1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: System Alert & Security Alert Spyware

Discussion in 'Virus & Other Malware Removal' started by panicstrickyn, Sep 26, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. panicstrickyn

    panicstrickyn Thread Starter

    Joined:
    Sep 26, 2007
    Messages:
    5
    I've been getting the following balloon messages on my taskbar:

    pic link 1

    pic link 2

    Along with these many balloon messages, I've been getting random pop-ups for spyware & virus programs, as well as the occasional other site. I ran Spybot, Spyware Terminator, Ad-Aware, and AVG Anti-Spyware 7.5.

    After reading through the forums, I also ran them all in safe mode, and ran SDFix in safe mode as well.

    I don't seem to be getting the pop-ups anymore, but the shield on my taskbar (in pic 1) is still there and the balloon message still comes up every few minutes.

    This is my latest HijackThis Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:43:19 PM, on 9/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\notepad.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\My Book\WD Backup\uBBMonitor.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,[email protected]
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
    O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.lvarmls.com
    O15 - Trusted Zone: http://*.rapmls.com
    O15 - Trusted Zone: http://*.vvmls.com
    O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.53/slots/alibaba-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.9.2.21/backgammon/backgammon-ob-assets.cab
    O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.com/applet-5.8.1.28/roulette/roulette-ob-assets.cab
    O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.3.0.46/blackjack/blackjack-ob-assets.cab
    O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.3.20/videoblackjack/videoblackjack-ob-assets.cab
    O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.3.0.53/canasta/canasta-ob-assets.cab
    O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20/cribbage/cribbage-ob-assets.cab
    O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
    O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab
    O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.9.2.21/euchre/euchre-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo - http://temp36.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: First Class Solitaire by pogo.com - http://solitaire24.pogo.com/applet/solitaire2/solitaire2-ob-assets.cab
    O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab
    O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.8.5.28/hearts/hearts-ob-assets.cab
    O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pogo.com/applet-5.8.1.28/drawpoker/drawpoker-ob-assets.cab
    O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-6.0.2.29/videopoker2/jokerswild-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.3.0.53/gin/gin-ob-assets.cab
    O16 - DPF: Jungle Gin by pogo.com - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
    O16 - DPF: Keno by pogo - http://keno.pogo.com/applet-5.8.3.20/keno/keno-ob-assets.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.0.46/lottso/lottso-ob-assets.cab
    O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet/mahjong/mahjong-ob-assets.cab
    O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.0.46/mlslots/mlslots-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.9.1.28/freecell/freecell-ob-assets.cab
    O16 - DPF: Payday FreeCell by pogo.com - http://freecell.pogo.com/applet/freecell/freecell-ob-assets.cab
    O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3.20/flinger/flinger-ob-assets.cab
    O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.3.0.53/poppazoppa/poppazoppa-ob-assets.cab
    O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.0.18/poppit/poppit-ob-assets.cab
    O16 - DPF: PUFLITE - http://jillspringer1.point2homes.biz/Photo/Control/PUFLITE.CAB
    O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1.28/slots/showbiz-ob-assets.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.1.26/spider/spider-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Sweet Tooth TM by pogo - http://solitaire24.pogo.com/applet-5.8.4.18/sweettooth/sweettooth-ob-assets.cab
    O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2.31/holdem/holdem-ob-assets.cab
    O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.2.21/peaks/peaks-ob-assets.cab
    O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.3.1.26/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Tumble Bees by pogo.com - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab
    O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.2.29/videopoker2/videopoker-ob-assets.cab
    O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.2.19/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: Word Whomp Whackdown by pogo.com - http://whackdown.pogo.com/applet/whackdown/whackdown-ob-assets.cab
    O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.9.1.28/worldclass/worldclass-ob-assets.cab
    O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://mirror.worldwinner.com/games/v40/mines/mines.cab
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://mirror.worldwinner.com/games/v42/brickout/brickout.cab
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://live.vip.com/system/web/view/live/messaging/ie/SecMgr.cab
    O16 - DPF: {5EE92643-21CE-4949-903F-39439DCC3944} (Shapetris Control) - http://mirror.worldwinner.com/games/v42/shape/shape.cab
    O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
    O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
    O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v44/wordcube/wordcube.cab
    O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v47/collapse/collapse.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8BDF4BDB-7C40-4DC8-B2DD-138D8059698C} (Focus Control) - http://mirror.worldwinner.com/games/v40/focus/focus.cab
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab
    O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v44/sol/sol.cab
    O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://mirror.worldwinner.com/games/v48/haunted/haunted.cab
    O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} - http://pak02.pictures.aol.com/ygp/aol/plugin/screensaver/YGPPicScreensaver.en-US.9.1.6.20.cab
    O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.cashcall.com/LoanStatus/x86/capicom.dll
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/DLhelper/version6/dlhelper.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://mirror.worldwinner.com/games/v40/hangman/hangman.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://mirror.worldwinner.com/games/v40/tilecity/tilecity.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.20/ttinst.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - file://D:\Bin\html\files\MotivePreQual.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://mirror.worldwinner.com/games/v43/solotriv/solotriv.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://register3.valueactive.com/318/webolr/OCX/FlashAX.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab
    O16 - DPF: {F55C25D3-D16A-11D3-81DF-00A0C91F5E7D} (Gtek Print Control) - http://www.kiddonet.com/kiddonet/GtekPrt.ocx
    O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


    (on a side note: I don't even go on pogo or worldwinner anymore, so all those dpf messages - can I use hijackthis to remove them without any problems?)
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You can safely remove them with hijack - any O16's that are remove will regen if needed

    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :


    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall

    =====================
    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others as they were.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me regardless of what it finds with a new HijackThis log.

    This will take some time!!!!!!!!
     
  3. panicstrickyn

    panicstrickyn Thread Starter

    Joined:
    Sep 26, 2007
    Messages:
    5
    Looks like it worked. Here are my logs.


    ComboFix 07-09-27.3 - Melissa Dawson 2007-09-26 17:24:55.1 - NTFSx86
    CScript Error: Can't find script engine "VBScript" for script "C:\ComboFix\osid.vbs".
    Running from: C:\Program Files\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\macromedia\Flash Player\#SharedObjects\9GWADT22\www.broadcaster.com
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\macromedia\Flash Player\#SharedObjects\9GWADT22\www.broadcaster.com\played_list.sol
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\macromedia\Flash Player\#SharedObjects\9GWADT22\www.broadcaster.com\video_queue.sol
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\WINDOWS\Fonts\acrsecI.fon
    C:\WINDOWS\system32\jrpkmgh.dll

    .
    ((((((((((((((((((((((((( Files Created from 2007-08-27 to 2007-09-27 )))))))))))))))))))))))))))))))
    .

    2007-09-26 17:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-26 17:23 1,440,887 --a------ C:\Program Files\ComboFix.exe
    2007-09-26 15:33 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-09-26 15:10 1,159,892 --a------ C:\SDFix.exe
    2007-09-26 12:36 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
    2007-09-26 12:34 12,413,440 --a------ C:\Program Files\avgas-setup-7.5.1.43.exe
    2007-09-26 01:14 <DIR> d-------- C:\Program Files\Spyware Terminator
    2007-09-26 01:14 <DIR> d-------- C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\Spyware Terminator
    2007-09-26 01:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2007-09-26 01:13 9,308,080 --a------ C:\Program Files\SpywareTerminatorSetup.exe
    2007-09-26 01:09 93,696 --a------ C:\Program Files\KillBox.exe
    2007-09-26 01:09 <DIR> d-------- C:\!KillBox
    2007-09-25 21:56 251,392 --a------ C:\Program Files\hijackthis_sfx.exe
    2007-09-25 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-25 21:54 7,467,056 --a------ C:\Program Files\spybotsd15.exe
    2007-09-25 16:19 <DIR> d-------- C:\Program Files\Online Video Add-on
    2007-09-23 10:48 <DIR> d-------- C:\Program Files\Team Craxtion
    2007-09-22 23:09 81,920 --a------ C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\ezpinst.exe
    2007-09-22 23:09 47,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pcouffin.sys
    2007-09-22 23:09 47,360 --a------ C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\pcouffin.sys
    2007-09-22 23:09 14 --a------ C:\WINDOWS\SYSTEM32\systeminfo3.dll
    2007-09-22 22:54 <DIR> d-------- C:\Program Files\orlogix
    2007-09-22 15:00 1 --a------ C:\WINDOWS\SYSTEM32\SI.bin
    2007-09-22 14:33 1,043,036 --a------ C:\Program Files\PowerISO38.exe
    2007-09-22 14:33 <DIR> d-------- C:\Program Files\PowerISO
    2007-09-21 21:00 <DIR> d-------- C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\ImgBurn
    2007-09-21 20:55 <DIR> d-------- C:\Program Files\ImgBurn
    2007-09-19 13:07 <DIR> d-------- C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\OpenOffice.org2
    2007-09-19 00:56 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
    2007-09-11 22:38 2,228,534 --a------ C:\Program Files\audacity-win-1.2.6.exe
    2007-09-11 22:38 1,512,927 --a------ C:\Program Files\LADSPA_plugins-win-0.4.15.exe
    2007-09-11 22:38 <DIR> d-------- C:\Program Files\Audacity
    2007-09-09 00:34 <DIR> d-------- C:\Program Files\DellSupport
    2007-09-05 14:43 38 --a------ C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\MTC-savedinstructor.dat
    2007-09-05 14:26 102 --a------ C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\MTC-savedfolder.dat
    2007-09-02 11:31 1,770,616 --a------ C:\Program Files\npp.4.2.2.Installer.exe
    2007-09-02 11:31 <DIR> d-------- C:\Program Files\Notepad++
    2007-09-02 11:31 <DIR> d-------- C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\Notepad++
    2007-09-02 10:43 454,656 --a------ C:\Program Files\putty.exe
    2007-09-01 11:26 <DIR> d-------- C:\wamp
    2007-09-01 11:25 <DIR> d-a------ C:\Program Files\PortableWebAp3.5.1
    2007-09-01 11:23 22,312,757 --a------ C:\Program Files\wamp5_1.7.2.exe
    2007-08-31 18:54 <DIR> d-------- C:\Documents and Settings\Tanya Springer.OURNEWDELL\Contacts

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-26 15:12 --------- d-------- C:\Program Files\DL_cats
    2007-09-26 01:32 602747 --a------ C:\Program Files\WindowsDefender.msi
    2007-09-25 23:08 --------- d-------- C:\Program Files\Trillian
    2007-09-25 20:04 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-25 20:04 --------- d-------- C:\Program Files\SilverDollarCasino
    2007-09-25 20:03 --------- d-------- C:\Program Files\Millionaire Casino
    2007-09-25 19:59 --------- d-------- C:\Program Files\Oberon Media
    2007-09-25 19:26 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-09-22 23:12 --------- d-------- C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\Vso
    2007-09-22 14:28 --------- d-------- C:\Program Files\D-Tools
    2007-09-22 10:36 --------- d-------- C:\Program Files\DVD Decrypter
    2007-09-21 23:32 --------- d-------- C:\Program Files\BitLord
    2007-09-18 23:47 18040 --a------ C:\Program Files\OOo_2.3.0_Win32Intel_install_en-US.exe.torrent
    2007-09-15 02:19 --------- d-------- C:\Program Files\LimeWireShared
    2007-09-15 02:18 --------- d-------- C:\Program Files\Incomplete
    2007-09-11 22:39 156028 --a------ C:\Program Files\libmp3lame-win-3.97.zip
    2007-09-09 00:37 --------- d--h----- C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\Gtek
    2007-09-09 00:35 --------- d--h----- C:\Documents and Settings\Melissa Dawson\Application Data\GTek
    2007-09-02 11:18 5744150 --a------ C:\Program Files\PortableWebAp.3.5.1.zip
    2007-09-01 11:29 16211748 --a------ C:\Program Files\php_manual_chm.zip
    2007-08-20 01:01 --------- d-------- C:\Program Files\Common Files\CasinoVegasShared
    2007-08-20 00:59 2108256 --a------ C:\Program Files\millionairecasino.exe
    2007-08-17 21:07 --------- d-------- C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Application Data\Corel
    2007-08-15 21:14 7168 --ahsc--- C:\Program Files\Thumbs.db
    2007-08-06 17:15 33052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
    2007-07-20 13:03 40376 --a------ C:\Program Files\BrowserOptimizationTool.exe
    2007-07-14 19:54 56197 --a------ C:\Program Files\winMd5Sum-install.exe
    2007-07-14 19:54 504320 --a------ C:\Program Files\daemon347.exe
    2007-07-14 19:53 1975264 --a------ C:\Program Files\daemon4091-x64.exe
    2007-07-07 21:14 6221304 --a------ C:\Program Files\winamp535_full_emusic-7plus.exe
    2007-06-06 22:42 2428706 --a------ C:\Program Files\MagicDVDRipper501.exe
    2007-04-16 00:32 1445943 --a------ C:\Program Files\Jasc_Paint_Shop_Pro_v9.0crack.zip
    2007-04-15 22:43 9870032 --a------ C:\Program Files\fp2006-final-3.00-setup.zip
    2007-04-11 08:47 19994184 --a------ C:\Program Files\QuickTimeInstaller.exe
    2007-03-30 11:04 1022168 --a------ C:\Program Files\qmpsetup_win_mozilla_07030901.exe
    2007-03-18 11:40 27936568 --a------ C:\Program Files\wmp11-windowsxp-x64-enu.exe
    2007-02-14 00:07 42567136 --a------ C:\Program Files\93.71_forceware_winxp2k_english_whql.exe
    2007-02-11 02:39 19170000 --a------ C:\Program Files\avg75free_441a944.exe
    2007-02-09 09:50 125725408 --a------ C:\Program Files\Zoo2Trial.exe
    2007-02-07 17:02 2718696 --a------ C:\Program Files\Setup_MagicISO.exe
    2007-02-01 00:31 2085598 --a------ C:\Program Files\silverdollarcasino.exe
    2007-01-24 10:32 496085 --a------ C:\Program Files\Pivot.zip
    2007-01-24 00:40 1436672 --a------ C:\Program Files\dopewars-1.5.12.exe
    2007-01-14 13:04 9000041 --a------ C:\Program Files\trillian-v3.1.exe
    2007-01-14 13:04 17177896 --a------ C:\Program Files\Install_Messenger.exe
    2007-01-04 20:47 5505024 --a------ C:\Program Files\RoxyPalace_w3.exe
    2007-01-03 13:39 0 --a--c--- C:\Program Files\dlwrapper2.dll
    2007-01-03 12:34 3481600 --a------ C:\Program Files\GH0.exe
    2006-11-13 15:30 420864 --a------ C:\Program Files\SmartDownload.exe
    2006-10-20 10:36 1341072 --a------ C:\Program Files\SecurePlayerInstaller_Mozilla.exe
    2006-09-20 21:54 29696 --a------ C:\Program Files\ASSIGNMENT 13Reading Quiz on the Marquez Stories.doc
    2006-09-20 16:58 53955480 --a------ C:\Program Files\DesignPro5_2_Limited.exe
    2006-09-07 10:50 1073 --a--c--- C:\Program Files\pspbrwse.jbf
    2006-07-25 23:19 3007 --a------ C:\Program Files\Paint%2BShop%2BPro%2B7.0%2B-%2BFull.torrent
    2006-06-23 20:22 17344752 --a------ C:\Program Files\avg71free_394a763.exe
    2006-05-19 17:00 359112 --a------ C:\Program Files\LimeWireWin.exe
    2006-05-17 09:30 910421 --a------ C:\Program Files\vcdgear356_050213beta.zip
    2006-04-05 22:26 110104224 --a------ C:\Program Files\Nero-7.0.8.2_eng.exe
    2006-04-05 21:56 2010624 --a------ C:\Program Files\ventrilo-2.3.0-Windows-i386.exe
    2006-02-28 20:50 9898658 --a------ C:\Program Files\fp2006-final-3.00-setup.exe
    2006-01-18 18:34 1314816 -ra------ C:\Program Files\NxCore.dll
    2005-10-31 18:18 11023720 --a------ C:\Program Files\quicktimealt163.exe
    2005-10-24 19:02 1120090 --a------ C:\Program Files\PrintScreen31_Setup.exe
    2005-10-24 18:54 188406 --a------ C:\Program Files\updatecdr4_53_71.exe
    2005-10-24 18:54 15561744 --a------ C:\Program Files\avg71free_361a651.exe
    2005-10-22 00:23 1416944 --a------ C:\Program Files\WM9Codecs.exe
    2005-10-20 22:00 1900184 --a------ C:\Program Files\frinstall.exe
    2005-10-20 21:54 353298 --a------ C:\Program Files\LimeWireWin2.exe
    2005-10-20 18:40 5120 --ahsc--- C:\Program Files\Common Files\Thumbs.db
    2005-08-18 19:28 5808640 --a--c--- C:\Program Files\LimeWire.msi
    2004-11-07 11:08 2120312 --a------ C:\Program Files\Jasc Paint Shop Pro 9.msi
    2004-11-07 11:08 1221 --a------ C:\Program Files\Setup.ini
    2004-11-07 11:08 107916138 --a------ C:\Program Files\Data1.cab
    2004-07-06 09:43 10431072 --a--c--- C:\Program Files\mp71.exe
    2004-06-21 14:43 1019904 --a------ C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Hero Planner.exe
    2004-02-21 14:25 3497189 --a--c--- C:\Program Files\iMeshV4.exe
    2003-07-23 18:48 3806134 --a--c--- C:\Program Files\T21ToGoInstall.exe
    2003-03-16 00:42 3268923 --a--c--- C:\Program Files\winamp3_0-full.exe
    2003-02-25 11:04 4632 --a--c--- C:\Program Files\0x0409.ini
    2003-01-10 23:09 31637760 --a--c--- C:\Program Files\psp704ev.exe
    2002-03-11 09:06 1822520 --a------ C:\Program Files\instmsiw.exe
    2002-03-11 08:45 1708856 --a------ C:\Program Files\instmsia.exe
    2007-04-11 08:01:19 88 --sh--r C:\WINDOWS\SYSTEM32\AEE4BAEC7A.sys
    .

    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 14:43]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 03:32]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16]
    "nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
    "KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [2005-09-21 23:32]
    "KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [2005-09-21 23:32]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2003-10-06 14:16]
    "WD Button Manager"="WDBtnMgr.exe" [2007-03-29 15:23 C:\WINDOWS\SYSTEM32\WDBtnMgr.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 15:44]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 19:43]
    "Aim6"="" []
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "FlashPlayerUpdate"=C:\PROGRA~1\MOZILL~1\plugins\GetFlash.exe -p

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-27 00:43:00 C:\WINDOWS\Tasks\McAfee.com Update Check (OURNEWDELL-Jill Springer).job"
    - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    "2007-09-27 00:43:01 C:\WINDOWS\Tasks\McAfee.com Update Check (OURNEWDELL-Melissa Dawson).job"
    - C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    "2007-09-27 00:46:01 C:\WINDOWS\Tasks\McAfee.com Update Check (OURNEWDELL-Test).job"
    - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    "2002-11-14 00:46:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    "2007-09-26 07:00:00 C:\WINDOWS\Tasks\{A59B06F7-9486-4C4F-870D-1DFBFB739F33}_OURNEWDELL_Melissa Dawson.job"
    "2007-09-26 07:00:00 C:\WINDOWS\Tasks\{BDF4071A-4E7E-4A62-8F9D-AD4F5FAECC61}_OURNEWDELL_Melissa Dawson.job"
    - C:\WINDOWS\system32\MOBSYNC.EXE
    "2007-09-26 07:00:01 C:\WINDOWS\Tasks\{D21AC243-8063-4D74-95C6-BDBE2F06C265}_OURNEWDELL_Nicole Springer.job"
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-26 17:43:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-09-26 17:48:54 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-26 17:48
    .
    --- E O F ---
     
  4. panicstrickyn

    panicstrickyn Thread Starter

    Joined:
    Sep 26, 2007
    Messages:
    5
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/26/2007 at 07:42 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3314
    Trace Rules Database Version: 1316

    Scan type : Complete Scan
    Total Scan Time : 01:47:51

    Memory items scanned : 418
    Memory threats detected : 0
    Registry items scanned : 7616
    Registry threats detected : 14
    File items scanned : 68988
    File threats detected : 232

    Adware.Tracking Cookie
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Cookies\melissa [email protected][2].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][2].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][2].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][2].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][2].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][2].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][2].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][2].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][2].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][2].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][1].txt
    C:\Documents and Settings\Brittany Springer\Cookies\brittany [email protected][2].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][2].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][2].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][2].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][2].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][2].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][2].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][2].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][2].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][2].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Jill Springer\Cookies\jill [email protected][1].txt
    C:\Documents and Settings\Melissa Dawson\Cookies\melissa [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][2].txt
    C:\Documents and Settings\Nicole Springer\Cookies\nicole [email protected][1].txt
    C:\Documents and Settings\Tanya Springer\Cookies\tanya [email protected][1].txt
    C:\Documents and Settings\Tanya Springer\Cookies\tanya [email protected][2].txt
    C:\Documents and Settings\Tanya Springer\Cookies\tanya [email protected][1].txt
    C:\Documents and Settings\Tanya Springer\Cookies\tanya [email protected][1].txt
    C:\Documents and Settings\Tanya Springer\Cookies\tanya [email protected][1].txt
    C:\Documents and Settings\Tanya Springer\Cookies\tanya [email protected][1].txt
    C:\Documents and Settings\Tanya Springer.OURNEWDELL\Cookies\tanya [email protected][2].txt
    C:\Documents and Settings\Tanya Springer.OURNEWDELL\Cookies\tanya [email protected][2].txt
    C:\Documents and Settings\Tanya Springer.OURNEWDELL\Cookies\tanya [email protected][1].txt
    C:\Documents and Settings\Tanya Springer.OURNEWDELL\Cookies\tanya [email protected][2].txt
    C:\Documents and Settings\Tanya Springer.OURNEWDELL\Cookies\tanya [email protected][2].txt
    C:\Documents and Settings\Tanya Springer.OURNEWDELL\Cookies\tanya [email protected][2].txt
    C:\Documents and Settings\Tanya Springer.OURNEWDELL\Cookies\tanya [email protected][1].txt
    C:\Documents and Settings\Tanya Springer.OURNEWDELL\Cookies\tanya [email protected][2].txt
    C:\Documents and Settings\Tanya Springer.OURNEWDELL\Cookies\tanya [email protected][1].txt
    C:\Documents and Settings\Tanya Springer.OURNEWDELL\Cookies\tanya [email protected][2].txt
    C:\Documents and Settings\Test\Cookies\[email protected][2].txt

    Spyware.WebSearch (WinTools/Huntbar)
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc

    Registry Cleaner Trial
    HKCR\Install.Install
    HKCR\Install.Install\CLSID
    HKCR\Install.Install\CurVer
    HKCR\Install.Install.1
    HKCR\Install.Install.1\CLSID

    Trojan.Security Toolbar
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
    C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

    Trojan.Media-Codec/V4
    C:\Program Files\Online Video Add-on\icmntr.exe
    C:\Program Files\Online Video Add-on\icthis.exe
    C:\Program Files\Online Video Add-on\ictun.exe
    C:\Program Files\Online Video Add-on\isfun.exe
    C:\Program Files\Online Video Add-on\ot.ico
    C:\Program Files\Online Video Add-on\ts.ico
    C:\Program Files\Online Video Add-on
    HKU\S-1-5-21-72185382-689911805-3210325236-1012\Software\Online Add-on
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1640\A0328814.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1640\A0329201.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1642\A0329348.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1642\A0329387.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1644\A0329430.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1644\A0329437.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1644\A0329446.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1644\A0329453.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1644\A0329499.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1644\A0329530.EXE
    C:\WINDOWS\Prefetch\ICMNTR.EXE-0B1C29EA.pf
    C:\WINDOWS\Prefetch\ICTHIS.EXE-2A4B26DB.pf

    Adware.Avenue Media/Web Rebates (TopRebates)
    C:\DOCUMENTS AND SETTINGS\BRITTANY SPRINGER\LOCAL SETTINGS\TEMP\DJTOPR1150.EXE

    Trojan.Downloader-JKill
    C:\DOCUMENTS AND SETTINGS\BRITTANY SPRINGER\LOCAL SETTINGS\TEMP\JKILL.EXE

    Remove_spyware.exe
    C:\DOCUMENTS AND SETTINGS\BRITTANY SPRINGER\LOCAL SETTINGS\TEMP\REMOVE_SPYWARE.EXE

    Adware.eXact Advertising
    C:\DOCUMENTS AND SETTINGS\BRITTANY SPRINGER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WDKZ4N0B\BBI8025[1].EXE

    Adware.ShopAtHomeAgent
    C:\DOCUMENTS AND SETTINGS\BRITTANY SPRINGER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WDKZ4N0B\SAHAGENT-MEDIAMOTOR1002[1].EXE
    C:\DOCUMENTS AND SETTINGS\BRITTANY SPRINGER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WDKZ4N0B\SAHAGENT-MEDIAMOTOR1003[1].EXE

    Browser Hijacker.Favorites
    C:\DOCUMENTS AND SETTINGS\MELISSA DAWSON.OURNEWDELL\FAVORITES\ONLINE SECURITY TEST.URL

    !UPDATE.EXE
    C:\DOCUMENTS AND SETTINGS\NICOLE SPRINGER\APPLICATION DATA\TTUH.EXE
    C:\DOCUMENTS AND SETTINGS\NICOLE SPRINGER\LOCAL SETTINGS\TEMP\!UPDATE.EXE

    Adware.WildMedia/Midaddle
    C:\DOCUMENTS AND SETTINGS\NICOLE SPRINGER\LOCAL SETTINGS\TEMP\CLICKS.DLL
    C:\DOCUMENTS AND SETTINGS\NICOLE SPRINGER\LOCAL SETTINGS\TEMP\JPCTY11.EXE

    Adware.Sandboxer (MemoryWatcher)
    C:\DOCUMENTS AND SETTINGS\NICOLE SPRINGER\LOCAL SETTINGS\TEMP\INSTNOTIFY.EXE
    C:\DOCUMENTS AND SETTINGS\NICOLE SPRINGER\LOCAL SETTINGS\TEMP\MEMORYWATCHER_B.EXE

    Browser Hijacker.Apropos Media/PeopleOnPage
    C:\DOCUMENTS AND SETTINGS\NICOLE SPRINGER\LOCAL SETTINGS\TEMP\MW_4S_STUB.EXE
    C:\DOCUMENTS AND SETTINGS\NICOLE SPRINGER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\7MK3FX8T\MW_4S_STUB[1].EXE

    Adware.WildMedia/WinFetcher
    C:\DOCUMENTS AND SETTINGS\NICOLE SPRINGER\LOCAL SETTINGS\TEMP\U52MZ.EXE

    Trojan.Smitfraud Variant
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JRPKMGH.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1644\A0329659.DLL

    Trojan.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1644\A0329513.EXE
    C:\WINDOWS\TEMPF.TXT

    Adware.ClickSpring
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1644\A0329516.EXE

    Adware.Spyware Labs
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{21D7D692-4662-421F-93B0-877BC3820711}\RP1644\A0329517.DLL

    Ebates Moe Money Maker Processes
    C:\WINDOWS\EBATESMOEMONEYMAKER.EXE

    Adware.eXactAdvertising-Installer
    C:\WINDOWS\EXTRACT.EXE

    Adware.MyWay
    C:\WINDOWS\MYBARSP.EXE

    Adware.ClearSearch
    C:\WINDOWS\SYSTEM32\C17BQS.DLL

    Trace.Known Threat Sources
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\QH92B6H8\ctxad-208[1].0000
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\WFK4CFNO\campaigns6_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\K5OZGF07\campaigns8_2[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\G7CUXEIB\ctxad-109[1].0001
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\G7CUXEIB\ctxad-208[1].sig
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\2X9INAXK\client_settings_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\QH92B6H8\campaigns8_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\5FX8T5BJ\campaigns7_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\E9KN2TA1\ctxad-217[1].0000
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\Z8PFBPCE\ctxad-208[1].0002
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\QH92B6H8\ver2[1].htm
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\7MK3FX8T\!update-1245[1].sig
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\PJ3F5DCE\ctxad-208[1].0001
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\K5OZGF07\campaigns[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\WFK4CFNO\ctxad-217[1].sig
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\G7CUXEIB\campaigns3_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\G7CUXEIB\campaigns3[1].encrypted
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\5FX8T5BJ\ctxad-109[1].0002
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\K5OZGF07\campaigns5_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\QH92B6H8\campaigns3_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\4DCVKR0F\campaigns2[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\3YCFVTS9\campaigns2_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\PJ3F5DCE\campaigns_3[2].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\Z8PFBPCE\campaigns9_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\E9KN2TA1\ctxad-205[1].sig
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\K5OZGF07\ctxad-205[1].0002
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\5FX8T5BJ\campaigns13_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\Z8PFBPCE\ctxad-109[1].0000
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\7MK3FX8T\!update-1245[1].0000
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\PJ3F5DCE\campaigns_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\Z8PFBPCE\ctxad-217[1].0002
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\QH92B6H8\ctxad-205[1].0000
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\3YCFVTS9\client_settings[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\5FX8T5BJ\campaigns10_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\PJ3F5DCE\ctxad-205[1].0001
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\7MK3FX8T\campaigns2_2[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\E9KN2TA1\campaigns2[1].encrypted
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\PJ3F5DCE\campaigns6_2[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\Z8PFBPCE\campaigns5_2[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\PJ3F5DCE\campaigns3_2[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\7MK3FX8T\campaigns6_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\K5OZGF07\campaigns8_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\Z8PFBPCE\campaigns12_3[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\Z8PFBPCE\campaigns_2[1].bin
    C:\Documents and Settings\Nicole Springer\Local Settings\Temporary Internet Files\Content.IE5\PJ3F5DCE\ver2[1].htm
     
  5. panicstrickyn

    panicstrickyn Thread Starter

    Joined:
    Sep 26, 2007
    Messages:
    5
    Logfile of HijackThis v1.99.1
    Scan saved at 8:03:19 PM, on 9/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\My Book\WD Backup\uBBMonitor.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,[email protected]
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
    O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.lvarmls.com
    O15 - Trusted Zone: http://*.rapmls.com
    O15 - Trusted Zone: http://*.vvmls.com
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



    Thanks so much for all the help. The icon is gone and so far no pop ups or anything. I really appreciate it.
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Add remove programs - remove all occurrences of Viewpoint

    Be sure to allow these changes in TeaTimer

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll

    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)

    O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode



    How are things on the PC???????????
     
  7. panicstrickyn

    panicstrickyn Thread Starter

    Joined:
    Sep 26, 2007
    Messages:
    5
    Everything looks good. No icon still after a whole night, and no popups either. Again, really appreciate all the help and the super quick response time. :)



    Logfile of HijackThis v1.99.1
    Scan saved at 12:06:32 PM, on 9/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\My Book\WD Backup\uBBMonitor.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,[email protected]
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
    O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Melissa Dawson.OURNEWDELL\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.lvarmls.com
    O15 - Trusted Zone: http://*.rapmls.com
    O15 - Trusted Zone: http://*.vvmls.com
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/629692

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice