1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Windows Security Center-Alert(pop-up), hijackthis log included

Discussion in 'Virus & Other Malware Removal' started by imfuzzy, Aug 5, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. imfuzzy

    imfuzzy Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    10
    I keep getting a Windows Security Center-Alert pop-up about every 5 min. When I try and close this pop-up I get redirected to an Antispywarenetwork page(www.antispynet.com). I've tried to get rid of it a few times but it keeps coming back. Any help will be greatly appreciated. Thank you in advance.

    WinXP, service pack 2

    Logfile of HijackThis v1.99.1
    Scan saved at 12:22:52 PM, on 8/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\smartdrv.exe
    C:\WINDOWS\system32\officescan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - _{58357D51-9CC7-B247-BB2E-9FABCA35BFC4} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe,
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,icfjbfs.exe
    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
    O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll
    O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
    O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [sys02178924837] C:\WINDOWS\sys02178924837.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Apaw] "C:\PROGRA~1\COMMON~1\PPATCH~1\nopdb.exe" -vt yazr
    O4 - HKCU\..\Run: [Kfdrrc] C:\WINDOWS\system32\?asks\l?***.exe
    O4 - HKCU\..\Run: [dlstr] C:\WINDOWS\system32\hwhbqa.exe reg_run
    O4 - HKCU\..\Run: [irqz] C:\PROGRA~1\COMMON~1\irqz\irqzm.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
    O18 - Protocol: bw+0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {EB73642F-B998-42DA-AF61-7796DBD4D477} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
    O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
    O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Add remove programs - remove logitech desktop messenger

    ===================

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We’ll get them next step.
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
    ===========================

    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  3. imfuzzy

    imfuzzy Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    10
    ok did what you asked here are the logs.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:53:43 PM, on 8/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\Prevx1\PXConsole.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\smartdrv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - _{58357D51-9CC7-B247-BB2E-9FABCA35BFC4} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe,
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,icfjbfs.exe
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [sys02178924837] C:\WINDOWS\sys02178924837.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Apaw] "C:\PROGRA~1\COMMON~1\PPATCH~1\nopdb.exe" -vt yazr
    O4 - HKCU\..\Run: [Kfdrrc] C:\WINDOWS\system32\?asks\l?***.exe
    O4 - HKCU\..\Run: [dlstr] C:\WINDOWS\system32\hwhbqa.exe reg_run
    O4 - HKCU\..\Run: [irqz] C:\PROGRA~1\COMMON~1\irqz\irqzm.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
    O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
    O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
    O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    spy sweeper log-

    2:50 PM: Deletion from quarantine completed. Elapsed time 00:00:02
    2:50 PM: Processing: statcounter cookie
    2:50 PM: Processing: 2o7.net cookie
    2:50 PM: Processing: command
    2:50 PM: Processing: adwaresheriff fakealert
    2:50 PM: Processing: adwaresheriff fakealert
    2:50 PM: Processing: adwaresheriff fakealert
    2:50 PM: Processing: adwaresheriff fakealert
    2:50 PM: Processing: adwaresheriff fakealert
    2:50 PM: Processing: adwaresheriff fakealert
    2:50 PM: Processing: adwaresheriff fakealert
    2:50 PM: Processing: adwaresheriff fakealert
    2:50 PM: Processing: adwaresheriff fakealert
    2:50 PM: Processing: targetsaver
    2:50 PM: Processing: targetsaver
    2:50 PM: Processing: trojan-downloader-wstart
    2:50 PM: Processing: trojan-downloader-wstart
    2:50 PM: Processing: trojan-downloader-wstart
    2:50 PM: Processing: trojan-downloader-wstart
    2:50 PM: Processing: trojan-downloader-wstart
    2:50 PM: Processing: trojan-downloader-wstart
    2:50 PM: Processing: maxifiles
    2:50 PM: Processing: maxifiles
    2:50 PM: Processing: tibs dialer
    2:50 PM: Processing: bookedspace
    2:50 PM: Processing: bookedspace
    2:50 PM: Processing: enbrowser
    2:50 PM: Processing: enbrowser
    2:50 PM: Processing: daily toolbar
    2:50 PM: Processing: daily toolbar
    2:50 PM: Processing: daily toolbar
    2:50 PM: Processing: daily toolbar
    2:50 PM: Processing: daily toolbar
    2:50 PM: Processing: daily toolbar
    2:50 PM: Processing: daily toolbar
    2:50 PM: Processing: daily toolbar
    2:50 PM: Processing: daily toolbar
    2:50 PM: Processing: daily toolbar
    2:50 PM: Processing: daily toolbar
    2:50 PM: Processing: daily toolbar
    2:50 PM: Processing: blazefind
    2:50 PM: Processing: blazefind
    2:50 PM: Processing: blazefind
    2:50 PM: Processing: blazefind
    2:50 PM: Processing: blazefind
    2:50 PM: Processing: blazefind
    2:50 PM: Processing: blazefind
    2:50 PM: Processing: directrevenue-abetterinternet
    2:50 PM: Processing: directrevenue-abetterinternet
    2:50 PM: Processing: directrevenue-abetterinternet
    2:50 PM: Processing: directrevenue-abetterinternet
    2:50 PM: Processing: directrevenue-abetterinternet
    2:50 PM: Deletion from quarantine initiated
    2:50 PM: Removal process completed. Elapsed time 00:01:13
    2:49 PM: Quarantining All Traces: statcounter cookie
    2:49 PM: Quarantining All Traces: 2o7.net cookie
    2:49 PM: Quarantining All Traces: command
    2:49 PM: Quarantining All Traces: targetsaver
    2:49 PM: Quarantining All Traces: maxifiles
    2:49 PM: Quarantining All Traces: bookedspace
    2:49 PM: Quarantining All Traces: adwaresheriff fakealert
    2:49 PM: Quarantining All Traces: enbrowser
    2:49 PM: Quarantining All Traces: trojan-downloader-wstart
    2:49 PM: Quarantining All Traces: tibs dialer
    2:49 PM: Quarantining All Traces: daily toolbar
    2:49 PM: Quarantining All Traces: blazefind
    2:49 PM: Quarantining All Traces: directrevenue-abetterinternet
    2:49 PM: Removal process initiated
    2:44 PM: Traces Found: 82
    2:44 PM: Full Sweep has completed. Elapsed time 00:25:47
    2:44 PM: File Sweep Complete, Elapsed Time: 00:18:52
    2:36 PM: Warning: Failed to access drive D:
    2:34 PM: C:\Program Files\Common Files\irqz\irqzd\vocabulary (ID = 78283)
    2:34 PM: C:\Program Files\Common Files\irqz\irqzd\class-barrel (ID = 78229)
    2:34 PM: Found Adware: targetsaver
    2:25 PM: C:\Program Files\ipwins (6 subtraces) (ID = 2147524552)
    2:25 PM: Starting File Sweep
    2:25 PM: Warning: Failed to access drive A:
    2:25 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    2:25 PM: c:\documents and settings\fuzzy\cookies\[email protected][1].txt

    (ID = 3447)
    2:25 PM: Found Spy Cookie: statcounter cookie
    2:25 PM: c:\documents and

    settings\fuzzy\cookies\[email protected][1].txt (ID = 1958)
    2:25 PM: Found Spy Cookie: 2o7.net cookie
    2:25 PM: Starting Cookie Sweep
    2:25 PM: Registry Sweep Complete, Elapsed Time:00:00:18
    2:25 PM: HKU\S-1-5-21-329068152-1708537768-839522115-1003\software\ipwins\

    (ID = 1516546)
    2:25 PM: Found Adware: maxifiles
    2:25 PM:

    HKU\S-1-5-21-329068152-1708537768-839522115-1003\software\system\sysuid\ (ID

    = 731748)
    2:25 PM: HKLM\software\transponder\ || adware.srv32 (ID = 1559212)
    2:25 PM: HKLM\software\software\tps108\ || adware.srv32 (ID = 1559211)
    2:25 PM: HKLM\software\microsoft\windows\currentversion\run\ ||

    adware.srv32 (ID = 1510177)
    2:25 PM:

    HKLM\software\classes\typelib\{c13f6a43-3c5a-429a-87d5-3bbf60099cf0}\ (ID =

    1503034)
    2:25 PM: HKCR\typelib\{c13f6a43-3c5a-429a-87d5-3bbf60099cf0}\ (ID =

    1503005)
    2:25 PM:

    HKLM\software\classes\appid\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID =

    1347514)
    2:25 PM: HKLM\software\classes\appid\scaggy.dll\ (ID = 1347512)
    2:25 PM: HKCR\appid\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347444)
    2:25 PM: HKCR\appid\scaggy.dll\ (ID = 1347442)
    2:25 PM: Found Adware: bookedspace
    2:25 PM: HKLM\software\microsoft\windows\currentversion\run\ ||

    adware.srv32 (ID = 1341582)
    2:25 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser

    helper objects\{e52dedbb-d168-4bdb-b229-c48160800e81}\ (ID = 1252134)
    2:25 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser

    helper objects\{8333c319-0669-4893-a418-f56d9249fca6}\ (ID = 1252128)
    2:25 PM:

    HKLM\software\classes\clsid\{e52dedbb-d168-4bdb-b229-c48160800e81}\ (ID =

    1224213)
    2:25 PM:

    HKLM\software\classes\clsid\{60e2e76b-60e2e76b-60e2e76b-60e2e76b-60e2e76b}\

    (ID = 1224211)
    2:25 PM: HKLM\software\classes\url_relpacer.urlresolver\ (ID = 1224209)
    2:25 PM: HKCR\clsid\{e52dedbb-d168-4bdb-b229-c48160800e81}\ (ID = 1224201)
    2:25 PM: HKCR\clsid\{60e2e76b-60e2e76b-60e2e76b-60e2e76b-60e2e76b}\ (ID =

    1224199)
    2:25 PM: HKCR\url_relpacer.urlresolver\ (ID = 1224196)
    2:25 PM: Found Adware: adwaresheriff fakealert
    2:24 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (ID =

    1016072)
    2:24 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\

    (ID = 1016064)
    2:24 PM: Found Adware: command
    2:24 PM: HKLM\software\system\sysold\ (ID = 926808)
    2:24 PM: Found Adware: enbrowser
    2:24 PM: HKLM\software\respondmiter\ (ID = 146128)
    2:24 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser

    helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}\ (ID = 145940)
    2:24 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser

    helper objects\{00000000-f09c-02b4-6ec2-ad0300000000}\ (ID = 145927)
    2:24 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser

    helper objects\{00000000-c1ec-0345-6ec2-4d0300000000}\ (ID = 145925)
    2:24 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser

    helper objects\{00000000-59d4-4008-9058-080011001200}\ (ID = 145924)
    2:24 PM: Found Adware: directrevenue-abetterinternet
    2:24 PM: HKCR\wstart.whttphelper\ (ID = 144911)
    2:24 PM: HKCR\wstart.whttphelper.1\ (ID = 144910)
    2:24 PM: HKLM\software\wsoft\ (ID = 144909)
    2:24 PM: HKLM\software\classes\wstart.whttphelper\ (ID = 144907)
    2:24 PM: HKLM\software\classes\wstart.whttphelper.1\ (ID = 144906)
    2:24 PM:

    HKLM\software\classes\clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0}\ (ID =

    144905)
    2:24 PM:

    HKLM\software\classes\appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21}\ (ID =

    144904)
    2:24 PM: HKLM\software\classes\appid\wstart.dll\ (ID = 144903)
    2:24 PM: HKCR\clsid\{9896231a-c487-43a5-8369-6ec9b0a96cc0}\ (ID = 144902)
    2:24 PM: HKCR\appid\{f6bdb4e5-d6aa-4d1f-8b67-bcb0f2246e21}\ (ID = 144901)
    2:24 PM: HKCR\appid\wstart.dll\ (ID = 144900)
    2:24 PM: Found Trojan Horse: trojan-downloader-wstart
    2:24 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser

    helper objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}\ (ID = 137799)
    2:24 PM: Found Adware: tibs dialer
    2:24 PM: HKLM\software\nix solutions\dailytoolbar\ (ID = 124641)
    2:24 PM: HKLM\software\dailytoolbar\ (ID = 124601)
    2:24 PM:

    HKLM\software\classes\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}\ (ID =

    124595)
    2:24 PM:

    HKLM\software\classes\interface\{10195311-e434-47a9-adba-48839e3f7e4e}\ (ID =

    124594)
    2:24 PM: HKLM\software\classes\ietoolbar.affiliatectl\ (ID = 124593)
    2:24 PM: HKLM\software\classes\dailytoolbar.sysmgr\ (ID = 124592)
    2:24 PM: HKLM\software\classes\dailytoolbar.ieband\ (ID = 124590)
    2:24 PM:

    HKLM\software\classes\clsid\{8333c319-0669-4893-a418-f56d9249fca6}\ (ID =

    124588)
    2:24 PM:

    HKLM\software\classes\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}\ (ID =

    124587)
    2:24 PM:

    HKLM\software\classes\appid\{951b3138-ae8e-4676-a05a-250a5f111631}\ (ID =

    124577)
    2:24 PM: HKLM\software\classes\appid\dailytoolbar.dll\ (ID = 124576)
    2:24 PM: HKCR\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}\ (ID =

    124567)
    2:24 PM: HKCR\interface\{10195311-e434-47a9-adba-48839e3f7e4e}\ (ID =

    124566)
    2:24 PM: HKCR\ietoolbar.affiliatectl\ (ID = 124565)
    2:24 PM: HKCR\dailytoolbar.sysmgr\ (ID = 124564)
    2:24 PM: HKCR\dailytoolbar.ieband\ (ID = 124562)
    2:24 PM: HKCR\clsid\{8333c319-0669-4893-a418-f56d9249fca6}\ (ID = 124561)
    2:24 PM: HKCR\clsid\{58f9b276-e1cc-458e-8159-21cbc021874b}\ (ID = 124560)
    2:24 PM: HKCR\appid\{951b3138-ae8e-4676-a05a-250a5f111631}\ (ID = 124557)
    2:24 PM: HKCR\appid\dailytoolbar.dll\ (ID = 124556)
    2:24 PM: Found Adware: daily toolbar
    2:24 PM: HKCR\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}\ (ID = 104567)
    2:24 PM: HKLM\software\microsoft\windows\currentversion\uninstall\bridge\

    (ID = 104547)
    2:24 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser

    helper objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}\ (ID = 104519)
    2:24 PM:

    HKLM\software\classes\typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}\ (ID =

    104501)
    2:24 PM:

    HKLM\software\classes\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12}\ (ID =

    104491)
    2:24 PM:

    HKLM\software\classes\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}\ (ID =

    104482)
    2:24 PM: HKLM\software\classes\bridge.brdg\ (ID = 104468)
    2:24 PM: HKCR\jao.jao\ (ID = 104463)
    2:24 PM: HKCR\interface\{4fdbdbad-fefe-4c4c-9cc1-1181052afb12}\ (ID =

    104459)
    2:24 PM: HKCR\clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}\ (ID = 104449)
    2:24 PM: HKCR\bridge.brdg\ (ID = 104437)
    2:24 PM: Found Adware: blazefind
    2:24 PM: Starting Registry Sweep
    2:24 PM: Memory Sweep Complete, Elapsed Time: 00:06:26
    2:18 PM: Starting Memory Sweep
    2:18 PM: Sweep initiated using definitions version 734
    2:18 PM: Spy Sweeper 5.0.5.1286 started
    2:18 PM: | Start of Session, Saturday, August 05, 2006 |
    ********
    2:18 PM: | End of Session, Saturday, August 05, 2006 |
    2:16 PM: Your spyware definitions have been updated.
    Operation: File Access
    Target:
    Source: C:\PROGRA~1\MCAFEE.COM\VSO\MCSHIELD.EXE
    2:15 PM: Tamper Detection
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    2:05 PM: BHO Shield: found: -- BHO installation denied at user request
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    2:03 PM: Shield States
    2:03 PM: Spyware Definitions: 691
    2:03 PM: Spy Sweeper 5.0.5.1286 started
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    1:59 PM: Shield States
    1:59 PM: Spyware Definitions: 691
    1:59 PM: Spy Sweeper 5.0.5.1286 started
    1:59 PM: Spy Sweeper 5.0.5.1286 started
    1:59 PM: | Start of Session, Saturday, August 05, 2006 |
    ********
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You did not post the smitfraud log

    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    R3 - URLSearchHook: (no name) - _{58357D51-9CC7-B247-BB2E-9FABCA35BFC4} - (no file)

    F2 - REG:system.ini: Shell=Explorer.exe,

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,icfjbfs.exe

    O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)

    O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll

    O4 - HKLM\..\Run: [sys02178924837] C:\WINDOWS\sys02178924837.exe

    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe

    O4 - HKCU\..\Run: [Apaw] "C:\PROGRA~1\COMMON~1\PPATCH~1\nopdb.exe" -vt yazr

    O4 - HKCU\..\Run: [Kfdrrc] C:\WINDOWS\system32\?asks\l?***.exe

    O4 - HKCU\..\Run: [dlstr] C:\WINDOWS\system32\hwhbqa.exe reg_run

    O4 - HKCU\..\Run: [irqz] C:\PROGRA~1\COMMON~1\irqz\irqzm.exe

    O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)

    O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)

    O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\system32\icfjbfs.exe
    C:\WINDOWS\system32\office_pnl.dll
    C:\WINDOWS\sys02178924837.exe
    C:\WINDOWS\system32\susp.exe
    C:\PROGRA~1\COMMON~1\PPATCH~1
    C:\WINDOWS\system32\?asks
    C:\WINDOWS\system32\hwhbqa.exe
    C:\PROGRA~1\COMMON~1\irqz

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  5. imfuzzy

    imfuzzy Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    10
    ok sorry about not posting the smitfraud log. I did what you told me to with the other things so here's the logs(with Smitfraud this time)

    Logfile of HijackThis v1.99.1
    Scan saved at 4:59:00 PM, on 8/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\Prevx1\PXConsole.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://www.goggle.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = localhost
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} -

    c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} -

    c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: SpywareGuard Download Protection -

    {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program

    Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

    c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

    Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control

    Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program

    Files\Logitech\iTouch\iTouch.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe"

    /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "C:\Program

    Files\McAfee.com\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [LMPDPSRV]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI

    Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

    -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

    Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe"

    /embedding
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy

    Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program

    Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]

    C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

    7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program

    files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program

    files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program

    files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

    files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program

    files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program

    files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} -

    C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net -

    {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program

    Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O12 - Plugin for .mp3: C:\Program Files\Internet

    Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

    http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating

    System Class) -

    http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

    http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

    http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) -

    http://www.mathxl.com/applets/DeltaCVX.cab
    O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object

    Desktop\ThemeManager\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

    C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

    C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

    32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -

    c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee,

    Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee

    Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner -

    C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program

    Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -

    Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    Smitfraud log-

    SmitFraudFix v2.79

    Scan done at 17:00:05.43, Sat 08/05/2006
    Run from C:\Documents and Settings\FUZZY\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\alexaie.dll FOUND !
    C:\WINDOWS\alxie328.dll FOUND !
    C:\WINDOWS\alxtb1.dll FOUND !
    C:\WINDOWS\BTGrab.dll FOUND !
    C:\WINDOWS\dlmax.dll FOUND !
    C:\WINDOWS\infected.gif FOUND !
    C:\WINDOWS\Pynix.dll FOUND !
    C:\WINDOWS\susp.exe FOUND !
    C:\WINDOWS\win_logo.gif FOUND !
    C:\WINDOWS\ZServ.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\a.exe FOUND !
    C:\WINDOWS\system32\alxres.dll FOUND !
    C:\WINDOWS\system32\bridge.dll FOUND !
    C:\WINDOWS\system32\dailytoolbar.dll FOUND !
    C:\WINDOWS\system32\jao.dll FOUND !
    C:\WINDOWS\system32\questmod.dll FOUND !
    C:\WINDOWS\system32\runsrv32.dll FOUND !
    C:\WINDOWS\system32\runsrv32.exe FOUND !
    C:\WINDOWS\system32\tcpservice2.exe FOUND !
    C:\WINDOWS\system32\txfdb32.dll FOUND !
    C:\WINDOWS\system32\udpmod.dll FOUND !
    C:\WINDOWS\system32\wstart.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\FUZZY\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\FUZZY\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End


    South Carolina for the win...
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Make sure you go to FORMAT in notepad and make sure wordwrap is checked

    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.

    Boot and post a new hijack log
     
  7. imfuzzy

    imfuzzy Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    10
    Ok I did what you told me to do and here is the new hijack log. Hope that fixed it. If it does I would like to thank you again for spending the time to look over and help me out with these problems. Thanks a ton...

    Logfile of HijackThis v1.99.1
    Scan saved at 5:43:42 PM, on 8/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\Prevx1\PXConsole.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://www.goggle.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = localhost
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} -

    c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} -

    c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: SpywareGuard Download Protection -

    {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program

    Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

    c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

    Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control

    Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program

    Files\Logitech\iTouch\iTouch.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe"

    /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "C:\Program

    Files\McAfee.com\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [LMPDPSRV]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI

    Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

    -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

    Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe"

    /embedding
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy

    Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program

    Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]

    C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

    7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

    present
    O8 - Extra context menu item: &Google Search - res://c:\program

    files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program

    files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program

    files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

    files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program

    files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English -

    res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED}

    - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net -

    {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program

    Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O12 - Plugin for .mp3: C:\Program Files\Internet

    Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

    Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

    http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating

    System Class) -

    http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

    http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

    http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) -

    http://www.mathxl.com/applets/DeltaCVX.cab
    O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object

    Desktop\ThemeManager\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

    C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd

    - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

    32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -

    c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -

    McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee

    Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner -

    C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program

    Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -

    Webroot Software, Inc. - C:\Program Files\Webroot\Spy

    Sweeper\SpySweeper.exe
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Please repost the log - making sure that in notepad you go to format and check wordwrap before copying the log

    you didn't post the smitfraud log
     
  9. imfuzzy

    imfuzzy Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    10
    My word wrap is checked.

    Logfile of HijackThis v1.99.1
    Scan saved at 5:43:42 PM, on 8/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\Prevx1\PXConsole.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\D-Link AirPlus\AirPlus.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.goggle.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" /embedding
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: D-Link AirPlus.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
    O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    SmitFraudFix v2.79

    Scan done at 17:57:34.21, Sat 08/05/2006
    Run from C:\Documents and Settings\FUZZY\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\FUZZY\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\FUZZY\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet

    Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  11. imfuzzy

    imfuzzy Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    10
    well everything looks to be running normal. No pop-ups so far. So, thanks again for all your time and effort. It will be nice to not have that junk popping up over and over again.


    SC for the win....
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    I just noticed - I'm in S'ville also!
     
  13. imfuzzy

    imfuzzy Thread Starter

    Joined:
    Aug 5, 2006
    Messages:
    10
    yeah small world huh? I'm in the Sangaree area.(y)

    Thanks again for your help and time.

    SC for the Win...
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/489632

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice