Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] HJT Log - Is it Clean?

Started by sstuff3 , Jan 27 2008 02:10 AM

  • This topic is locked This topic is locked
7 replies to this topic

#1 sstuff3

sstuff3

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 27 January 2008 - 02:10 AM

Hi, My antivirus recently found several worms on a flash drive and successfully isolated the threats. However after that, my IE browser is acting strange and redirecting to anti-malware sites.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:59 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\BMServ.exe
C:\Program Files\Brinks VPN Client\cvpnd.exe
C:\WINDOWS\system32\BMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\DockApp.exe
C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE CMS-V15
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Brinks Inc. VPN Client.lnk = C:\Program Files\Brinks VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZZ
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross...2/cabs/A18X.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://apb0908nm01/iNotes.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://apb0908nm01/iNotes6W.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2} - http://80.96.119.5/1eb/webcam.exe
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://203.193.90.20.../dolcontrol.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1148996842027
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.soft.../xw_install.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www2.hkr-intl...sCamControl.ocx
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.co...ayctl/sayax.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://media.toontow...12.5/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Touch.cab
O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} - http://fr4-download....tup_minsize.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_11_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FDBE2C6-2F3F-4943-9449-CA104329DC90}: Domain = BRINKS0
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FDBE2C6-2F3F-4943-9449-CA104329DC90}: NameServer = 203.144.207.49,203.144.207.29
O17 - HKLM\System\CCS\Services\Tcpip\..\{E41E557E-0C79-4771-AFC6-8A9657EA8F73}: Domain = BRINKS0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = brinksinc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = brinksinc.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Softex BayManager (BMServ) - Unknown owner - C:\WINDOWS\System32\BMServ.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Brinks VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11209 bytes

    Advertisements

Register to Remove

#2 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 02 February 2008 - 09:12 AM

Hello

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3 sstuff3

sstuff3

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 02 February 2008 - 09:29 AM

Here are the logs from the DSS scan.

Main.txt

Deckard's System Scanner v20071014.68
Run by Scott on 2008-02-02 22:22:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-02-02 15:22:12 UTC - RP884 - Deckard's System Scanner Restore Point
4: 2008-02-02 10:12:08 UTC - RP883 - System Checkpoint
3: 2008-01-30 14:38:38 UTC - RP882 - System Checkpoint
2: 2008-01-28 15:18:35 UTC - RP881 - System Checkpoint
1: 2008-01-22 16:39:18 UTC - RP880 - Installed Kaspersky Anti-Virus 7.0.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 1.79 GiB (less than 15%) free.


-- HijackThis (run as Scott.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:49 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\BMServ.exe
C:\Program Files\Brinks VPN Client\cvpnd.exe
C:\WINDOWS\system32\BMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\DockApp.exe
C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Scott\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Scott.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BayMgr] DockApp.exe
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE CMS-V15
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Brinks Inc. VPN Client.lnk = C:\Program Files\Brinks VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZZ
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross...2/cabs/A18X.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://apb0908nm01/iNotes.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://apb0908nm01/iNotes6W.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2} - http://80.96.119.5/1eb/webcam.exe
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://203.193.90.20.../dolcontrol.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1148996842027
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.soft.../xw_install.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www2.hkr-intl...sCamControl.ocx
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.co...ayctl/sayax.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://media.toontow...12.5/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Touch.cab
O16 - DPF: {E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} - http://fr4-download....tup_minsize.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_11_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FDBE2C6-2F3F-4943-9449-CA104329DC90}: Domain = BRINKS0
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FDBE2C6-2F3F-4943-9449-CA104329DC90}: NameServer = 203.144.207.49,203.144.207.29
O17 - HKLM\System\CCS\Services\Tcpip\..\{E41E557E-0C79-4771-AFC6-8A9657EA8F73}: Domain = BRINKS0
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = brinksinc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = brinksinc.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Softex BayManager (BMServ) - Unknown owner - C:\WINDOWS\System32\BMServ.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Brinks VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11226 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080120-011444-340 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080120-011444-896 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
backup-20080120-012946-270 R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BayMgr - c:\windows\system32\drivers\baymgr.sys
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>

S3 ASNDIS5 (ASNDIS5 Protocol Driver) - c:\windows\system32\asndis5.sys (file missing)
S3 ATICDSDr - c:\program files\ati technologies\ati control panel\atiicdxx.sys <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
S3 dump_wmimmc - c:\program files\ntreevsoft\pangya_th\gameguard\dump_wmimmc.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 rt2500usb (RT2500 USB Wireless LAN Driver) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 SoC PC-Camera Service (SoC PC-Camera) - c:\windows\system32\drivers\pfc027.sys
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\ids-di~1\20070116.001\symidsco.sys (file missing)
S3 USBFVNETA (BritePort Wireless LAN USB Adapter) - c:\windows\system32\drivers\vnetusba.sys <Not Verified; ATMEL; USB Wireless Network Adapter>
S3 XDva037 - c:\windows\system32\xdva037.sys (file missing)
S3 ZSMC302 (CMS-V15) - c:\windows\system32\drivers\usbvm302.sys <Not Verified; VM; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BMServ (Softex BayManager) - c:\windows\system32\bmserv.exe
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S4 r_server (Remote Administrator Service) - "c:\windows\system32\r_server.exe" /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ROOT\PORTS\0000
Manufacturer: (Standard port types)
Name: Communications Port (COM4)
PNP Device ID: ROOT\PORTS\0000
Service: Serial


-- Files created between 2008-01-02 and 2008-02-02 -----------------------------

2008-02-02 22:21:17 0 drahs---- C:\autorun.inf
2008-01-26 21:02:55 0 dr-h----- C:\Documents and Settings\Scott\Recent
2008-01-24 21:44:57 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-01-22 03:08:26 109088 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-22 03:08:26 6895648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-22 02:56:43 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-22 02:56:43 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-22 02:50:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-20 20:39:48 0 d-------- C:\Program Files\NO1 CD Ripper
2008-01-19 22:02:46 0 d-------- C:\Documents and Settings\Scott\DoctorWeb
2008-01-08 20:21:00 0 d-------- C:\Documents and Settings\Scott\Application Data\Ventrilo
2008-01-08 20:20:32 0 d-------- C:\Program Files\Ventrilo
2008-01-08 20:19:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 22:48:15 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2008-02-02 17:29:46 0 d-------- C:\Program Files\OGPlanet
2008-01-24 21:44:57 0 d-------- C:\Program Files\Common Files
2008-01-22 02:54:43 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-19 10:43:17 0 d-------- C:\Documents and Settings\Scott\Application Data\Skype
2007-12-27 19:21:30 16 --a------ C:\WINDOWS\popcinfo.dat
2007-12-26 21:17:18 0 d-------- C:\Program Files\GameHouse
2007-12-20 21:19:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-10 20:06:07 10646 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 12:31 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/29/2002 07:00 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/29/2002 07:00 PM]
"AGRSMMSG"="AGRSMMSG.exe" [11/21/2002 02:17 PM C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [10/08/2002 02:29 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [01/03/2003 09:12 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/03/2003 09:11 AM]
"BayMgr"="DockApp.exe" [11/06/2001 11:46 PM C:\WINDOWS\DockApp.exe]
"SENS Keyboard V4 Launcher"="C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE" [07/18/2002 07:05 AM]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [01/21/2003 02:19 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [03/28/2005 02:25 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [12/16/2004 05:49 PM]
"ATIModeChange"="Ati2mdxx.exe" [03/14/2003 03:15 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/03/2003 09:00 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [12/18/2007 12:43 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 09:49 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Brinks Inc. VPN Client.lnk - C:\Program Files\Brinks VPN Client\vpngui.exe [11/26/2003 10:48:22 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 3:01:04 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-02-02 22:25:46 ------------

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 - M CPU 2.00GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 510.98 MiB / 232.48 MiB
Pagefile Memory (total/avail): 863.54 MiB / 625.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.9 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.94 GiB total, 1.78 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - HITACHI_DK23EA-30 - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 27.94 GiB - C:

\\.\PHYSICALDRIVE1 - General USB Disk Drive USB Device

\\.\PHYSICALDRIVE2 - I0MEGA Mini128MB*IOM2I6 USB Device - 117.66 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 123.23 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
AntivirusOverride is set.

AV: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"="C:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Scott\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SCOTT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Scott
LOGONSERVER=\\SCOTT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Scott\LOCALS~1\Temp
TMP=C:\DOCUME~1\Scott\LOCALS~1\Temp
USERDOMAIN=SCOTT
USERNAME=Scott
USERPROFILE=C:\Documents and Settings\Scott
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

User (admin)
Scott (admin)
Administrator (new local, admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
#1 CD Ripper 1.74 --> C:\PROGRA~1\NO1CDR~1\UNWISE.EXE C:\PROGRA~1\NO1CDR~1\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
AirPlus XtremeG --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{79B92240-9C65-4DD7-B1AD-59910D2C1353} /l1033
Albatross18 (OGPlanet) --> C:\Program Files\OGPlanet\Albatross18\uninstall.exe
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BB Tanks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62369BEF-F555-416C-9F03-47ABD02633E7}\Setup.exe"
BritePort Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{994D1FC0-4EA0-11D5-B4F0-00E07D823816}\Setup.exe"
CABAL Online --> "C:\Program Files\OGPlanet\CABAL Online\unins000.exe"
Camfrog Video Chat 3.94 (remove only) --> "C:\Program Files\Camfrog\Camfrog Video Chat\uninstall.exe"
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Disney's Toontown Online --> C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
EasyGPRS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56108448-9B38-4FF8-BE61-2ED13C19D0FE}\Setup.exe" -l0x9
Eazy VCD 1.15a --> C:\PROGRA~1\EAZYVC~1\UNWISE.EXE C:\PROGRA~1\EAZYVC~1\INSTALL.LOG
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
hi-Speed Navigator --> MsiExec.exe /I{4A97118C-74C3-49A1-AB29-6B07F7C44C84}
hi-Speed Navigator --> MsiExec.exe /I{6DAFD032-5778-46D5-99F8-416DFE0BFE01}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotspot Dialer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C47C4646-531F-11D8-8477-0050DA90291F}\Setup.exe" -l0x9 AnyText
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
iTunes --> MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kazaa Gold Premium --> MsiExec.exe /I{738822B2-0E7D-42ED-90CF-6AFDC1A3ECBB}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Match-Up! --> MsiExec.exe /I{439800C9-FD42-4EA3-94D2-063DF0926873}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Thailand Tuk Tuk Skin --> MsiExec.exe /X{95ADC2CF-B284-4845-B5DD-E22752E8AC0B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Online Manual --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Online Manual\Uninst.isu"
PAL --> "C:\WINDOWS\IsUninst.exe" -y -f"C:\Program Files\PAL\Uninstl\DeIsL1.isu" -c"C:\Program Files\PAL\Uninstl\palunins.dll
Pangya_Th (NtreevSoft) --> C:\Program Files\NtreevSoft\Pangya_Th\uninstall.exe
Polar Bowler from Shockwave.com (remove only) --> "C:\Program Files\Shockwave.com\Polar Bowler\Uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Remote Administrator v2.2 --> C:\Program Files\Radmin\uninstal.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SEMC DSS SyncStation Driver --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
SENS Keyboard V4 Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E575CAA7-3ABC-417E-9352-30EF31611E13}\Setup.exe" Remove
SENS LT56ADW Modem --> agrsmdel
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoC PC-Camera --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{2714E2AD-27B7-468D-B955-A78FECEAEB06}
Softex BayManager --> C:\WINDOWS\SfUninst.exe -f"C:\Program Files\Softex\BayManager\Win2000\Uninst.isu" -c"C:\Program Files\Softex\BayManager\Win2000\Uninstal.dll
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XecureWeb Control --> C:\Program Files\SoftForum\XecureWeb\xw_setup.exe -ui
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~2.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
팝업은 야후! 툴바로 차단하세요. --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
피망 게임 --> C:\Program Files\NeoWiz\PMang\Setup.exe /u


-- Application Event Log -------------------------------------------------------

Event Record #/Type34847 / Error
Event Submitted/Written: 02/02/2008 06:40:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application projectg.exe, version 4.10.0.78, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [projectg.exe!ws!]

Event Record #/Type34785 / Error
Event Submitted/Written: 01/22/2008 02:51:14 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type34769 / Error
Event Submitted/Written: 01/20/2008 00:11:38 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 596532722.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type34768 / Error
Event Submitted/Written: 01/20/2008 00:11:19 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application setup.exe, version 4.44.2.11261, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0001201e.
Processing media-specific event for [setup.exe!ws!]

Event Record #/Type34756 / Error
Event Submitted/Written: 01/16/2008 08:03:55 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 551330672.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10494 / Error
Event Submitted/Written: 01/27/2008 02:33:17 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type10493 / Error
Event Submitted/Written: 01/27/2008 02:33:15 PM / 01/27/2008 02:33:17 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type10426 / Error
Event Submitted/Written: 01/26/2008 04:31:12 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type10425 / Error
Event Submitted/Written: 01/26/2008 04:31:10 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type10424 / Error
Event Submitted/Written: 01/26/2008 04:31:08 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-02-02 22:25:46 ------------

#4 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 02 February 2008 - 10:21 AM

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZZ
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2} - http://80.96.119.5/1eb/webcam.exe

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Then tell me how your PC is running

#5 sstuff3

sstuff3

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 02 February 2008 - 01:48 PM

Wow, long scan. my computer is acting fine except IE is still not working right. The full webpages are not opening.

Here is the log from the scan.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/03/2008 at 02:32 AM

Application Version : 3.9.1008

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 02:32:24

Memory items scanned : 372
Memory threats detected : 0
Registry items scanned : 5118
Registry threats detected : 0
File items scanned : 66856
File threats detected : 33

Adware.Tracking Cookie
C:\Documents and Settings\Scott\Cookies\scott@doubleclick[2].txt
C:\Documents and Settings\Scott\Cookies\scott@collective-media[2].txt
C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[1].txt
C:\Documents and Settings\Scott\Cookies\scott@adopt.specificclick[2].txt
C:\Documents and Settings\Scott\Cookies\scott@apmebf[2].txt
C:\Documents and Settings\Scott\Cookies\scott@cbs.112.2o7[1].txt
C:\Documents and Settings\Scott\Cookies\scott@focalex[1].txt
C:\Documents and Settings\Scott\Cookies\scott@tradedoubler[2].txt
C:\Documents and Settings\Scott\Cookies\scott@atdmt[2].txt
C:\Documents and Settings\Scott\Cookies\scott@ads.adbrite[1].txt
C:\Documents and Settings\Scott\Cookies\scott@adinterax[2].txt
C:\Documents and Settings\Scott\Cookies\scott@tribalfusion[2].txt
C:\Documents and Settings\Scott\Cookies\scott@media.adrevolver[1].txt
C:\Documents and Settings\Scott\Cookies\scott@2o7[1].txt
C:\Documents and Settings\Scott\Cookies\scott@ehg-connorsgroup.hitbox[2].txt
C:\Documents and Settings\Scott\Cookies\scott@citi.bridgetrack[2].txt
C:\Documents and Settings\Scott\Cookies\scott@fastclick[2].txt
C:\Documents and Settings\Scott\Cookies\scott@hitbox[2].txt
C:\Documents and Settings\Scott\Cookies\scott@overture[1].txt
C:\Documents and Settings\Scott\Cookies\scott@tacoda[2].txt
C:\Documents and Settings\Scott\Cookies\scott@gomyron[1].txt
C:\Documents and Settings\Scott\Cookies\scott@avsystemcare[2].txt
C:\Documents and Settings\Scott\Cookies\scott@richmedia.yahoo[2].txt
C:\Documents and Settings\Scott\Cookies\scott@advertising[2].txt
C:\Documents and Settings\Scott\Cookies\scott@tracking.foxnews[1].txt
C:\Documents and Settings\Scott\Cookies\scott@zedo[1].txt
C:\Documents and Settings\Scott\Cookies\scott@revsci[1].txt
C:\Documents and Settings\Scott\Cookies\scott@antispywaresuite[1].txt
C:\Documents and Settings\Scott\Cookies\scott@mediaplex[1].txt
C:\Documents and Settings\Scott\Cookies\scott@gomyron[3].txt
C:\Documents and Settings\Scott\Cookies\scott@adbrite[2].txt
C:\Documents and Settings\Scott\Cookies\scott@specificclick[1].txt
C:\Documents and Settings\Scott\Cookies\scott@doubleclick[1].txt

#6 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 03 February 2008 - 11:30 AM

Well it is not a malware problem, you would be better off asking in another part of the forum

You can delete the tools that we used


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#7 sstuff3

sstuff3

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 03 February 2008 - 01:27 PM

Thanks. I appreciate your help and advice.

#8 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 03 February 2008 - 01:53 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·