1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need Help to remove PeDevice

Discussion in 'Virus & Other Malware Removal' started by vlsr, Feb 13, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. vlsr

    vlsr Thread Starter

    Joined:
    Nov 26, 2005
    Messages:
    11
    Hi, just returned from holidays today and discovered that while we were gone the kids somehow got a very annoying program called PeDevice on our computer that continually pops up annoying screens. Could someone give me instructions on how to remove it, Thanks!

    Here is the log files from both Combofix & hijackthis.



    Combofix Log file;

    "Cristel" - 07-02-13 21:16:19 Service Pack 2
    ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Cristel\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    C:\WINDOWS\system32\atmtd.dll
    C:\WINDOWS\system32\atmtd.dll._
    C:\WINDOWS\uninstall_nmon.vbs
    C:\WINDOWS\system32\fziqstpsl\winlogon.ini
    C:\Program Files\DownloadManager\Agent.dll
    C:\Program Files\DownloadManager\api.exe
    C:\Program Files\DownloadManager\insdl.dll
    C:\Program Files\DownloadManager\MPTray.exe
    C:\Program Files\DownloadManager\MPUpdate.exe
    C:\Program Files\DownloadManager\p2pinst.exe
    C:\Program Files\DownloadManager\p2pl.exe
    C:\Program Files\Ipwindows\ipwins.dll
    C:\Program Files\Ipwindows\ipwins.exe
    C:\WINDOWS\system32\netstat.com
    C:\WINDOWS\system32\svchosts.exe
    C:\WINDOWS\system32\taskkill.com
    C:\WINDOWS\system32\unsvchosts.exe
    C:\WINDOWS\system32\unsvchosts.lzma
    C:\DOCUME~1\LOCALS~1\Application Data\NetMon
    C:\Program Files\Common Files\{3CE42~1
    C:\Program Files\InetGet2
    C:\Program Files\Ipwindows
    C:\Program Files\Outerinfo
    C:\WINDOWS\Q3Jpc3RlbCBXZWJi
    C:\Program Files\Network Monitor
    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\WINDOWS\FNTS~1


    ((((((((((((((((((((((((((((((( Files Created from 2007-01-13 to 2007-02-13 ))))))))))))))))))))))))))))))))))


    2007-02-13 21:22 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\NetMon
    2007-02-13 21:21 <DIR> d-------- C:\WINDOWS\ERDNT
    2007-02-12 13:48 56,832 --a------ C:\WINDOWS\system32\mzcevm.dll
    2007-01-30 19:50 <DIR> d--h----- C:\WINDOWS\system32\nfomon
    2007-01-30 19:50 <DIR> d--h----- C:\Program Files\Common Files\Uninstall Information
    2007-01-30 19:50 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Application Data\nfo
    2007-01-27 20:51 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Google
    2007-01-27 13:44 2 --a------ C:\WINDOWS\system32\wcptr.exe
    2007-01-27 13:14 <DIR> d-------- C:\Program Files\PeDevice
    2007-01-26 19:43 <DIR> d--hs---- C:\WINDOWS\system32\fziqstpsl


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-02-13 21:20 -------- d-------- C:\Program Files\downloadmanager
    2007-02-13 12:25 -------- d-------- C:\Program Files\google
    2007-02-13 11:15 -------- d-------- C:\Program Files\bonjour
    2007-02-11 14:57 -------- d-------- C:\Program Files\limewire
    2007-02-10 11:37 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
    2007-01-31 22:19 -------- d-------- C:\Program Files\mirc
    2007-01-25 07:15 -------- d---s---- C:\Documents and Settings\Cristel\Application Data\microsoft
    2007-01-07 18:43 -------- d--h----- C:\Program Files\installshield installation information
    2007-01-07 18:30 -------- d-------- C:\Program Files\kodak
    2007-01-06 21:01 -------- d-------- C:\Documents and Settings\Cristel\Application Data\adobe
    2007-01-05 22:34 -------- d-------- C:\Program Files\quicktime
    2006-12-31 15:44 -------- d-------- C:\Program Files\canon
    2006-12-30 22:00 -------- d-------- C:\Documents and Settings\Cristel\Application Data\google
    2006-12-23 21:39 -------- d-------- C:\Program Files\motorola phone tools
    2006-12-23 21:38 22768 --a--c--- C:\WINDOWS\system32\drivers\usbsermpt.sys
    2006-12-23 21:35 -------- d-------- C:\Program Files\avanquest update
    2006-12-23 15:08 5248 --a--c--- C:\WINDOWS\system32\giveio.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "SetDefPrt"="C:\\Program Files\\Brother\\Brmfl04b\\BrStDvPt.exe"
    "ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
    "csrss"=""
    "SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
    "PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
    "IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
    "SetDefPrt2"="C:\\Program Files\\Brother\\Brmfl04a\\BrStDvPt.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "Nfo"="C:\\WINDOWS\\system32\\nfomon\\nfomon.exe"
    "services"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winampa"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Winamp\\winampa.exe"
    "inimapping"="0"


    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
    C:\WINDOWS\tasks\Symantec Drmc.job
    C:\WINDOWS\tasks\Symantec NetDetect.job


    ********************************************************************

    catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\RECYCLER\NPROTECT
    C:\RECYCLER\NPROTECT\00503543.info 24576 bytes
    C:\RECYCLER\NPROTECT\00503544. 815104 bytes
    C:\RECYCLER\NPROTECT\00660450.ini 232 bytes
    C:\RECYCLER\NPROTECT\00660454.ini 232 bytes
    C:\RECYCLER\NPROTECT\00660455.ini 232 bytes


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1509

    ********************************************************************

    Completion time: 07-02-13 21:26:38


    --------------------------------------------------------------------------------------------------------


    Logfile of HijackThis v1.99.1
    Scan saved at 9:29:20 PM, on 2/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {8635EE46-55A7-7B2C-D94D-29909EA66F93} - C:\WINDOWS\system32\mzcevm.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt2] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Startup: Get Set3651232007.lnk = C:\Program Files\Get Set\Get Set.exe
    O4 - Startup: Get Set578154690.lnk = C:\Program Files\Get Set\Get Set.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Documents and Settings\Derek\My Documents\bin\iPodService.exe (file missing)
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download Win32delfkil.exe: http://users.telenet.be/marcvn/tools/win32delfkil.exe
    Save it on your desktop.
    Double click on win32delfkil.exe and install it.
    This creates a new folder on your desktop: win32delfkil
    Close all windows, open the win32delfkil folder and double click on fix.bat.

    The computer will reboot automatically.
    ======================
    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  3. vlsr

    vlsr Thread Starter

    Joined:
    Nov 26, 2005
    Messages:
    11
    Thanks for the reply, I downloaded Win32delfkil and double clicked it as per instructions and it prompted me to Run it (couldn't find Install command anywhere)

    It came up with this screen-

    Win32delfkil
    Version 3.124

    This tool will remove Trojan-Downloader.win32.delf. also known as Trojan.Stwoyle from your system.
    Press any key to continue.........

    "after pressing a key it comes up with the following screen"

    Please close all windows. The computer will reboot immediately.
    Press any key to continue...............

    "after pressing a key it displays the following"

    File not found
    File not found
    File not found
    File not found
    File not found


    "Then reboots the computer"

    I wasn't able to install or get it to create the folder on the desktop so that I can get to the fix.bat file, is this a different version that no longer has the features you refer to?

    Thanks Again for your help!
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Do the rest of the post
     
  5. vlsr

    vlsr Thread Starter

    Joined:
    Nov 26, 2005
    Messages:
    11
    Here's the first part of the SAS log file, I'll have to post another reply with the rest (kids never delete their cookies) and the Hijackthis as the two together are to long to post in one reply.


    SUPERAntiSpyware Scan Log
    Generated 02/16/2007 at 01:21 AM

    Application Version : 3.5.1016

    Core Rules Database Version : 3184
    Trace Rules Database Version: 1194

    Scan type : Complete Scan
    Total Scan Time : 02:32:53

    Memory items scanned : 378
    Memory threats detected : 0
    Registry items scanned : 5024
    Registry threats detected : 81
    File items scanned : 98756
    File threats detected : 428

    Unclassified.Unknown Origin/System
    [Nfo] C:\WINDOWS\SYSTEM32\NFOMON\NFOMON.EXE
    C:\WINDOWS\SYSTEM32\NFOMON\NFOMON.EXE
    [services] C:\WINDOWS\SYSTEM32\NFOMON\NFOMON.EXE
    C:\DOCUMENTS AND SETTINGS\DEREK\LOCAL SETTINGS\TEMP\B116.EXE
    C:\WINDOWS\Prefetch\NFOMON.EXE-1A757D76.pf

    Worm.Sober Variant
    [Smoa] C:\DOCUME~1\DEREK\APPLIC~1\WNSXS~1\CMD.EXE
    C:\DOCUME~1\DEREK\APPLIC~1\WNSXS~1\CMD.EXE
    C:\DOCUMENTS AND SETTINGS\DEREK\APPLICATION DATA\WNSXS~1\CMD.EXE
    C:\WINDOWS\Prefetch\CMD.EXE-1C082B04.pf

    Adware.Toolbar888
    HKLM\Software\Classes\CLSID\{C1B4DEC2-2623-438e-9CA2-C9043AB28508}
    HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}
    HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}
    HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32
    HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\InprocServer32#ThreadingModel
    HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\ProgID
    HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\Programmable
    HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\TypeLib
    HKCR\CLSID\{C1B4DEC2-2623-438E-9CA2-C9043AB28508}\VersionIndependentProgID
    C:\PROGRA~1\COMMON~1\{3CE42~1\BAR888.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1B4DEC2-2623-438e-9CA2-C9043AB28508}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C1B4DEC2-2623-438e-9CA2-C9043AB28508}
    HKCR\ToolBar.ToolBarObj.1
    HKCR\ToolBar.ToolBarObj.1\CLSID
    HKCR\ToolBar.ToolBarObj
    HKCR\ToolBar.ToolBarObj\CLSID
    HKCR\ToolBar.ToolBarObj\CurVer
    HKCR\TypeLib\{ED0FB633-C311-4bcd-824A-4D345386BE64}
    HKU\S-1-5-21-1085031214-299502267-725345543-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{C1B4DEC2-2623-438E-9CA2-C9043AB28508}
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version
    C:\PROGRAM FILES\COMMON FILES\{3CE42221-0702-1033-0826-020326200001}\BAR888.DLL
    C:\RECYCLER\S-1-5-18\DC1\BAR888.DLL
    C:\RECYCLER\S-1-5-18\DC7\BAR888.DLL
    C:\RECYCLER\S-1-5-18\DC9\BAR888.DLL
    C:\RECYCLER\S-1-5-21-1085031214-299502267-725345543-1007\DC20\BAR888.DLL
    C:\RECYCLER\S-1-5-21-1085031214-299502267-725345543-1007\DC4\BAR888.DLL

    Adware.ClickSpring
    HKLM\Software\Classes\CLSID\{D46FEC46-5EA4-2B7C-D94D-29909EA73BC1}
    HKCR\CLSID\{D46FEC46-5EA4-2B7C-D94D-29909EA73BC1}
    HKCR\CLSID\{D46FEC46-5EA4-2B7C-D94D-29909EA73BC1}\InprocServer32
    HKCR\CLSID\{D46FEC46-5EA4-2B7C-D94D-29909EA73BC1}\InprocServer32#ThreadingModel
    HKCR\CLSID\{D46FEC46-5EA4-2B7C-D94D-29909EA73BC1}\Programmable
    HKCR\CLSID\{D46FEC46-5EA4-2B7C-D94D-29909EA73BC1}\TypeLib
    C:\WINDOWS\SYSTEM32\ULZI.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D46FEC46-5EA4-2B7C-D94D-29909EA73BC1}

    Adware.DelFin Project/PromulGate
    HKLM\Software\Classes\CLSID\{E1412445-4FF8-410e-8D24-F2CF86B171A4}
    HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}
    HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}
    HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}#AppID
    HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}\InprocServer32
    HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}\InprocServer32#ThreadingModel
    HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}\ProgID
    HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}\Programmable
    HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}\TypeLib
    HKCR\CLSID\{E1412445-4FF8-410E-8D24-F2CF86B171A4}\VersionIndependentProgID
    C:\PROGRAM FILES\PEDEVICE\PEDEV.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4}

    Adware.Tracking Cookie
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][1].txt
    C:\Documents and Settings\Cristel\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][3].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected]=sc9adult69[1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][2].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\Derek\Cookies\[email protected][1].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
    C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt
    C:\Documents and Settings\Robert\Local Settings\Temp\Cookies\[email protected][1].txt
     
  6. vlsr

    vlsr Thread Starter

    Joined:
    Nov 26, 2005
    Messages:
    11
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][3].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][1].txt
    C:\Documents and Settings\Sarah\Cookies\[email protected][2].txt

    Adware.MovieLand/MediaPipe
    HKCR\AppId\AMNotifier.EXE
    HKCR\AppId\AMNotifier.EXE#AppID
    HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
    HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0
    HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0
    HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32
    HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS
    HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR
    C:\Program Files\MovieLand Terms.html
    C:\PROGRAM FILES\DOWNLOADMANAGER\DM.EXE
    C:\PROGRAM FILES\DOWNLOADMANAGER\DOWNLOADMANAGER.EXE
    C:\PROGRAM FILES\FSUPPORT\NOTIFIER.EXE

    Adware.180solutions/ZangoSearch
    HKU\S-1-5-21-1085031214-299502267-725345543-1003\Software\Zango
    HKU\S-1-5-21-1085031214-299502267-725345543-1007\Software\Zango
    C:\DOCUMENTS AND SETTINGS\MARK\LOCAL SETTINGS\TEMP\SAI17F.TMP
    C:\DOCUMENTS AND SETTINGS\ROBERT\LOCAL SETTINGS\TEMP\180271.TMP
    C:\DOCUMENTS AND SETTINGS\ROBERT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\AHAEHIJ5\JESSICA%20SIMPSON%20WET%20T-SHIRT_ENCRYPTED[1].WMV

    Adware.Starware
    HKU\S-1-5-21-1085031214-299502267-725345543-1003\Software\Starware
    HKU\S-1-5-21-1085031214-299502267-725345543-1007\Software\Starware

    Adware.ClickSpring/Yazzle
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#Publisher

    Adware.IPWins
    HKU\S-1-5-21-1085031214-299502267-725345543-1007\Software\IpWins
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#UninstallString

    Adware.Zango Toolbar/Hb
    HKU\S-1-5-21-1085031214-299502267-725345543-1007\Software\ZangoToolbar

    Adware.ClickSpring/Outer Info Network
    C:\Program Files\Outerinfo\OiUninstaller.exe
    C:\Program Files\Outerinfo\outerinfo.ico
    C:\Program Files\Outerinfo\Terms.rtf
    C:\Program Files\Outerinfo
    C:\DOCUMENTS AND SETTINGS\DEREK\LOCAL SETTINGS\TEMP\NDR1018.TMP.XML
    C:\DOCUMENTS AND SETTINGS\DEREK\LOCAL SETTINGS\TEMP\NDRFE.TMP.XML

    Trojan.Svchosts
    HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX
    HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#Type
    HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#Start
    HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#ErrorControl
    HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#ImagePath
    HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#DisplayName
    HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX#ObjectName
    HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Security
    HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX\Security#Security
    C:\WINDOWS\SYSTEM32\SVCHOSTS.EXE
    C:\WINDOWS\Prefetch\SVCHOSTS.EXE-06B6C8D2.pf

    Trojan.Freeprod
    C:\DOCUMENTS AND SETTINGS\DEREK\DESKTOP\INSTALL.EXE
    C:\WINDOWS\Prefetch\INSTALL.EXE-1D616EA4.pf

    Trojan.Downloader-Gen/Installer
    C:\DOCUMENTS AND SETTINGS\DEREK\LOCAL SETTINGS\TEMP\B104.EXE
    C:\DOCUMENTS AND SETTINGS\DEREK\LOCAL SETTINGS\TEMP\B122.EXE
    C:\DOCUMENTS AND SETTINGS\DEREK\LOCAL SETTINGS\TEMP\B130.EXE
    C:\DOCUMENTS AND SETTINGS\DEREK\LOCAL SETTINGS\TEMP\B131.EXE

    Trojan.Downloader-CommandDesktop
    C:\DOCUMENTS AND SETTINGS\DEREK\LOCAL SETTINGS\TEMP\CMDINST.EXE

    Adware.180solutions/Search Assistant
    C:\DOCUMENTS AND SETTINGS\ROBERT\LOCAL SETTINGS\TEMP\180114.TMP

    Adware.DelFin Project
    C:\PROGRAM FILES\COMMON FILES\UNINSTALL INFORMATION\REMOVEWEBDP.EXE

    Worm.Alcra Variant
    C:\WINDOWS\SYSTEM32\NETSTAT.COM
    C:\WINDOWS\SYSTEM32\TASKKILL.COM

    Trojan.Downloader-UnSVCHosts
    C:\WINDOWS\SYSTEM32\UNSVCHOSTS.EXE
    C:\WINDOWS\Prefetch\UNSVCHOSTS.EXE-2BA40E9C.pf

    Trojan.Unknown Origin
    C:\WINDOWS\SYSTEM32\WCPTR.EXE

    Trace.Known Threat Sources
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\4HY3KDMN\campaigns6[1].encrypted
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\81IBGLM7\ctxad-536[1].0001
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\4HQR4DMN\client_settings_3[1].bin
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\OPMROTQV\ctxad-536[1].0002
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\9O07L1G9\ctxad-536[1].0003
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\4HY3KDMN\ctxad-536[1].0006
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\ST2FK16Z\ctxad-542[1].sig
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\4HQR4DMN\ctxad-542[1].0002
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\2TBODKBI\ctxad-542[1].0005
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\ST2FK16Z\ctxad-542[1].0004
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\KLUFKLYZ\wtd[1].htm
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\4HQR4DMN\ctxad-536[1].0005
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\Y5XQJ2H8\ctxad-536[1].0004
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\KDYNG5YJ\ctxad-542[1].0006
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\KLUFKLYZ\ctxad-536[1].sig
    C:\Documents and Settings\Derek\Local Settings\Temporary Internet Files\Content.IE5\ST2FK16Z\ctxad-536[1].0000

    Adware.DollarRevenue
    C:\Documents and Settings\Sarah\Local Settings\Temporary Internet Files\Content.IE5\0C0SWB2C\download[1].htm


    --------------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 3:59:30 AM, on 2/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O1 - Hosts: 1.1.1.1 f-secure.com
    O1 - Hosts: 1.1.1.1 www.f-secure.com
    O1 - Hosts: 1.1.1.1 ftp.f-secure.com
    O1 - Hosts: 1.1.1.1 ftp.sophos.com
    O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
    O1 - Hosts: 1.1.1.1 customer.symantec.com
    O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
    O1 - Hosts: 1.1.1.1 download.mcafee.com
    O1 - Hosts: 1.1.1.1 rads.mcafee.com
    O1 - Hosts: 1.1.1.1 mast.mcafee.com
    O1 - Hosts: 1.1.1.1 my-etrust.com
    O1 - Hosts: 1.1.1.1 www.my-etrust.com
    O1 - Hosts: 1.1.1.1 nai.com
    O1 - Hosts: 1.1.1.1 www.nai.com
    O1 - Hosts: 1.1.1.1 networkassociates.com
    O1 - Hosts: 1.1.1.1 secure.nai.com
    O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
    O1 - Hosts: 1.1.1.1 service1.symantec.com
    O1 - Hosts: 1.1.1.1 sophos.com
    O1 - Hosts: 1.1.1.1 www.sophos.com
    O1 - Hosts: 1.1.1.1 support.microsoft.com
    O1 - Hosts: 1.1.1.1 symantec.com
    O1 - Hosts: 1.1.1.1 www.symantec.com
    O1 - Hosts: 1.1.1.1 update.symantec.com
    O1 - Hosts: 1.1.1.1 updates.symantec.com
    O1 - Hosts: 1.1.1.1 us.mcafee.com
    O1 - Hosts: 1.1.1.1 vil.nai.com
    O1 - Hosts: 1.1.1.1 viruslist.com
    O1 - Hosts: 1.1.1.1 www.viruslist.com
    O1 - Hosts: 1.1.1.1 grisoft.com
    O1 - Hosts: 1.1.1.1 www.grisoft.com
    O1 - Hosts: 1.1.1.1 free.grisoft.com
    O1 - Hosts: 1.1.1.1 trendmicro.com
    O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
    O1 - Hosts: 1.1.1.1 www.trendmicro.com
    O1 - Hosts: 1.1.1.1 pandasoftware.com
    O1 - Hosts: 1.1.1.1 www.pandasoftware.com
    O1 - Hosts: 1.1.1.1 usa.kaspersky.com
    O1 - Hosts: 1.1.1.1 ewido.net
    O1 - Hosts: 1.1.1.1 www.ewido.net
    O1 - Hosts: 1.1.1.1 zonelabs.com
    O1 - Hosts: 1.1.1.1 www.zonelabs.com
    O1 - Hosts: 1.1.1.1 bitdefender.com
    O1 - Hosts: 1.1.1.1 www.bitdefender.com
    O1 - Hosts: 1.1.1.1 download.bitdefender.com
    O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
    O1 - Hosts: 1.1.1.1 spywareinfo.com
    O1 - Hosts: 1.1.1.1 www.spywareinfo.com
    O1 - Hosts: 1.1.1.1 merijn.org
    O1 - Hosts: 1.1.1.1 www.merijn.org
    O1 - Hosts: 1.1.1.1 sysinternals.com
    O1 - Hosts: 1.1.1.1 www.sysinternals.com
    O1 - Hosts: 1.1.1.1 onguardonline.gov
    O1 - Hosts: 1.1.1.1 www.onguardonline.gov
    O1 - Hosts: 1.1.1.1 avast.com
    O1 - Hosts: 1.1.1.1 www.avast.com
    O1 - Hosts: 1.1.1.1 safety.live.com
    O1 - Hosts: 1.1.1.1 www.paretologic.com
    O1 - Hosts: 1.1.1.1 paretologic.com
    O1 - Hosts: 1.1.1.1 virusscan.jotti.org
    O1 - Hosts: 1.1.1.1 services.google.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt2] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Get Set3651232007.lnk = C:\Program Files\Get Set\Get Set.exe
    O4 - Startup: Get Set578154690.lnk = C:\Program Files\Get Set\Get Set.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Documents and Settings\Derek\My Documents\bin\iPodService.exe (file missing)
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    YOu've added a new problem

    Please Download MsnVirRem.exe to your desktop from one of the following sites.
    http://downloads.malwareremoval.com/MsnVirRem.exe
    http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item9
    http://www.greyknight17.com/spy/MsnVirRem.exe

    · First close any other programs you have running as this will require a reboot
    · Double click MsnVirRem.exe to run it
    · Once open, click the button labelled "Search and Destroy"
    <<Your computer will now be scanned for Infected Files>>
    · When scanning is finished you will be prompted to reboot only if infected, Click OK
    · Now click the "REBOOT" Button.
    · After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
    · A Message should popup from MsnVirRem if not, double click the program again and it will finish
    =================
    Download the HostsXpert 3.7 - Hosts File Manager.
    • Unzip HostsXpert - Hosts File Manager to a convenient folder such as C:\HostsXpert - Hosts File Manager
    • Run HostsXpert - Hosts File Manager from its new home
    • Click "Make Hosts Writable?" in the upper right corner (If available).
    • Click Restore Microsoft’s Host File and then click OK.
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
    ==============
    IE - Block Third party cookies
    1. Click on the Tools button on the Internet Explorer tool bar.
    2. Highlight and click on Internet options at the bottom of the Tools menu.
    3. Select the Privacy Tab of the Internet Options menu.
    4. Select the Advanced... button at the bottom of the screen.
    5. Select override automatic cookie handling button.
    6. To block third party cookies select block under "Third-party cookies".
    7. Select "always allow session cookies".
    8. Click on the OK button at the bottom of the screen.
    ======================
    Do you know what this is

    C:\Program Files\Get Set\Get Set.exe
    ==========
    Post a new log
     
  8. vlsr

    vlsr Thread Starter

    Joined:
    Nov 26, 2005
    Messages:
    11
    I ran MsnVirRem and it came back saying no infected files found.

    Then I ran Hoster and the hosts was already read only, when I clicked restore hosts file it gave me a "error...couldn't create file" which I presume is right since the file was already read only and shouldn't have been changed by anything I picked up.

    Blocked third party cookies

    The Get Set.exe was an old legitimate program I had uninstalled some time ago, but apparantly did not fully uninstall.

    No more annoying pop-ups lately, good sign!!!!

    Here's the new HiJackThis log........
    --------------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 7:37:38 PM, on 2/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O1 - Hosts: 1.1.1.1 f-secure.com
    O1 - Hosts: 1.1.1.1 www.f-secure.com
    O1 - Hosts: 1.1.1.1 ftp.f-secure.com
    O1 - Hosts: 1.1.1.1 ftp.sophos.com
    O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
    O1 - Hosts: 1.1.1.1 customer.symantec.com
    O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
    O1 - Hosts: 1.1.1.1 download.mcafee.com
    O1 - Hosts: 1.1.1.1 rads.mcafee.com
    O1 - Hosts: 1.1.1.1 mast.mcafee.com
    O1 - Hosts: 1.1.1.1 my-etrust.com
    O1 - Hosts: 1.1.1.1 www.my-etrust.com
    O1 - Hosts: 1.1.1.1 nai.com
    O1 - Hosts: 1.1.1.1 www.nai.com
    O1 - Hosts: 1.1.1.1 networkassociates.com
    O1 - Hosts: 1.1.1.1 secure.nai.com
    O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
    O1 - Hosts: 1.1.1.1 service1.symantec.com
    O1 - Hosts: 1.1.1.1 sophos.com
    O1 - Hosts: 1.1.1.1 www.sophos.com
    O1 - Hosts: 1.1.1.1 support.microsoft.com
    O1 - Hosts: 1.1.1.1 symantec.com
    O1 - Hosts: 1.1.1.1 www.symantec.com
    O1 - Hosts: 1.1.1.1 update.symantec.com
    O1 - Hosts: 1.1.1.1 updates.symantec.com
    O1 - Hosts: 1.1.1.1 us.mcafee.com
    O1 - Hosts: 1.1.1.1 vil.nai.com
    O1 - Hosts: 1.1.1.1 viruslist.com
    O1 - Hosts: 1.1.1.1 www.viruslist.com
    O1 - Hosts: 1.1.1.1 grisoft.com
    O1 - Hosts: 1.1.1.1 www.grisoft.com
    O1 - Hosts: 1.1.1.1 free.grisoft.com
    O1 - Hosts: 1.1.1.1 trendmicro.com
    O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
    O1 - Hosts: 1.1.1.1 www.trendmicro.com
    O1 - Hosts: 1.1.1.1 pandasoftware.com
    O1 - Hosts: 1.1.1.1 www.pandasoftware.com
    O1 - Hosts: 1.1.1.1 usa.kaspersky.com
    O1 - Hosts: 1.1.1.1 ewido.net
    O1 - Hosts: 1.1.1.1 www.ewido.net
    O1 - Hosts: 1.1.1.1 zonelabs.com
    O1 - Hosts: 1.1.1.1 www.zonelabs.com
    O1 - Hosts: 1.1.1.1 bitdefender.com
    O1 - Hosts: 1.1.1.1 www.bitdefender.com
    O1 - Hosts: 1.1.1.1 download.bitdefender.com
    O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
    O1 - Hosts: 1.1.1.1 spywareinfo.com
    O1 - Hosts: 1.1.1.1 www.spywareinfo.com
    O1 - Hosts: 1.1.1.1 merijn.org
    O1 - Hosts: 1.1.1.1 www.merijn.org
    O1 - Hosts: 1.1.1.1 sysinternals.com
    O1 - Hosts: 1.1.1.1 www.sysinternals.com
    O1 - Hosts: 1.1.1.1 onguardonline.gov
    O1 - Hosts: 1.1.1.1 www.onguardonline.gov
    O1 - Hosts: 1.1.1.1 avast.com
    O1 - Hosts: 1.1.1.1 www.avast.com
    O1 - Hosts: 1.1.1.1 safety.live.com
    O1 - Hosts: 1.1.1.1 www.paretologic.com
    O1 - Hosts: 1.1.1.1 paretologic.com
    O1 - Hosts: 1.1.1.1 virusscan.jotti.org
    O1 - Hosts: 1.1.1.1 services.google.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt2] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Get Set3651232007.lnk = C:\Program Files\Get Set\Get Set.exe
    O4 - Startup: Get Set578154690.lnk = C:\Program Files\Get Set\Get Set.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Documents and Settings\Derek\My Documents\bin\iPodService.exe (file missing)
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    That is not a legit hosts file - make it writable and then restore the original hosts file

    Run SAS again
     
  10. vlsr

    vlsr Thread Starter

    Joined:
    Nov 26, 2005
    Messages:
    11
    I restored the Hosts File and here are the new SAS & HJT logs.


    --------------------------------------------------------------------------------------------------------

    SUPERAntiSpyware Scan Log
    Generated 02/18/2007 at 04:16 AM

    Application Version : 3.5.1016

    Core Rules Database Version : 3184
    Trace Rules Database Version: 1194

    Scan type : Complete Scan
    Total Scan Time : 02:36:39

    Memory items scanned : 417
    Memory threats detected : 0
    Registry items scanned : 4992
    Registry threats detected : 4
    File items scanned : 98768
    File threats detected : 1

    Adware.Toolbar888
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{C1B4DEC2-2623-438e-9CA2-C9043AB28508}

    Trojan.Svchosts
    HKLM\SYSTEM\CurrentControlSet\Services\Client IP-IPX

    Adware.Tracking Cookie
    C:\Documents and Settings\Robert\Cookies\[email protected][2].txt

    --------------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 5:51:36 AM, on 2/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt2] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Get Set3651232007.lnk = C:\Program Files\Get Set\Get Set.exe
    O4 - Startup: Get Set578154690.lnk = C:\Program Files\Get Set\Get Set.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Documents and Settings\Derek\My Documents\bin\iPodService.exe (file missing)
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

    O4 - Startup: Get Set3651232007.lnk = C:\Program Files\Get Set\Get Set.exe

    O4 - Startup: Get Set578154690.lnk = C:\Program Files\Get Set\Get Set.exe

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\Get Set

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
    ===============

    How are things now????????????
     
  12. vlsr

    vlsr Thread Starter

    Joined:
    Nov 26, 2005
    Messages:
    11
    It appears everything is operating properly now, I'd like to thank you very much for your assistance rectifing this problem.


    -------------------------------------------------------------------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 8:01:52 PM, on 2/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\QuickTime\qttask.exe
    D:\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    O1 - Hosts: 1.1.1.1 f-secure.com
    O1 - Hosts: 1.1.1.1 www.f-secure.com
    O1 - Hosts: 1.1.1.1 ftp.f-secure.com
    O1 - Hosts: 1.1.1.1 ftp.sophos.com
    O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
    O1 - Hosts: 1.1.1.1 customer.symantec.com
    O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
    O1 - Hosts: 1.1.1.1 download.mcafee.com
    O1 - Hosts: 1.1.1.1 rads.mcafee.com
    O1 - Hosts: 1.1.1.1 mast.mcafee.com
    O1 - Hosts: 1.1.1.1 my-etrust.com
    O1 - Hosts: 1.1.1.1 www.my-etrust.com
    O1 - Hosts: 1.1.1.1 nai.com
    O1 - Hosts: 1.1.1.1 www.nai.com
    O1 - Hosts: 1.1.1.1 networkassociates.com
    O1 - Hosts: 1.1.1.1 secure.nai.com
    O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
    O1 - Hosts: 1.1.1.1 service1.symantec.com
    O1 - Hosts: 1.1.1.1 sophos.com
    O1 - Hosts: 1.1.1.1 www.sophos.com
    O1 - Hosts: 1.1.1.1 support.microsoft.com
    O1 - Hosts: 1.1.1.1 symantec.com
    O1 - Hosts: 1.1.1.1 www.symantec.com
    O1 - Hosts: 1.1.1.1 update.symantec.com
    O1 - Hosts: 1.1.1.1 updates.symantec.com
    O1 - Hosts: 1.1.1.1 us.mcafee.com
    O1 - Hosts: 1.1.1.1 vil.nai.com
    O1 - Hosts: 1.1.1.1 viruslist.com
    O1 - Hosts: 1.1.1.1 www.viruslist.com
    O1 - Hosts: 1.1.1.1 grisoft.com
    O1 - Hosts: 1.1.1.1 www.grisoft.com
    O1 - Hosts: 1.1.1.1 free.grisoft.com
    O1 - Hosts: 1.1.1.1 trendmicro.com
    O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
    O1 - Hosts: 1.1.1.1 www.trendmicro.com
    O1 - Hosts: 1.1.1.1 pandasoftware.com
    O1 - Hosts: 1.1.1.1 www.pandasoftware.com
    O1 - Hosts: 1.1.1.1 usa.kaspersky.com
    O1 - Hosts: 1.1.1.1 ewido.net
    O1 - Hosts: 1.1.1.1 www.ewido.net
    O1 - Hosts: 1.1.1.1 zonelabs.com
    O1 - Hosts: 1.1.1.1 www.zonelabs.com
    O1 - Hosts: 1.1.1.1 bitdefender.com
    O1 - Hosts: 1.1.1.1 www.bitdefender.com
    O1 - Hosts: 1.1.1.1 download.bitdefender.com
    O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
    O1 - Hosts: 1.1.1.1 spywareinfo.com
    O1 - Hosts: 1.1.1.1 www.spywareinfo.com
    O1 - Hosts: 1.1.1.1 merijn.org
    O1 - Hosts: 1.1.1.1 www.merijn.org
    O1 - Hosts: 1.1.1.1 sysinternals.com
    O1 - Hosts: 1.1.1.1 www.sysinternals.com
    O1 - Hosts: 1.1.1.1 onguardonline.gov
    O1 - Hosts: 1.1.1.1 www.onguardonline.gov
    O1 - Hosts: 1.1.1.1 avast.com
    O1 - Hosts: 1.1.1.1 www.avast.com
    O1 - Hosts: 1.1.1.1 safety.live.com
    O1 - Hosts: 1.1.1.1 www.paretologic.com
    O1 - Hosts: 1.1.1.1 paretologic.com
    O1 - Hosts: 1.1.1.1 virusscan.jotti.org
    O1 - Hosts: 1.1.1.1 services.google.com
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Run HostsXpert again
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/543909

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice