1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Spy ware and tracking cookie plz HELP

Discussion in 'Virus & Other Malware Removal' started by BIGJARBREWSKY, Sep 18, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. BIGJARBREWSKY

    BIGJARBREWSKY Thread Starter

    Joined:
    Jun 7, 2006
    Messages:
    27
    HI i have tons of tracking cookies spyware onmy computer i use the aol security center but it: down: i downloaded hijack this and this is the following log some tell me whast my next step to save my laptop


    Logfile of HijackThis v1.99.1
    Scan saved at 7:48:28 PM, on 9/18/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\1138638802\ee\AOLSoftware.exe
    C:\Program Files\mcafee.com\MPS\mscifapp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\program files\common files\aol\1138638802\ee\services\sscAntiSpywarePlugin\ver1_109_2_1\AOLSP Scheduler.exe
    c:\program files\common files\aol\1138638802\ee\aolssc.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [MPFEXE] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138638802\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_109_2_1\SSCRun.exe
    O4 - HKLM\..\Run: [MPSExe] C:\Program Files\mcafee.com\MPS\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
    O15 - Trusted Zone: http://*.billingnow.com
    O15 - Trusted Zone: http://*.reliablestats.com
    O15 - Trusted Zone: http://*.winantispyware.com
    O15 - Trusted Zone: http://*.winantivirus.com
    O15 - Trusted Zone: http://*.winantiviruspro.com
    O15 - Trusted Zone: http://*.winnanny.com
    O15 - Trusted Zone: http://*.winsoftware.com
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://config.skillcheck.com/onlinetesting/icaclients/win32/8.1.00/onlinetesting.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
     
  2. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Hi, BIGJARBREWSKY :)

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O15 - Trusted Zone: http://*.billingnow.com
    O15 - Trusted Zone: http://*.reliablestats.com
    O15 - Trusted Zone: http://*.winantispyware.com
    O15 - Trusted Zone: http://*.winantivirus.com
    O15 - Trusted Zone: http://*.winantiviruspro.com
    O15 - Trusted Zone: http://*.winnanny.com
    O15 - Trusted Zone: http://*.winsoftware.com

    Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

    Close Hijackthis.

    Go to Start->Run, type CMD and click Ok. The MSDOS window will be displayed. At the prompt type thr following and press Enter after each line:

    SC Stop FreezeScreenSaver
    SC Delete FreezeScreenSaver
    Exit


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    Please download ewido anti-spyware from HERE and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Once the setup is complete you will need run ewido and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close ewido anti-spyware, Do Not run a scan just yet, we will shortly in Safe Mode.

    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:

    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
    • Launch ewido-anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close ewido .
    Restart back into Windows normally now.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post a fresh Hijackthis log along with the Ewido and ActiveScan reports.
     
  3. BIGJARBREWSKY

    BIGJARBREWSKY Thread Starter

    Joined:
    Jun 7, 2006
    Messages:
    27
    thank yoy for the help
    i have follwed ll of ur directions
    u ddint know when using the online scan if i was suppose to disenfect the files so i saved the report and closed. here are the following reports u wanted me to save

    HIjack :
    Logfile of HijackThis v1.99.1
    Scan saved at 2:08:53 AM, on 9/19/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\1138638802\ee\AOLSoftware.exe
    C:\Program Files\mcafee.com\MPS\mscifapp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\program files\common files\aol\1138638802\ee\services\sscAntiSpywarePlugin\ver1_109_2_1\AOLSP Scheduler.exe
    c:\program files\common files\aol\1138638802\ee\aolssc.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [MPFEXE] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138638802\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_109_2_1\SSCRun.exe
    O4 - HKLM\..\Run: [MPSExe] C:\Program Files\mcafee.com\MPS\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://config.skillcheck.com/onlinetesting/icaclients/win32/8.1.00/onlinetesting.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

    this is the activscan:

    Incident Status Location

    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.247realmedia.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.adrevolver.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.as-eu.falkag.net/]
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.as-us.falkag.net/]
    Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.centrport.net/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.com.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.go.com/]
    Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.gostats.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.questionmarket.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.trafficmp.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.www.myaffiliateprogram.com/]
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.z1.adserver.com/]
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[.zedo.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[bilbo.counted.com/]
    Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[landing.domainsponsor.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[server.iad.liveperson.net/hc/71875316]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[server.iad.liveperson.net/hc/88270523]
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jaron Baptiste\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\cookies.txt[www.burstbeacon.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron baptiste@2o7[2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron [email protected][2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron baptiste@advertising[2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron [email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron baptiste@atdmt[2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron baptiste@belnk[1].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron baptiste@casalemedia[2].txt
    Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron [email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron [email protected][2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron baptiste@doubleclick[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron baptiste@fastclick[1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron baptiste@mediaplex[1].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron baptiste@realmedia[1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron baptiste@statcounter[2].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron baptiste@trafficmp[2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jaron Baptiste\Cookies\jaron baptiste@tribalfusion[2].txt
    Adware:Adware/StrCodec Not disinfected C:\Documents and Settings\Jaron Baptiste\Local Settings\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\Cache\4AD19673d01
    Adware:Adware/StrCodec Not disinfected C:\Documents and Settings\Jaron Baptiste\Local Settings\Application Data\Mozilla\Firefox\Profiles\if61wp7m.default\Cache\4C529673d01
    and the last scan ewido:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 12:18:12 AM 9/19/2006

    + Scan result:



    C:\WINDOWS\VirtualDNS.dll -> Adware.Webdir : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\bdfupdate.exe -> Backdoor.Agent.rk : Cleaned with backup (quarantined).


    ::Report end
     
  4. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Hi, BIGJARBREWSKY :)

    Please logon as Jaron Baptiste.

    Follow the instruction Here to delete the Cookies on both, Firefox and Internet Explorer.

    The rest of the log looks clear. How is the computer doing?
     
  5. BIGJARBREWSKY

    BIGJARBREWSKY Thread Starter

    Joined:
    Jun 7, 2006
    Messages:
    27
    Sorry Been Working Overtime Lately
    I Followed Ur Directions Again
    But Damn Pop-ups Keep Coming Back
     
  6. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Hi, BIGJARBREWSKY :)

    Let me see a fresh Hijackthis log.
     
  7. BIGJARBREWSKY

    BIGJARBREWSKY Thread Starter

    Joined:
    Jun 7, 2006
    Messages:
    27
    Logfile of HijackThis v1.99.1
    Scan saved at 1:27:41 PM, on 9/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\1138638802\ee\AOLSoftware.exe
    C:\Program Files\mcafee.com\MPS\mscifapp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\program files\common files\aol\1138638802\ee\services\sscAntiSpywarePlugin\ver1_109_2_1\AOLSP Scheduler.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\common files\aol\1138638802\ee\aolssc.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [MPFEXE] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138638802\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_109_2_1\SSCRun.exe
    O4 - HKLM\..\Run: [MPSExe] C:\Program Files\mcafee.com\MPS\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://config.skillcheck.com/onlinetesting/icaclients/win32/8.1.00/onlinetesting.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
     
  8. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Hi, BIGJARBREWSKY :)

    There is no evident malware in that log. Lets take a deeper look:

    Click here to download WinPFind .
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!

    Reboot into Safe Mode

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    • Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient!
    • Once the Scan is Complete, restart the computer back in Normal Mode.
    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Place those results in the next reply!
     
  9. BIGJARBREWSKY

    BIGJARBREWSKY Thread Starter

    Joined:
    Jun 7, 2006
    Messages:
    27
    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Logfile created on: 9/25/2006 8:40:25 PM
    WinPFind v1.5.0 Folder = C:\Documents and Settings\Jaron Baptiste\Desktop\WinPFind\WinPFind\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...

    Checking %System% folder...
    PEC2 8/4/2004 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
    PEC2 8/11/2006 1:31:48 PM 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
    PECompact2 8/11/2006 1:31:48 PM 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
    UPX! 2/14/2006 5:12:50 PM 463360 C:\WINDOWS\SYSTEM32\iviaudio.ax (InterVideo Inc.)
    UPX! 2/14/2006 5:12:54 PM 601600 C:\WINDOWS\SYSTEM32\Ivinav.ax (InterVideo Inc.)
    UPX! 2/14/2006 5:12:48 PM 1092096 C:\WINDOWS\SYSTEM32\IVIVIDEO.ax ( InterVideo Inc.)
    UPX! 12/22/2005 5:34:58 AM 185344 C:\WINDOWS\SYSTEM32\LameACM.acm (http://www.mp3dev.org/)
    PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
    UPX! 12/10/2004 7:53:58 AM 70144 C:\WINDOWS\SYSTEM32\MODSource.ax ()
    UPX! 12/10/2004 7:51:50 AM 61952 C:\WINDOWS\SYSTEM32\MP3Source.ax ()
    PECompact2 9/11/2006 1:37:22 PM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 9/11/2006 1:37:22 PM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 8/4/2004 4:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
    WSUD 8/4/2004 4:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    Umonitor 8/4/2004 4:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
    winsync 8/4/2004 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
    PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
    WSUD 5/9/2006 10:26:34 PM 7706112 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)

    Checking %System%\Drivers folder and sub-folders...

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    9/25/2006 8:35:12 PM S 2048 C:\WINDOWS\bootstat.dat ()
    9/24/2006 2:35:50 PM H 54156 C:\WINDOWS\QTFont.qfn ()
    7/31/2006 8:01:26 PM HS 3426 C:\WINDOWS\system32\SysPr.prx ()
    7/28/2006 8:16:08 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat ()
    8/21/2006 9:00:10 AM S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
    9/25/2006 8:35:00 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
    9/25/2006 8:35:50 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
    9/25/2006 8:35:16 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
    9/25/2006 8:36:02 PM H 98304 C:\WINDOWS\system32\config\software.LOG ()
    9/25/2006 8:35:22 PM H 888832 C:\WINDOWS\system32\config\system.LOG ()
    9/12/2006 10:18:00 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
    8/5/2006 12:06:56 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\33bcb8e0-155e-46ac-881e-29be68db40d2 ()
    8/5/2006 12:06:56 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
    9/24/2006 8:24:10 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

    Checking for CPL files...
    8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
    6/17/2004 4:45:56 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
    7/13/2003 3:49:36 AM 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl (Ahead Software AG)
    8/4/2004 4:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
    11/10/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
    8/4/2004 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
    8/4/2004 4:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
    2/17/2004 6:11:00 AM 53248 C:\WINDOWS\SYSTEM32\vp6dec_settings.cpl ()
    7/26/2005 9:56:30 AM 53248 C:\WINDOWS\SYSTEM32\vp7dec_settings.cpl ()
    8/4/2004 4:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
    5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)

    Checking for Downloaded Program Files...
    {238F6F83-B8B4-11CF-8771-00A024541EE3} - Citrix ICA Client - CodeBase = https://config.skillcheck.com/onlinetesting/icaclients/win32/8.1.00/onlinetesting.cab
    {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
    {644E432F-49D3-41A1-8DD5-E099162EEEC5} - Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - - CodeBase = http://launch.gamespyarcade.com/software/launch/alaunch.cab
    {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    5/23/2006 10:07:02 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
    8/7/2004 8:58:34 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
    7/24/2006 9:15:16 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    8/7/2004 1:46:50 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
    9/10/2006 4:16:26 AM 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

    Checking files in %USERPROFILE%\Startup folder...
    8/7/2004 8:58:34 AM HS 84 C:\Documents and Settings\Jaron Baptiste\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %USERPROFILE%\Application Data folder...
    8/7/2004 1:46:48 AM HS 62 C:\Documents and Settings\Jaron Baptiste\Application Data\desktop.ini ()

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    >>> Internet Explorer Settings <<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - C:\windows\system32\blank.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - C:\windows\system32\blank.htm

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    \\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - AOLTBSearch Class = C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
    \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    >>> BHO's <<<
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    \{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)

    >>> Internet Explorer Bars, Toolbars and Extensions <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    \{21569614-B795-46B1-85F4-E737A8DC09AD} - Shell Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    \\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    \ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
    \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - = ()
    \WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
    \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
    \\NEXTID - 8201
    \\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =
    \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 = Windows Messenger
    \\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - 8195 =
    \\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8196 =
    \\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8197 =
    \\{A75C6120-9B36-11d4-A3F0-009027427750} - 8198 =
    \\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8199 =
    \\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8200 = PartyPoker.com

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    \CmdMapping - MenuText: = ()
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
    \{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar =
    \{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
    \{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - ButtonText: PartyPoker.com = C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
    \{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

    >>> Approved Shell Extensions (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
    \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
    \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
    \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
    \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
    \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
    \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
    \\{2F603045-309F-11CF-9774-0020AFD0CFF6} - Synaptics Control Panel = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics, Inc.)
    \\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
    \\{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = C:\Program Files\Sonic\RecordNow! Deluxe\shlext.dll ()
    \\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
    \\{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.65 Context Menu Shell Extension = ()
    \\{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.65 DragDrop Shell Extension = ()
    \\{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.65 Context Menu Shell Extension = ()
    \\{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.65 Property Sheet Shell Extension = ()
    \\{40DAD1B9-DDCF-4A31-A5D3-A03BC8881370} - IndexingServiceExtExt Extension = C:\WINDOWS\System32\windexserv.dll ()
    \\{0561EC90-CE54-4f0c-9C55-E226110A740C} - Haali Column Provider = C:\WINDOWS\system32\mmfinfo.dll ()
    \\{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} - Haali Matroska Thumbnail Exctractor = ()

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


    >>> Context Menu Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
    \ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
    \WinRAR - = ()
    \{D653647D-D607-4df6-A5B8-48D2BA195F7B} - = ()

    [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
    \ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
    \WinRAR - = ()

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
    \igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation)

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
    \WinRAR - = ()
    \{D653647D-D607-4df6-A5B8-48D2BA195F7B} - = ()

    >>> Column Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    \{0561EC90-CE54-4f0c-9C55-E226110A740C} - Haali Column Provider = C:\WINDOWS\system32\mmfinfo.dll ()
    \{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
     
  10. BIGJARBREWSKY

    BIGJARBREWSKY Thread Starter

    Joined:
    Jun 7, 2006
    Messages:
    27
    >>> Registry Run Keys <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    IgfxTray - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
    HotKeysCmds - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
    UpdateManager - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    SynTPLpr - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    SynTPEnh - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    eabconfg.cpl - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
    Cpqset - C:\Program Files\HPQ\Default Settings\cpqset.exe ()
    LXSUPMON - C:\WINDOWS\system32\LXSUPMON.EXE (Lexmark International Inc.)
    MPFEXE - C:\Program Files\mcafee.com\personal firewall\MPfTray.exe (McAfee Security)
    QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    HostManager - C:\Program Files\Common Files\AOL\1138638802\ee\AOLSoftware.exe (America Online, Inc.)
    sscRun - C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_109_2_1\SSCRun.exe (America Online)
    MPSExe - C:\Program Files\mcafee.com\MPS\mscifapp.exe (McAfee, Inc.)
    iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
    TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
    Sonic RecordNow! Deluxe - Reg Data missing or invalid ()
    Aim6 - Reg Data missing or invalid ()

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    >>> Startup Links <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
    C:\Documents and Settings\Jaron Baptiste\Start Menu\Programs\Startup\desktop.ini ()

    >>> MSConfig Disabled Items <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PhotoBase Monitor.lnk
    path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PhotoBase Monitor.lnk
    backup C:\WINDOWS\pss\PhotoBase Monitor.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\ArcSoft\PHOTOB~1\PHOTOB~1.EXE
    item PhotoBase Monitor

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item aim
    hkey HKCU
    command C:\Program Files\AIM\aim.exe -cnetwait.odl
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AOLLaunch
    hkey HKCU
    command "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Fast Start
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AOL
    hkey HKCU
    command "C:\Program Files\America Online 9.0a\AOL.EXE" -b
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AOLSP Scheduler
    hkey HKLM
    command "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLDialer
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AOLDial
    hkey HKLM
    command C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLSPScheduler
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AOLSP Scheduler
    hkey HKLM
    command C:\Program Files\Common Files\AOL\1138638802\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EmailScan
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item mcvsescn
    hkey HKLM
    command C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AOLSoftware
    hkey HKLM
    command C:\Program Files\Common Files\AOL\1138638802\ee\AOLSoftware.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item iTunesHelper
    hkey HKLM
    command "C:\Program Files\iTunes\iTunesHelper.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item dumprep 0 -k
    hkey HKLM
    command %systemroot%\system32\dumprep 0 -k
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MPFExe
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item MPfTray
    hkey HKLM
    command C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item msmsgs
    hkey HKCU
    command "C:\Program Files\Messenger\msmsgs.exe" /background
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item NeroCheck
    hkey HKLM
    command C:\WINDOWS\system32\NeroCheck.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OASClnt
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item oasclnt
    hkey HKLM
    command C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PestTrap
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item PestTrap
    hkey HKCU
    command C:\Program Files\PestTrap\PestTrap.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pure Networks Port Magic
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item PortAOL
    hkey HKLM
    command "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item qttask
    hkey HKLM
    command "C:\Program Files\QuickTime\qttask.exe" -atboottime
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sscRun
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item SSCRun
    hkey HKLM
    command C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item jusched
    hkey HKLM
    command C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item realsched
    hkey HKLM
    command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ViewMgr
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item ViewMgr
    hkey HKLM
    command C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 2
    [All Users Startup Folder Disabled Items]

    [Current User Startup Folder Disabled Items]

    >>> User Agent Post Platform <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    \\SV1 -

    >>> AppInit Dll's <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
    sockspy.dll = ()

    >>> Image File Execution Options <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    \Your Image File Name Here without a path - Debugger = ntsd -d

    >>> Shell Service Object Delay Load <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
    \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    \\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

    >>> Shell Execute Hooks <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
    \\{F28439F2-4996-41B8-8BD0-22789780DE81} - = ()
    \\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)

    >>> Shared Task Scheduler <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

    >>> Winlogon <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    \\UserInit = C:\WINDOWS\system32\userinit.exe,
    \\Shell = Explorer.exe
    \\System =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    \crypt32chain - crypt32.dll = (Microsoft Corporation)
    \cryptnet - cryptnet.dll = (Microsoft Corporation)
    \cscdll - cscdll.dll = (Microsoft Corporation)
    \igfxcui - igfxsrvc.dll = (Intel Corporation)
    \ScCertProp - wlnotify.dll = (Microsoft Corporation)
    \Schedule - wlnotify.dll = (Microsoft Corporation)
    \sclgntfy - sclgntfy.dll = (Microsoft Corporation)
    \SensLogn - WlNotify.dll = (Microsoft Corporation)
    \termsrv - wlnotify.dll = (Microsoft Corporation)
    \WgaLogon - WgaLogon.dll = (Microsoft Corporation)
    \wlballoon - wlnotify.dll = (Microsoft Corporation)

    >>> DNS Name Servers <<<
    {3E819EDA-846B-4BAC-A680-6020B7BA87FA} - (RCA USB Cable Modem)
    {6792F980-F0B1-4288-BD8D-F28A9C503735} - (Intel(R) PRO/Wireless 2200BG Network Connection)
    {9318B4D7-AEA5-4FB0-8BF8-0F06365275BD} - (1394 Net Adapter)
    {F84BD78E-94F6-4BC7-809E-B5EE06FEFB1F} - (Realtek RTL8139/810x Family Fast Ethernet NIC)

    >>> All Winsock2 Catalogs <<<
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
    \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
    \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
    \000000000001\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000002\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000003\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000004\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000005\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000006\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000007\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000008\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000009\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000010\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000011\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000012\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000013\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000014\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000015\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000016\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000017\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000018\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000019\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000020\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000021\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()
    \000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000025\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000026\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000027\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000028\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000029\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000030\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000031\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000032\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000033\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000034\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000035\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000036\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000037\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000038\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000039\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000040\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000041\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000042\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000043\\PackedCatalogItem - cc:\windows\system32\mclsp.dll ()

    >>> Protocol Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
    \ipp - ()
    \msdaipp - ()

    >>> Protocol Filters (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
    >>> Selected AddOn's <<<

    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
     
  11. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Hi, BIGJARBREWSKY :)

    Set Explorer to view Hidden Files and Folders:
    • Right-click your Start button and go to "Explore".
    • Select Tools from the menu
    • Select Folder Options
    • Select the View tab
    • Click on Show all Files and Folders
    • Click OK.
    Please go here:
    The Spy Killer Forum
    • Click on "New Topic"
    • Put your name, e-mail address, and this as the title: "C:\WINDOWS\system32\SysPr.prx "
    • Put a link to this thread in the description box.
    • Then next to the file box, at the bottom, click the browse button, then navigate to this file:
      • C:\WINDOWS\system32\SysPr.prx
    • Click Open.
    • Click Post.
    Set Explorer to Defaults:
    • Right-click your Start button and go to "Explore".
    • Select Tools from the menu
    • Select Folder Options
    • Select the View tab
    • Click on Restore Defaults
    • Click OK.
    Click here to download Dr.Web CureIt and save it to your desktop.
    • Doubleclick the drweb-cureit.exe file and allow to run the express scan
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, mark the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow at the right, and the scan will start.
    • Click 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can click next icon next to the files found:
      [​IMG]
    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
      [​IMG]
    • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.
     
  12. BIGJARBREWSKY

    BIGJARBREWSKY Thread Starter

    Joined:
    Jun 7, 2006
    Messages:
    27
    i have been for the past dy or so llooking 4 the file on the c drive "c:system32, etc....
    also the the dr.webure didnt fid anything, but NSIS media pop ups are evryda 2 hrs or so and my comp usage is at 100% the majority of the time
     
  13. JSntgRvr

    JSntgRvr José Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,524
    Hi, BIGJARBREWSKY :)

    Please download the Suspicious File Packer from Here. Extract its contents to the desktop. Open the SFP folder on your desktop and run the SFP.EXE file.

    Copy and Paste the following bold locations into the Suspicious File Packer window:

    C:\WINDOWS\system32\SysPr.prx
    C:\WINDOWS\bootstat.dat


    Click on Continue to allow SFP to pack the file. This will generate a CAB archive on your desktop.

    Click Here to upload the created CAB archive.
    • Click on "New Topic"
    • Put your name, e-mail address, and this as the title: "Suspicious File Packer"
    • Put a link to this thread in the description box.
    • Then next to the file box, at the bottom, click the browse button, then navigate to CAB archive that was been created on your desktop.
    • The cab file will be called requested-files(*).cab (the * stands for the date and hour).
      Then click the Send File button below.
    • Click Open.
    • Click Post.
    Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
    • Save it to the desktop.
    • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
    • You will receive a prompt:
      • Do you want to skip supplementary searches?
        click NO
    • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
    • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
    • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
    *NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

    There is an infection that works silently, and there is no way to detect it by regular means. Lets run the fix just in case:

    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please click Here to download AproposFix (by Swandog46). Save it to your desktop but do NOT run it yet.

    Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts. When the tool is finished, please restart the computer back into normal mode.

    Post a new HijackThis log, along with the contents of the log.txt file in the aproposfix folder and the Silent Runners log.

    The Spykiller Forum will let us know about the outcome of the above files.
     
  14. BIGJARBREWSKY

    BIGJARBREWSKY Thread Starter

    Joined:
    Jun 7, 2006
    Messages:
    27
    "Silent Runners.vbs", revision 48, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1" ["Adobe Systems Incorporated"]
    "Sonic RecordNow! Deluxe" = (empty string)
    "Aim6" = (empty string)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
    "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
    "UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
    "SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
    "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
    "eabconfg.cpl" = "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "]
    "Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data]
    "LXSUPMON" = "C:\WINDOWS\system32\LXSUPMON.EXE RUN" ["Lexmark International Inc."]
    "MPFEXE" = "C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" ["McAfee Security"]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "HostManager" = "C:\Program Files\Common Files\AOL\1138638802\ee\AOLSoftware.exe" ["America Online, Inc."]
    "sscRun" = "C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_109_2_1\SSCRun.exe" ["America Online"]
    "MPSExe" = "C:\Program Files\mcafee.com\MPS\mscifapp.exe /embedding" ["McAfee, Inc."]
    "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
    "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\(Default) = "AOL Toolbar Launcher"
    -> {HKLM...CLSID} = "AOL Toolbar Launcher"
    \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll" ["America Online, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
    -> {HKLM...CLSID} = "Display Panning CPL Extension"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
    -> {HKLM...CLSID} = "Shell Search Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
    "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
    -> {HKLM...CLSID} = "RecordNow! SendToExt"
    \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow! Deluxe\shlext.dll" [null data]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {HKLM...CLSID} = "Portable Media Devices"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices"
    -> {HKLM...CLSID} = "Portable Devices"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS]
    "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu"
    -> {HKLM...CLSID} = "Portable Devices Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
    "{40DAD1B9-DDCF-4A31-A5D3-A03BC8881370}" = "IndexingServiceExtExt Extension"
    -> {HKLM...CLSID} = "IndexingServiceExt Class"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\windexserv.dll" [null data]
    "{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"
    -> {HKLM...CLSID} = "Haali Column Provider"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM...CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    INFECTION WARNING! "AppInit_DLLs" = "sockspy.dll" [file not found]

    HKLM\System\CurrentControlSet\Control\Session Manager\
    INFECTION WARNING! "BootExecute" = "autocheck autochk * stera" [file not found], [MS], [file not found], [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"
    -> {HKLM...CLSID} = "Haali Column Provider"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Jaron Baptiste\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


    Startup items in "Jaron Baptiste" & "All Users" startup folders:
    ----------------------------------------------------------------

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    c:\windows\system32\mclsp.dll ["McAfee, Inc."], 01 - 21, 43
    %SystemRoot%\system32\mswsock.dll [MS], 22 - 24, 27 - 42
    %SystemRoot%\system32\rsvpsp.dll [MS], 25 - 26


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{DE9C389F-3316-41A7-809B-AA305ED9D922}"
    -> {HKLM...CLSID} = "AOL Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll" ["America Online, Inc."]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{DE9C389F-3316-41A7-809B-AA305ED9D922}" = "AOL Toolbar"
    -> {HKLM...CLSID} = "AOL Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll" ["America Online, Inc."]

    Explorer Bars

    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
    {21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Shell Search Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]


    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop

    Missing lines (compared with English-language version):
    [Strings]: 1 line

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
    "{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" = "AOL Search"
    -> {HKLM...CLSID} = "AOLTBSearch Class"
    \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll" ["America Online, Inc."]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    AOL Antivirus Update Service, aolavupd, ""C:\Program Files\Common Files\AOL\1138638802\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe"" ["America Online"]
    AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["America Online"]
    AOL TopSpeed Monitor, AOL TopSpeedMonitor, "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" ["America Online, Inc"]
    HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
    iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
    LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
    McAfee McShield, McShield, "C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe" ["McAfee Inc."]
    McAfee Personal Firewall Service, MpfService, ""C:\Program Files\mcafee.com\personal firewall\MPFService.exe"" ["McAfee Corporation"]
    Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]


    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 94 seconds.
    + The search for all Registry CLSIDs containing dormant Explorer Bars
    took 24 seconds.
    ---------- (total run time: 156 seconds)
     
  15. BIGJARBREWSKY

    BIGJARBREWSKY Thread Starter

    Joined:
    Jun 7, 2006
    Messages:
    27
    Log of AproposFix v1.1

    ************

    Running from directory:
    C:\Documents and Settings\Jaron Baptiste\Desktop\aproposfix

    ************



    Registry entries found:


    ************

    No service found!

    Removing hidden folder:
    No folder found!

    Deleting files:


    Backing up files:
    Done!

    Removing registry entries:

    REGEDIT4


    Done!

    Finished!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/502341