddcast[2].txt C:\Documents and Settings\noname\Cookies\noname@videoegg.adbureau[2].txt C:\Documents and Settings\noname\Cookies\noname@www.3dstats[1].txt C:\Documents and Settings\noname\Cookies\noname@www.adultdvdhits[2].txt C:\Documents and Settings\noname\Cookies\noname@www.adultlocals[1].txt C:\Documents and Settings\noname\Cookies\noname@www.alladultchannel[1].txt C:\Documents and Settings\noname\Cookies\noname@www.sexzvod[2].txt C:\Documents and Settings\noname\Cookies\noname@www.sex[1].txt C:\Documents and Settings\noname\Cookies\noname@www5.addfreestats[1].txt C:\Documents and Settings\noname\Cookies\noname@xiti[1].txt C:\Documents and Settings\noname\Cookies\noname@zedo[2].txt BearShare File Sharing Client C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE I noticed it removed my P2P program. May be i downloaded an infected file from there. Can i unistall it and then re-install this program again? The Hijackthis file log will make the text too long for the post. I will post after this. |
22-Oct-2007, 02:47 AM
#5 | ||||||
| Here is the HijackThis log file. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:44:38 AM, on 10/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\toshiba\ivp\ism\pinger.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104w.bay104.mail.live.com/m...s/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab58570.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by130fd.bay130.hotmail.msn.co...x/HMAtchmt.ocx O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe -- End of file - 14740 bytes Thanks for the help and i really do appreciate the assistance. |
22-Oct-2007, 06:24 PM
#7 | |||||
| Fix these with HiJackThis – mark them, close IE, click fix checked R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing) O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) START – RUN – type in %temp% - OK - Edit – Select all – File – Delete Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp Not all temp files will delete and that is normal Empty the recycle bin |
|
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 01:41 PM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile