PDA

View Full Version : DriveCleaner 2006



lucemonkey
2007-08-08, 20:10
My recent Spybot scan indicated the presence of DriveCleaner 2006. I could not find the program on my directory and did not install it. How can I remove it.

Dave:scratch:

ken545
2007-08-08, 20:31
Hello lucemonkey

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)

Download and install Trendmicros Hijackthis (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download)

Download the Trendmicro Hijackthis Installer, follow defauts and it will install in C:\Program Files\Trendmicro\Hijackthis and this is exactly where we want it to be.


Open HJT Scan and Save a Log File, it will open in Notepad
Go to Format and make sure Wordwrap is Unchecked
Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

lucemonkey
2007-08-08, 20:48
Here is my HJT log
Thanks, Dave

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:47:04 AM, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\SYSTEM32\FREECELL.EXE
C:\Program Files\hijack\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [IncredimailDownloader] C:\WINDOWS\DOWNLO~1\imloader.exe
O4 - HKLM\..\Run: [ImInstaller] C:\DOCUME~1\Dave\LOCALS~1\Temp\ImInstaller\IncrediMail\imloader.exe -product IncrediMail
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB003" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB003" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [IM] C:\PROGRA~1\EARTHL~4\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181004992187
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D68DAEED-C2A6-4C6F-9365-4676B173D8EF} (OcarptMain Class) - https://oca.microsoft.com/secure/OCARPT.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/netscape/TrueInstallNetscape.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9270B6A2-9EDB-4E3F-8EBD-432F3DF1A4C4}: NameServer = 68.94.156.1,68.94.157.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 11982 bytes

ken545
2007-08-08, 21:04
Hello Dave,

I am not looking at Drive Cleaner on your log, are you getting alerts to install the program or pop ups related to it??

Do a few things for me please.

See if these folders are present
C:\Program Files\DriveCleaner 2006 Free\
C:\Program Files\Common Files\DriveCleaner 2006 Free\

Download and Install CCleaner (http://www.ccleaner.com/)
If you don't want the Yahoo Toolbar, be sure to uncheck it during installation
* Click on Run Cleaner
Tutorial for CCleaner (http://www.ccleaner.com/help/tour1.asp)


Open Hijackthis
Go to Misc Tools> Open Uninstall Manager.
Click on Save List.
The list will open in Notepad.
Copy and Paste the List into this thread

Ken:)

lucemonkey
2007-08-08, 21:52
Hi Ken,

I downloaded and ran CCleaner. Here is the uninstall list from HJT. I could not find drive cleaner in my program file or in common files.

Thanks Dave

Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS
Adobe Photoshop CS2
Adobe Photoshop Elements 2.0
Adobe Stock Photos 1.0
ArcSoft Software Suite
AT&T Self Support Tool
AT&T Yahoo! Applications
ATI - Software Uninstall Utility
ATI Windows 2000 Display Driver
AVG Anti-Spyware 7.5
AVG Free Edition
CCleaner (remove only)
Conexant HCF V90 56K Data Fax PCI Modem
CyberView for USB Film Scanner Multi-Language
Dell Solution Center
DellTouch
Detto IntelliMover
DiMAGE Scan Dual4 ver.1.0
Easy CD Creator 5 DVD Edition
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
EPSON SPR300 Reference Guide
Film Factory
FoneSync
HijackThis 2.0.0
Indeo® Software
Logitech MouseWare 9.41 .2
MediaFACE 4.01
MediaFACE 4.01 Image Library
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Picture It! Publishing 2001
Microsoft Streets and Trips 2001
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Nikon Message Center
P.I.M. II Plug-In
PhoneTools
PictureProject
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Shockwave
Spybot - Search & Destroy 1.4
Total Annihilation
Total Annihilation - Core Contingency
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Search Protection
ZoneAlarm

ken545
2007-08-09, 01:17
lucemonkey,

Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe


Rest of your log looks fine :bigthumb:

lucemonkey
2007-08-10, 06:15
Hi Ken,

I deleted the item you told me to but on my scan this AM spybot indicated that Drive cleaner was still present. How would you like me to proceed.

Dave

ken545
2007-08-10, 16:44
Drive Cleaner may not be installed , it may be just a cookie or a stray reg entry, if Drive Cleaner was installed on your system, believe me you would know it as it will keep poping up on your system wanting you to either run a scan or to register it ( for a fee of course)

Lets clean up your system a mite,


Download and Install CCleaner (http://www.ccleaner.com/)
If you don't want the Yahoo Toolbar, be sure to uncheck it during installation

Click on Run Cleaner
Tutorial for CCleaner (http://www.ccleaner.com/help/tour1.asp)

Open Spybot Search and Destroy and check for updates, then go to Mode> Advanced Mode , then Tools > View Reports and tick only the box that says " Include Results of Last Check in Report and also Active X and include BHO , then run a full system scan removing what it finds , go to Tools> View Report and copy and paste the report for me to see.

lucemonkey
2007-08-11, 02:10
Ken,

Here is the Spybot report with the 3 items checked as instructed.


--- Search result list ---
DriveCleaner 2006: Program directory (Directory, nothing done)
C:\Documents and Settings\All Users\Application Data\SalesMonitor\

DriveCleaner 2006: Program directory (Directory, nothing done)
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data\


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-07-08 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-08 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-08 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-08 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-08 Includes\MalwareC.sbi (*)
2007-08-08 Includes\PUPS.sbi (*)
2007-08-08 Includes\PUPSC.sbi (*)
2007-08-08 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-08 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-08 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-08 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll



--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn4\
Long name: yt.dll
Short name:
Date (created): 05/30/2007 1:18:26 PM
Date (last access): 08/10/2007 3:00:46 PM
Date (last write): 05/30/2007 1:18:26 PM
Filesize: 808472
Attributes: archive
MD5: 10555A800613C8613AF53FAD54F1C23F
CRC32: 7582E210
Version: 2007.5.30.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 07/09/2002 9:19:22 AM
Date (last access): 08/10/2007 3:00:46 PM
Date (last write): 04/16/2001 3:39:02 PM
Filesize: 37808
Attributes:
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 1.0.0.1

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 05/30/2007 1:34:22 PM
Date (last access): 08/10/2007 3:00:46 PM
Date (last write): 10/31/2006 3:33:54 PM
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

ppctlcab (ppctlcab)
DPF name: ppctlcab
CLSID name:
Installer:
Codebase: http://www.pestscan.com/scanner/ppctlcab.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

Yahoo! MahJong Solitaire (Yahoo! MahJong Solitaire)
DPF name: Yahoo! MahJong Solitaire
CLSID name:
Installer:
Codebase: http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class)
DPF name:
CLSID name: MSSecurityAdvisor Class
Installer: C:\WINDOWS\Downloaded Program Files\msSecAdv.inf
Codebase: http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1083710290218
description:
classification: Legitimate
known filename: mssecadv.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: mssecadv.dll
Short name:
Date (created): 09/08/2003 10:30:46 AM
Date (last access): 08/10/2007 2:35:38 PM
Date (last write): 09/08/2003 10:30:46 AM
Filesize: 36960
Attributes: archive
MD5: A4282FD762CE1C4FFA665538E335CFF0
CRC32: 51ECFB75
Version: 5.4.3790.14

{215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6)
DPF name:
CLSID name: Trend Micro ActiveX Scan Agent 6.6
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\hcImpl.inf
Codebase: http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
description:
classification: Legitimate
known filename: Housecall_ActiveX.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 03/05/2007 8:26:20 PM
Date (last access): 08/10/2007 3:00:46 PM
Date (last write): 03/05/2007 8:26:20 PM
Filesize: 385536
Attributes: archive
MD5: BF3D59E4AF25CB1CD3B3886BE1B118D2
CRC32: A1C98A94
Version: 6.51.0.1020

{2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class)
DPF name:
CLSID name: ICSScannerLight Class
Installer: C:\WINDOWS\Downloaded Program Files\ICSScannerLight.inf
Codebase: http://download.zonelabs.com/bin/free/cm/ICSCM.cab
description:
classification: Legitimate
known filename: ICSScannerLight.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ICSScannerLight.dll
Short name: ICSSCA~1.DLL
Date (created): 03/29/2004 3:42:32 PM
Date (last access): 08/10/2007 2:13:32 PM
Date (last write): 03/29/2004 3:42:32 PM
Filesize: 786432
Attributes: archive
MD5: 1D9B3A211E5A3AE2BD77384A8A825410
CRC32: 6A70E9F6
Version: 1.0.5.1

{2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen)
DPF name:
CLSID name: PPSDKActiveXScanner.MainScreen
Installer: C:\WINDOWS\Downloaded Program Files\PPSDKActiveXScanner.INF
Codebase: http://www.pestscan.com/scanner/axscanner.cab
description:
classification: Legitimate
known filename: PPSDKActiveXScanner.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PPSDKActiveXScanner.ocx
Short name: PPSDKA~1.OCX
Date (created): 03/17/2004 1:41:36 AM
Date (last access): 08/10/2007 3:00:48 PM
Date (last write): 03/17/2004 1:41:36 AM
Filesize: 170608
Attributes: archive
MD5: 6EA60ECEBA1D024CE2106C7D9DB78AB1
CRC32: 26FCC8AB
Version: 1.5.0.1

{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support)
DPF name:
CLSID name: Installation Support
Installer: C:\WINDOWS\Downloaded Program Files\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: YInstHelper.dll
Short name: YINSTH~1.DLL
Date (created): 03/15/2007 6:13:06 PM
Date (last access): 08/10/2007 3:00:48 PM
Date (last write): 03/15/2007 6:13:06 PM
Filesize: 209448
Attributes: archive
MD5: 4380A4799E826AF03FD975B4A71E9268
CRC32: 423BF1F7
Version: 2007.3.15.1

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep)
DPF name:
CLSID name: Microsoft.WinRep
Installer: C:\WINDOWS\Downloaded Program Files\winrep.inf
Codebase: https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
description:
classification: Open for discussion
known filename: Winrep.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: Winrep.dll
Short name:
Date (created): 09/06/2002 5:07:56 PM
Date (last access): 08/10/2007 2:52:40 PM
Date (last write): 09/06/2002 5:07:56 PM
Filesize: 434176
Attributes: archive
MD5: 99D4CC36B0B504B4B0C60BE21189BE1D
CRC32: AEE58997
Version: 3.1.2.0

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181004992187
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 05/26/2005 4:19:32 AM
Date (last access): 08/10/2007 2:23:50 PM
Date (last write): 04/16/2007 10:44:18 PM
Filesize: 208248
Attributes: archive
MD5: DA90D6CEE1622D0427B5974C6A4F6B1F
CRC32: FDD90640
Version: 7.0.6000.374

{6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5)
DPF name:
CLSID name: Housecall ActiveX 6.5
Installer: C:\WINDOWS\Downloaded Program Files\hcImpl.inf
Codebase: http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
description:
classification: Legitimate
known filename: Housecall_ActiveX.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 01/16/2006 4:27:16 PM
Date (last access): 08/10/2007 3:00:48 PM
Date (last write): 01/16/2006 4:27:16 PM
Filesize: 347136
Attributes: archive
MD5: D6DF1E562EEA41CE919CBC7E2F761CB5
CRC32: A0FFAC11
Version: 6.5.1.9

{7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class)
DPF name:
CLSID name: WScanCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\webscan.inf
Codebase: http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
description:
classification: Legitimate
known filename: webscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: webscan.dll
Short name:
Date (created): 11/20/2006 12:02:34 PM
Date (last access): 08/10/2007 2:13:32 PM
Date (last write): 11/20/2006 12:02:34 PM
Filesize: 180282
Attributes: archive
MD5: 76EA3ABECE61FBA3C07F61E42BB0CA48
CRC32: AECD0E4D
Version: 1.1.0.1049

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{90C9629E-CD32-11D3-BBFB-00105A1F0D68} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\isetup.inf
Codebase: http://www.installengine.com/engine/isetup.cab
description:
classification: Open for discussion
known filename: isetup.dll
info link:
info source: Safer Networking Ltd.

{99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class)
DPF name:
CLSID name: WebSpyWareKiller Class
Installer: C:\WINDOWS\Downloaded Program Files\WebSWK.inf
Codebase: http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
description:
classification: Legitimate
known filename: WebSWK.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: WebSWK.dll
Short name:
Date (created): 12/01/2004 5:40:32 PM
Date (last access): 08/10/2007 2:13:34 PM
Date (last write): 12/01/2004 5:40:32 PM
Filesize: 151552
Attributes: archive
MD5: 551866E549A6080DB092423AA36FD142
CRC32: E27F11FB
Version: 1.0.0.17

{9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner)
DPF name:
CLSID name: Anonymizer Anti-Spyware Scanner
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\WebAAS.inf
Codebase: http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
description:
classification: Legitimate
known filename: WebAAS.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: WebAAS.dll
Short name:
Date (created): 01/20/2005 3:04:18 PM
Date (last access): 08/10/2007 3:00:48 PM
Date (last write): 01/20/2005 3:04:18 PM
Filesize: 151552
Attributes: archive
MD5: 05CE1F289570DC4337D615B6669E065D
CRC32: F52B9D12
Version: 1.0.0.23

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38063.3924189815
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

lucemonkey
2007-08-11, 02:11
Ken,

I had to cut out part of the report so here is the rest.

{A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control)
DPF name:
CLSID name: WebResponseAttachments Control
Installer:
Codebase: https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
description:
classification: Legitimate
known filename: FileTransfer.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: FileTransfer.ocx
Short name: FILETR~1.OCX
Date (created): 12/13/1999 12:57:10 PM
Date (last access): 08/10/2007 3:00:48 PM
Date (last write): 12/13/1999 12:57:10 PM
Filesize: 62768
Attributes: archive
MD5: 08D332C2C2928300265D8D061EE8D303
CRC32: B906AEE3
Version: 6.0.0.0

{A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object)
DPF name:
CLSID name: SassCln Object
Installer: C:\WINDOWS\Downloaded Program Files\SASSCLN.INF
Codebase: http://www.microsoft.com/security/controls/SassCln.CAB
description:
classification: Legitimate
known filename: SassCln.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SassCln.dll
Short name:
Date (created): 05/03/2004 2:39:54 PM
Date (last access): 08/10/2007 2:13:32 PM
Date (last write): 05/03/2004 2:39:54 PM
Filesize: 118784
Attributes: archive
MD5: A1C8571FA4B64CFC5C0CDA672F3C2D21
CRC32: 06EBA55B
Version: 1.0.0.16

{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
DPF name:
CLSID name: ActiveDataInfo Class
Installer:
Codebase: https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
description:
classification: Legitimate
known filename: SymAData.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SymAData.dll
Short name:
Date (created): 02/25/2004 10:14:32 AM
Date (last access): 08/10/2007 2:13:32 PM
Date (last write): 02/25/2004 10:15:06 AM
Filesize: 124112
Attributes: archive
MD5: 509273596B62B1533B6AD1544704A043
CRC32: A42751C1
Version: 1.0.0.1

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9c.ocx
Short name:
Date (created): 03/29/2007 3:09:40 PM
Date (last access): 08/10/2007 3:00:48 PM
Date (last write): 03/29/2007 3:09:40 PM
Filesize: 2267368
Attributes: readonly archive
MD5: 98976C156497DF3FB8AB307AF22237C2
CRC32: DD0CCCD7
Version: 9.0.45.0

{D68DAEED-C2A6-4C6F-9365-4676B173D8EF} (OcarptMain Class)
DPF name:
CLSID name: OcarptMain Class
Installer: C:\WINDOWS\Downloaded Program Files\ocarpt.inf
Codebase: https://oca.microsoft.com/secure/OCARPT.CAB
description:
classification: Legitimate
known filename: OCARPT.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: OCARPT.DLL
Short name:
Date (created): 01/22/2002 12:25:22 PM
Date (last access): 08/10/2007 2:13:32 PM
Date (last write): 01/22/2002 12:25:22 PM
Filesize: 145936
Attributes: archive
MD5: 5826CFF3CA30F39D8F18F638D6AD4F67
CRC32: 3C7BB2D9
Version: 2.5.0.11

{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class)
DPF name:
CLSID name: ActiveDataObj Class
Installer:
Codebase: https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
description:
classification: Legitimate
known filename: ActiveData.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ActiveData.dll
Short name: ACTIVE~1.DLL
Date (created): 06/12/2002 1:16:22 PM
Date (last access): 08/10/2007 2:13:32 PM
Date (last write): 06/12/2002 1:16:22 PM
Filesize: 112312
Attributes: archive
MD5: C0A5720A581109543B113A8BEAE7868C
CRC32: 1B08DE36
Version: 1.0.0.1

{FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client)
DPF name:
CLSID name: Measurement Service Client
Installer: C:\WINDOWS\Downloaded Program Files\msc.inf
Codebase: http://ccon.madonion.com/global/msc.cab
description:
classification: Open for discussion
known filename: MSC.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: MSC.ocx
Short name:
Date (created): 07/13/2001 3:41:28 PM
Date (last access): 08/10/2007 3:00:48 PM
Date (last write): 07/13/2001 3:41:28 PM
Filesize: 458752
Attributes: archive
MD5: 67AB23BCBFF5E23FF7E9565A9C96493D
CRC32: E79610D3
Version: 1.0.0.1

{FFFFFFFF-CACE-BABE-BABE-00AA0055595A} ()
DPF name:
CLSID name:
Installer:
Codebase: http://www.trueswitch.com/netscape/TrueInstallNetscape.exe
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

ken545
2007-08-11, 04:24
lucemonkey,

The entry for SalesMonitor is related to Drive Cleaner.


Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

C:\Program Files\hijack\HiJackThis_v2.exe <-- Right click on this and rename it to Scanner.exe

Let me see the Combofix log and New HJT log renamed to Scanner.exe

lucemonkey
2007-08-12, 02:39
Here is the combofix log.

ComboFix 07-08-09.3 - "Dave" 2007-08-11 15:18:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.97 [GMT -8:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\WINDOWS\system32\9_exception.nls
C:\WINDOWS\system32\lfdgmavm.dll
C:\WINDOWS\system32\myvtrlgd.dll


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-11 15:15 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-08 10:36 <DIR> d-------- C:\Program Files\CCleaner
2007-07-25 08:30 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-25 08:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-11 15:30 --------- d-------- C:\Program Files\PestPatrol
2007-08-08 19:59 --------- d-------- C:\Program Files\hijack
2007-07-21 17:32 --------- d-------- C:\DOCUME~1\Dave\APPLIC~1\Yahoo!
2007-06-20 20:38 --------- d-------- C:\DOCUME~1\Dave\APPLIC~1\iWin
2007-06-17 16:02 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-05-30 15:34 11129 --a------ C:\Program Files\AddressBook.csv
2007-05-16 07:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 07:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 07:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 07:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 07:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 07:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2005-12-01 15:49 774144 --a------ C:\Program Files\RngInterstitial.dll
2001-07-26 16:58 47 --a------ C:\Program Files\ACMonitor_X73.ini
2001-07-05 12:46 8116 --a------ C:\Program Files\OSLO3071b2.USB
2001-05-11 11:39 53248 --a------ C:\Program Files\ACMonitor_X73.exe
2001-05-08 16:36 114688 --a------ C:\Program Files\lxarscan.dll
2001-04-23 14:22 1437 --a------ C:\Program Files\gtx73.ini
2001-02-22 09:54 768 --a------ C:\Program Files\x73_lut.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2001-12-21 07:39]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-10-04 09:41]
"DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [2001-09-23 05:14]
"AtiPTA"="atiptaxx.exe" [2001-03-06 08:23 C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"PestPatrol Control Center"="c:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49]
"PPMemCheck"="c:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2004-04-02 14:11]
"CookiePatrol"="c:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 02:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-25 17:55]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-01-17 15:14]
"EPSON Stylus Photo R300 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 02:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-22 18:40]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 17:46]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 14:10]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-07-16 15:17]

C:\Documents and Settings\Dave\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-09-27 17:59:28]
DESKTOP.INI [2001-09-05 07:23:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-09-27 17:59:28]
DESKTOP.INI [2001-09-05 07:23:48]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-08-10 10:00:00]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-08-10 10:00:00]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2005-10-14 15:43:59]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-05-30 13:37:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)
"DisableLocalMachineRun"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)
"DisableLocalUserRun"=0 (0x0)


R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver;C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\LNE100V5.sys
R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 IEQXLWHI;IEQXLWHI;\??\C:\WINDOWS\System32\ieqxlwhi.pkb
S2 LXARScan;Lexmark X73 MFP Scanner;C:\WINDOWS\system32\Drivers\Lxarscan.sys
S2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe
S2 PIEUsb;Pacific Image Electronics USB Scanner;C:\WINDOWS\system32\Drivers\usbscan.sys
S2 VOAITBIF;VOAITBIF;\??\C:\WINDOWS\System32\voaitbif.oqj
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys
S3 bvrp_pci;bvrp_pci;C:\WINDOWS\system32\drivers\bvrp_pci.sys
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 wandrv;WAN Network Driver;C:\WINDOWS\system32\DRIVERS\wandrv.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 15:30:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\gv\x201cfgv\\16]
"DisplayName"=""
"DeviceDesc"=""
"ProviderName"=""
"MFG"="ATI Technologies Inc."
"ReinstallString"="2001,6.13.3279.0"
"DeviceInstanceIds"=str(7):""

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 15:34:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 15:33

--- E O F ---

lucemonkey
2007-08-12, 02:43
Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:42:18 PM, on 08/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\hijack\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB003" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB003" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181004992187
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D68DAEED-C2A6-4C6F-9365-4676B173D8EF} (OcarptMain Class) - https://oca.microsoft.com/secure/OCARPT.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/netscape/TrueInstallNetscape.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9270B6A2-9EDB-4E3F-8EBD-432F3DF1A4C4}: NameServer = 68.94.156.1,68.94.157.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 10855 bytes

ken545
2007-08-12, 04:32
Things are looking good :bigthumb:

Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

If you or an Administrator set this then leave it otherwise fix it also.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Run Spybot again and see if it still picks up Drive Cleaner

tashi
2007-08-21, 09:04
How is it going lucemonkey?

tashi
2007-08-28, 02:17
This topic has been archived due to lack of a response. :scratch:

If you need it re-opened, please send me a private message (pm) and provide a link to the thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.