View Full Version : ad.yieldmanager
About two weeks ago, I worked with PSKelley on some other issues I had (Vundo, Valera). Here is a link to that topic: http://forums.spybot.info/showthread.php?t=19055 I've had another problem that I never really thought much of but am now realizing is something I need to fix. When I go to certain websites, after about a second or so, I get redirected to a google search page w/ a dell logo on the top left and the following statement at the top:
Sorry, we couldn't find http://ad.yieldmanager.com/st%3Fad_type. Here are some related websites:
I know I am supposed to inlcude the Kaspersky but since I've had this problem all along, I'm not going to include it. Let me know if you need it and I will post.
Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:13 PM, on 10/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\HijackThis\Pitreau.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://www.clinremote.com/CitrixAccess/ICAWEB_common/en/ica32/wficat.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://ssl.ameresco.com/SNX/CSHELL/extender.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12243 bytes
Hi Pitreau :)
you are getting that screen because the page you are trying to visit either doesn't exist or is blocked by your host file.
You are being redirected to the dell site as a "safe" alternative.
If you google ad.yieldmanager you will see that you do not want anything to do with it :)
It is possible that the site you are trying to view has a click-through system so that you visit the adware first.
Well the sites I get it from include Yahoo and Comcast, so I would think that millions of people would be having the same problem and both Comcast and Yahoo would do something about it. Is it possible that there is something on my computer doing this? From googling, it seems as though most people enlist some sort of help to rid themselves of this, unless I'm confused.
Let me know what you think.
Brian
Yahoo, Google, Ask, Comcast anywhere that has a high volume of links always has the chance of posting dubious ones.
Looking at your thread with Phil, you were clean when you left us so I doubt you have any malware.
The people you see getting help because of this are usually getting popups.
Never the less, we shall run some scans to make sure.
Is it possible for you to tell me which site you are trying to visit ?
Deckard's System Scanner
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
TotalScan
Please use IE. for this scan
Please go to this site Link >> TotalScan (http://www.nanoscan.com/as/v1/?) << LINK
Under Scan Now click the Full Scan button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.
Well the two sites that I get it from most often are yahoo.com and comcast.net. There are other sites that happen from time to time, but those two happen all the time and since my email is through comcast, and my girlfriends is through yahoo, it gets pretty annoying.
I'm leaving work now, I will run the programs you requested as soon as I get home.
Thanks.
Brian
You get that when you visit the main site ?
Yeah, the main sites and various pages through the sites.
Here are the scans you requested starting with main.txt broken up as necessary:
Deckard's System Scanner v20071014.68
Run by Brian on 2007-11-06 19:30:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
8: 2007-11-07 00:30:13 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2007-11-03 13:16:39 UTC - RP7 - System Checkpoint
6: 2007-10-31 11:35:16 UTC - RP6 - System Checkpoint
5: 2007-10-28 14:06:20 UTC - RP5 - System Checkpoint
4: 2007-10-26 03:26:26 UTC - RP4 - System Checkpoint
-- First Restore Point --
1: 2007-10-23 00:13:02 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Brian.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:44 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Brian\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brian.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -iexplore.exe6.0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://www.clinremote.com/CitrixAccess/ICAWEB_common/en/ica32/wficat.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://ssl.ameresco.com/SNX/CSHELL/extender.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12316 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071020-100944-113 O2 - BHO: (no name) - {C4A67FBC-1700-4ED8-BD0F-F4E8367F10B5} - (no file)
backup-20071020-100944-191 O2 - BHO: (no name) - {962F491C-61B0-46C3-AF5F-BE5E9910E8B9} - C:\WINDOWS\system32\geeda.dll
backup-20071020-100944-209 O2 - BHO: 0 - {9687FA06-4A86-407C-4A91-C922A35EE2CF} - C:\Program Files\ComPlus Applications\lavuga.dll (file missing)
backup-20071020-100944-312 O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\dociqljd.dll",sitypnow
backup-20071020-100944-473 O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll (file missing)
backup-20071020-100944-681 O2 - BHO: (no name) - {352CE881-B654-4D94-A92A-09BDE4436F67} - (no file)
backup-20071020-100944-846 O2 - BHO: (no name) - {A62B4D77-2298-49CD-89F9-52EA01B1DE4D} - (no file)
backup-20071020-100944-918 O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\gfofbaqw.exe (file missing)
backup-20071020-101830-370 O2 - BHO: (no name) - {A003DFD8-3C3D-47A5-9A1F-7BB01D62853A} - C:\WINDOWS\system32\geeda.dll
backup-20071020-122521-819 O2 - BHO: (no name) - {663D15FE-D4CC-43C8-A60F-91A4397189B7} - C:\WINDOWS\system32\geeda.dll (file missing)
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 PBADRV - c:\windows\system32\drivers\pbadrv.sys <Not Verified; Dell Inc; PBA Driver>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 cpextender (Check Point SSL Network Extender) - c:\program files\checkpoint\ssl network extender\slimsvc.exe <Not Verified; Check Point Software Technologies; slim>
R2 DataSvr2 - "c:\program files\wave systems corp\common\dataserver.exe" <Not Verified; Wave Systems Corp.; Authentication Manager>
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 tcsd_win32.exe (NTRU Hybrid TSS v2.0.7 TCS) - "c:\program files\ntru cryptosystems\ntru hybrid tss v2.0.7\bin\tcsd_win32.exe"
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 DomainService - c:\windows\system32\gfofbaqw.exe /service (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-10-20 12:09:36 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Brian.job
-- Files created between 2007-10-06 and 2007-11-06 -----------------------------
2007-10-31 09:24:43 0 d-------- C:\Documents and Settings\Brian\.thinupload
2007-10-28 16:41:13 0 d-------- C:\Documents and Settings\Brian\Application Data\yoclient
2007-10-20 22:04:19 0 d-------- C:\Program Files\InterActual
2007-10-20 21:40:08 0 d-------- C:\Documents and Settings\Alonna\Application Data\Symantec
2007-10-20 12:07:24 0 d-------- C:\Documents and Settings\Brian\Application Data\Symantec
2007-10-20 12:01:16 0 d-------- C:\Program Files\Norton AntiVirus
2007-10-19 19:24:31 0 d-------- C:\Program Files\Java
2007-10-19 19:24:05 0 d-------- C:\Program Files\Common Files\Java
2007-10-19 18:55:11 0 d-------- C:\VundoFix Backups
2007-10-19 18:16:02 6854 ---hs---- C:\WINDOWS\system32\adeeg.ini2
2007-10-17 21:50:04 83008 --a------ C:\WINDOWS\system32\ioojiijp.dll
2007-10-17 19:55:19 83008 --a------ C:\WINDOWS\system32\imtkddpd.dll
2007-10-17 19:41:50 83008 --a------ C:\WINDOWS\system32\nkfjnwjd.dll
2007-10-15 19:33:29 0 d-------- C:\Documents and Settings\Brian\Application Data\ICAClient
2007-10-15 19:33:10 0 d-------- C:\Program Files\Citrix
2007-10-14 17:04:30 0 d-------- C:\Program Files\Trend Micro
2007-10-14 15:20:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-14 15:20:27 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-11 19:38:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 09:35:17 0 d-------- C:\WINDOWS\pss
-- Find3M Report ---------------------------------------------------------------
2007-11-02 20:01:42 29177 --a------ C:\WINDOWS\system32\nvModes.dat
2007-10-31 21:46:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-20 12:13:29 0 d-------- C:\Program Files\Symantec
2007-10-20 12:13:12 0 d-------- C:\Program Files\Common Files
2007-10-19 18:37:58 613998 ---hs---- C:\WINDOWS\system32\adeeg.bak2
2007-10-14 21:40:41 691983 ---hs---- C:\WINDOWS\system32\adeeg.bak1
2007-10-12 16:04:35 0 d-------- C:\Program Files\TomTom HOME
2007-10-01 04:41:06 0 d-------- C:\Program Files\ISM
2007-09-30 10:05:49 0 d-------- C:\Program Files\Lavasoft
2007-09-30 00:20:47 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
Rest of main.txt followed by as much of extra.txt as I can fit:
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/07/2005 07:13 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/19/2006 03:14 PM]
"nwiz"="nwiz.exe" [01/19/2006 03:14 PM C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [01/19/2006 03:14 PM C:\WINDOWS\system32\nvhotkey.dll]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 11:55 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 11:56 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 11:30 PM C:\WINDOWS\stsystra.exe]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [03/09/2006 12:26 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 08:29 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 02:58 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 10:46 PM]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [04/26/2006 07:29 AM]
"@"="" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 09:32 PM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/13/2003 01:49 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/15/2007 09:57 AM]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [03/14/2007 03:52 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 07:15 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 09:19 PM]
"NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\SymProbe.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 02:24 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [04/11/2006 04:52 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -iexplore.exe6.0
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/21/2006 3:02:13 PM]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [11/30/2005 9:39:02 AM]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [8/6/2003 12:23:32 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth C:\\WINDOWS\\system32\\geeda
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd8f8761-396e-11dc-be91-54554344520d}]
AutoRun\command- E:\InstallTomTomHOME.exe
-- Hosts -----------------------------------------------------------------------
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
6775 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-11-06 19:32:27 ------------
Extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Genuine Intel(R) CPU T2400 @ 1.83GHz
CPU 1: Genuine Intel(R) CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 28%
Physical Memory (total/avail): 2046.11 MiB / 1470.27 MiB
Pagefile Memory (total/avail): 3938.91 MiB / 3504.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.29 MiB
C: is Fixed (NTFS) - 74.47 GiB total, 58.74 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - Hitachi HTS541080G9SA00 - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
FW: Norton Internet Worm Protection v2006 (Symantec)
AV: Norton AntiVirus 2006 v2005 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Yahoo! Games\\Wheel of Fortune\\Wheel of Fortune.exe"="C:\\Program Files\\Yahoo! Games\\Wheel of Fortune\\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\gfofbaqw.exe"="C:\\WINDOWS\\system32\\gfo"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Brian\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LAPPY486
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Brian
LOGONSERVER=\\LAPPY486
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Brian\LOCALS~1\Temp
TMP=C:\DOCUME~1\Brian\LOCALS~1\Temp
USERDOMAIN=LAPPY486
USERNAME=Brian
USERPROFILE=C:\Documents and Settings\Brian
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Alonna (admin)
Brian (admin)
Administrator (admin)
Rest of extra.txt , total.scan will be in next post:
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Mobile Device Support --> MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
Bliss Island --> "C:\Program Files\Comcast Play Games\Bliss Island\Uninstall.exe" "C:\Program Files\Comcast Play Games\Bliss Island\install.log"
Broadcom Advanced Control Suite --> MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Broadcom TPM Driver Installer --> MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
Casino Island To Go --> "C:\Program Files\Comcast Play Games\Casino Island To Go\Uninstall.exe" "C:\Program Files\Comcast Play Games\Casino Island To Go\install.log"
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
Check Point SSL Network Extender Components Shell --> MsiExec.exe /X{905eb1d9-8674-4384-884c-4e26e3127b76}
Check Point SSL Network Extender Service --> MsiExec.exe /X{1bbf7e39-7953-4c4e-816e-2e8b730dab91}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Embassy Trust Suite by Wave Systems --> C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Document Manager Lite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1033
EMBASSY Security Center --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEAFE1E5-076B-430A-96D9-B567792AFA88}
EMBASSY Trust Suite by Wave Systems --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe" -l0x9
EphPod --> C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
ESPN Version 2.0.6.90 --> "C:\Program Files\ESPN\unins000.exe"
ETS Launch Pad --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DD41AC25-61B2-4FC9-90AA-672F32139AC3}
Family Feud (remove only) --> "C:\Program Files\Yahoo! Games\Family Feud\Uninstall.exe"
Family Feud Holidays --> "C:\Program Files\Comcast Play Games\Family Feud Holidays\Uninstall.exe" "C:\Program Files\Comcast Play Games\Family Feud Holidays\install.log"
Family Feud Hollywood Edition --> "C:\Program Files\Comcast Play Games\Family Feud Hollywood Edition\Uninstall.exe" "C:\Program Files\Comcast Play Games\Family Feud Hollywood Edition\install.log"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\Setup.exe"
Full Tilt Poker.Net --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E07B7A31-E160-466D-A003-3BB7B8989D52}\setup.exe" -l0x9 -removeonly
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Minute Match --> "C:\Program Files\Comcast Play Games\Minute Match\Uninstall.exe" "C:\Program Files\Comcast Play Games\Minute Match\install.log"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
Netflix Movie Viewer --> MsiExec.exe /X{A79E6E20-E1B8-4A5A-97F4-E673404BF700}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Nokia Connectivity Cable Driver --> MsiExec.exe /X{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}
Nokia PC Connectivity Solution --> MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}
Nokia PC Suite --> MsiExec.exe /I{77296E63-8C19-462B-ABA1-F510750A8C51}
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NTRU Hybrid TSS v2.0.7 --> MsiExec.exe /I{D1183FA8-AA29-4C82-B998-9593D7AF42FE}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Offroad Arena --> "C:\Program Files\Comcast Play Games\Offroad Arena\Uninstall.exe" "C:\Program Files\Comcast Play Games\Offroad Arena\install.log"
Penguin vs Yeti --> "C:\Program Files\Comcast Play Games\Penguin vs Yeti\Uninstall.exe" "C:\Program Files\Comcast Play Games\Penguin vs Yeti\install.log"
Penguins! --> "C:\Program Files\WildGames\Penguins!\Uninstall.exe"
PokerStars.net --> C:\Program Files\PokerStars.NET\Uninstall.EXE /u:"PokerStars.net"
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Preboot Manager --> MsiExec.exe /I{AE765884-4770-4A92-82D9-AB3192512B31}
Private Information Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0B0A2153-58A6-4244-B458-25EDF5FCD809}
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Race Cars Extreme Rally --> "C:\Program Files\Comcast Play Games\Race Cars Extreme Rally\Uninstall.exe" "C:\Program Files\Comcast Play Games\Race Cars Extreme Rally\install.log"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Saints & Sinners Bowling --> "C:\Program Files\Comcast Play Games\Saints & Sinners Bowling\Uninstall.exe" "C:\Program Files\Comcast Play Games\Saints & Sinners Bowling\install.log"
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Secure Update --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Wizards --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4} /l1033
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Technical Support Web Controls --> MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
Tiks Texas Hold em --> "C:\Program Files\Comcast Play Games\Tiks Texas Hold em\Uninstall.exe" "C:\Program Files\Comcast Play Games\Tiks Texas Hold em\install.log"
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier Investments 2006 --> C:\Program Files\TurboTax\Premier 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2006\Uninstall.log" -NoGui
URL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Virtual Earth 3D (Beta) --> MsiExec.exe /X{619B8475-0F48-41B7-A370-5147F7092989}
Virtual Marbles --> "C:\Program Files\Comcast Play Games\Virtual Marbles\Uninstall.exe" "C:\Program Files\Comcast Play Games\Virtual Marbles\install.log"
Wave Infrastructure Installer --> MsiExec.exe /I{B5AB9CB4-4AAE-44CC-A6AF-37388326E85F}
Wave Support Software --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6CDAED1C-5B60-4818-88A7-E4A90CD367AF} /l1033
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Wheel of Fortune (remove only) --> "C:\Program Files\Yahoo! Games\Wheel of Fortune\Uninstall.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17) --> C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
World Class Solitaire --> "C:\Program Files\Comcast Play Games\World Class Solitaire\Uninstall.exe" "C:\Program Files\Comcast Play Games\World Class Solitaire\install.log"
YNAB Pro version 1.3.7.0 --> "C:\Program Files\YNAB Pro\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type13554 / Error
Event Submitted/Written: 11/06/2007 07:28:43 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type13541 / Warning
Event Submitted/Written: 11/06/2007 07:06:50 PM
Event ID/Source: 0 / DataSvr2
Event Description:
Failed to connect to the remote DB!
Event Record #/Type13540 / Warning
Event Submitted/Written: 11/06/2007 07:06:50 PM
Event ID/Source: 0 / DataSvr2
Event Description:
C:\Program Files\Wave Systems Corp\Secure Storage Manager\data\am.dat
Event Record #/Type13527 / Warning
Event Submitted/Written: 11/06/2007 07:03:35 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90A10409-6000-11D3-8CFE-0150048383C9}', feature 'OneNoteUserData', component '{F53BAC3A-5B2A-44FF-85E0-38528C0554CE}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\OneNote\UserData' does not exist.
Event Record #/Type13509 / Warning
Event Submitted/Written: 11/05/2007 08:02:17 PM
Event ID/Source: 0 / DataSvr2
Event Description:
Failed to connect to the remote DB!
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type30135 / Error
Event Submitted/Written: 11/06/2007 07:06:47 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.2 for the Network Card with network address 00130272840A has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Event Record #/Type30134 / Warning
Event Submitted/Written: 11/06/2007 07:06:46 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00130272840A. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type30132 / Warning
Event Submitted/Written: 11/06/2007 07:06:19 PM / 11/06/2007 07:06:45 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.
Event Record #/Type30119 / Warning
Event Submitted/Written: 11/06/2007 06:57:15 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00130272840A. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type30112 / Warning
Event Submitted/Written: 11/05/2007 08:23:34 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
-- End of Deckard's System Scanner: finished at 2007-11-06 19:32:27 ------------
Finally, totalscan.txt:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-06 20:19:53
PROTECTIONS: 1
MALWARE: 8
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton AntiVirus 2006 2005 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Brian\Cookies\brian@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Brian\Cookies\brian@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Brian\Cookies\brian@atdmt[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Brian\Cookies\brian@advertising[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Brian\Cookies\brian@adrevolver[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Brian\Cookies\brian@ads.pointroll[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Brian\Cookies\brian@adrevolver[1].txt
02643402 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Trend Micro\HijackThis\backups\backup-20071020-101830-370.dll
02643402 Generic Trojan Virus/Trojan No 0 Yes No C:\VundoFix Backups\geeda.dll.bad
02643402 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Trend Micro\HijackThis\backups\backup-20071020-100944-191.dll
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
There are a few malware files lurking, but they shouldn't be active.
I need to verify a couple of registry entries before I fix anything.
We don't want to turn your machine into a door stop :laugh:
If you can do the following, I will be back soon with a fix.
We need to upload a file to be examined, please go to the link below
Link >>>> Upload Malware (http://uploadmalware.com/) <<<< Link
Please fill out the form with your details and give the following link to this topic.
http://forums.spybot.info/showthread.php?p=132089#post132089
(Your E-Mail is only required should you need to be contacted )
Next click the browse button next to the no. 1 box
Copy/paste the following file path into the File name bar, then click Open
C:\WINDOWS\system32\adeeg.ini2
Repeat for the following using the relevant number browse box.
C:\WINDOWS\system32\ioojiijp.dll
C:\WINDOWS\system32\imtkddpd.dll
C:\WINDOWS\system32\nkfjnwjd.dll
C:\WINDOWS\system32\adeeg.bak2
C:\WINDOWS\system32\adeeg.bak1
In the field marked Comments please put
Upload Requested By Katana At Malware Removal
Finally click Send File
All files have been succesfully uploaded as requested. I apologize for the delay, but I came down with a nasty cold.
Reboot in safe mode
You will now need to reboot in safe mode, you will not have internet access whilst you do the next part
Please copy/paste or print the following instructions.
To reboot in safe mode
You can boot in Safe Mode by restarting your computer, then continually tapping F5 until a menu appears.
Use your up arrow key to highlight Safe Mode, then hit enter.
In the following instructions you may find that some of the items I have listed are not present.
Do not worry about this, just continue to the next item.
Create A Registry File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it Regfix.reg Please save it on your desktop.
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,77,76,61,75,74,68,00,00
Make sure there are NO lines before REGEDIT4 and ONE line at the end
Double click on Regfix.reg and click Yes at the prompt
Show All Files And Folders
Now you need to show all files and folders
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Delete Files and Folders
( you may need to show hidden files and folders. See HERE (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx) for help)
Find and delete the following Files and Folders if present
C:\WINDOWS\system32\adeeg.ini2 <<< This File
C:\WINDOWS\system32\ioojiijp.dll <<< This File
C:\WINDOWS\system32\imtkddpd.dll <<< This File
C:\WINDOWS\system32\nkfjnwjd.dll <<< This File
C:\WINDOWS\system32\adeeg.bak2 <<< This File
C:\WINDOWS\system32\adeeg.bak1 <<< This File
C:\Program Files\ISM <<< This Folder
Deckard's System Scanner
Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - main.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your reply
(NOTE: Only one file will be created this time)
How are things now ?
Quick question: when you say:
Create A Registry File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it Regfix.reg Please save it on your desktop.
Quote:
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,77,76,61,75,74,68,00,00
Make sure there are NO lines before REGEDIT4 and ONE line at the end
Double click on Regfix.reg and click Yes at the prompt
When you refer to ONE line at the end, is that at the end of the whole regedit file or just one line after the word regedit4?
:)
One blank line after
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,77,76,61,75,74,68,00,00
I am so sorry about the delay, things have been extremely hectic over here, not that I should be using that as an excuse. Anyways, Here is the deckard text. I ran the scanner in safe mode, if it was supposed to be run in normal mode, let me know.
Deckard's System Scanner v20071014.68
Run by Brian on 2007-11-21 17:44:06
Computer is in Safe Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Brian.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:18 PM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Brian\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brian.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://www.clinremote.com/CitrixAccess/ICAWEB_common/en/ica32/wficat.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://ssl.ameresco.com/SNX/CSHELL/extender.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9672 bytes
-- Files created between 2007-10-21 and 2007-11-21 -----------------------------
2007-11-06 19:36:23 0 d-------- C:\Program Files\Panda Security
2007-10-31 09:24:43 0 d-------- C:\Documents and Settings\Brian\.thinupload
2007-10-28 16:41:13 0 d-------- C:\Documents and Settings\Brian\Application Data\yoclient
-- Find3M Report ---------------------------------------------------------------
2007-11-21 17:31:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-02 20:01:42 29177 --a------ C:\WINDOWS\system32\nvModes.dat
2007-10-20 22:04:31 0 d-------- C:\Program Files\InterActual
2007-10-20 12:20:01 0 d-------- C:\Program Files\Norton AntiVirus
2007-10-20 12:13:29 0 d-------- C:\Program Files\Symantec
2007-10-20 12:13:12 0 d-------- C:\Program Files\Common Files
2007-10-20 12:07:24 0 d-------- C:\Documents and Settings\Brian\Application Data\Symantec
2007-10-19 19:25:08 0 d-------- C:\Program Files\Java
2007-10-19 19:24:05 0 d-------- C:\Program Files\Common Files\Java
2007-10-15 19:35:24 0 d-------- C:\Documents and Settings\Brian\Application Data\ICAClient
2007-10-15 19:33:10 0 d-------- C:\Program Files\Citrix
2007-10-14 17:04:30 0 d-------- C:\Program Files\Trend Micro
2007-10-12 16:04:35 0 d-------- C:\Program Files\TomTom HOME
2007-09-30 10:05:49 0 d-------- C:\Program Files\Lavasoft
2007-09-30 00:20:47 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [10/07/2005 07:13 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/19/2006 03:14 PM]
"nwiz"="nwiz.exe" [01/19/2006 03:14 PM C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [01/19/2006 03:14 PM C:\WINDOWS\system32\nvhotkey.dll]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 11:55 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 11:56 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 11:30 PM C:\WINDOWS\stsystra.exe]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [03/09/2006 12:26 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 08:29 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 02:58 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 10:46 PM]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [04/26/2006 07:29 AM]
"@"="" []
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 09:32 PM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/13/2003 01:49 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/15/2007 09:57 AM]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [03/14/2007 03:52 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 07:15 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 09:19 PM]
"NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\SymProbe.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 02:24 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [04/11/2006 04:52 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/21/2006 3:02:13 PM]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [11/30/2005 9:39:02 AM]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [8/6/2003 12:23:32 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd8f8761-396e-11dc-be91-54554344520d}]
AutoRun\command- E:\InstallTomTomHOME.exe
*Newly Created Service* - MDMXSDK
-- End of Deckard's System Scanner: finished at 2007-11-21 17:44:38 ------------
Well, that is showing clean now
Do you still have the same problem ?
Yeah, its still doing the same thing. With comcast, yahoo, and other sites, the site will load, and then within say 2 seconds I will be diverted to the search page with a message that says:
Sorry, we couldn't find http://ad.yieldmanager.com/st%3Fad_type. Here are some related websites:
That is always what it says when diverted from comcast and yahoo. These are the two sites that bother me the most.
Let me know if you have any other ideas.
Let's have a look at the registry
Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it reglook.bat Please save it on your desktop.
@echo off
if exist C:\look*.txt del /q C:\look*.txt
if exist C:\results.txt del /q C:\results.txt
regedit /e C:\look1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs"
regedit /e C:\look2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main"
regedit /e C:\look3.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search"
regedit /e C:\look4.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks"
regedit /e C:\look5.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main"
regedit /e C:\look6.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs"
regedit /e C:\look7.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks"
type C:\look*.txt >> C:\results.txt
start notepad C:\results.txt
del /q C:\look*.txt
del /q reglook.bat
exit
Double click on reglook.bat
Notepad will open, please copy/paste the contents here
( a copy will be saved at C:\results.txt )
Here you go, I did what you asked in normal mode, let me know if it needed to be done in safe mode:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs]
"NavigationFailure"="res://shdoclc.dll/navcancl.htm"
"DesktopItemNavigationFailure"="res://shdoclc.dll/navcancl.htm"
"NavigationCanceled"="res://shdoclc.dll/navcancl.htm"
"OfflineInformation"="res://shdoclc.dll/offcancl.htm"
"Home"=dword:0000010e
"blank"="res://mshtml.dll/blank.htm"
"PostNotCached"="res://mshtml.dll/repost.htm"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.dell.com"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Enable_Disk_Cache"="yes"
"Cache_Percent_of_Disk"=hex:0a,00,00,00
"Delete_Temp_Files_On_Exit"="yes"
"Local Page"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
62,00,6c,00,61,00,6e,00,6b,00,2e,00,68,00,74,00,6d,00,00,00
"Anchor_Visitation_Horizon"=hex:01,00,00,00
"Use_Async_DNS"="yes"
"Placeholder_Width"=hex:1a,00,00,00
"Placeholder_Height"=hex:1a,00,00,00
"Start Page"="http://www.dell.com"
"CompanyName"="Microsoft Corporation"
"Custom_Key"="MICROSO"
"Wizard_Version"="6.0.2600.0000"
"FullScreen"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\ErrorThresholds]
"400"=dword:00000200
"403"=dword:00000100
"404"=dword:00000200
"405"=dword:00000100
"406"=dword:00000200
"408"=dword:00000200
"409"=dword:00000200
"410"=dword:00000100
"500"=dword:00000200
"501"=dword:00000200
"505"=dword:00000200
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
@=""
"infopath.exe"=dword:00000000
"msn6.exe"=dword:00000000
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"*"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
@=""
"SAPLOGON.exe"=dword:00000000
"SAPfewgsrv.exe"=dword:00000000
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"*"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"wmplayer.exe"=dword:00000001
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
@=""
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page]
"Home_Page"="http://www.dell.com"
"Help_Page"="http://support.dell.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\UrlTemplate]
"1"="www.%s.com"
"2"="www.%s.org"
"3"="www.%s.net"
"4"="www.%s.edu"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/hws/sb/dell-inc-rel/en/side.html?channel=us"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"Default_Page_URL"="http://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us"
"Start Page"="http://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us"
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Start Page"="http://www.comcast.net/home.html"
"Use_DlgBox_Colors"="yes"
"Search Page"="http://www.google.com/hws/sb/dell-inc-rel/en/side.html?channel=us"
"UseHR"=dword:00000001
"Enable Browser Extensions"="yes"
"FullScreen"="no"
"Use Search Asst"="no"
"Search Bar"="http://www.google.com/hws/sb/dell-inc-rel/en/side.html?channel=us"
"Default_Page_URL"="http://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us"
"Window_Placement"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,2c,00,00,00,00,00,00,00,62,04,00,00,f2,02,00,\
00
"NotifyDownloadComplete"="yes"
"Use FormSuggest"="no"
"FormSuggest PW Ask"="no"
"AutoSearch"=dword:00000005
"HistoryViewType"=hex:08,00,66,63,03,00,00,00,00,00
"AddToFavoritesExpanded"=dword:00000000
"Error Dlg Displayed On Every Error"="no"
"Error Dlg Details Pane Open"="no"
"Save Directory"="C:\\Documents and Settings\\Brian\\Desktop\\"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings]
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"="http://google.com/"
"url2"="http://hotmail.com/"
"url3"="http://youtube.com/"
"url4"="http://espn.com/"
"url5"="http://cbs.sportsline.com/"
"url6"="http://forums.info.info/"
"url7"="http://crossfit.com/"
"url8"="http://miniclip.com/"
"url9"="http://www.addictinggames.com/"
"url10"="http://maytag.com/"
"url11"="http://bestbuy.com/"
"url12"="http://gulu-gulu.com/"
"url13"="http://boston.com/"
"url14"="http://comcast.net/"
"url15"="http://howfitareyou.com/"
"url16"="http://crossift.com/"
"url17"="http://addictinggames.com/"
"url18"="http://kongregate.com/"
"url19"="http://omnifitness.com/"
"url20"="http://steepandcheap.com/"
"url21"="http://woot.com/"
"url22"="http://slickdeals.net/"
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
Let's try this
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
let me know if there is any change
Sorry, I've been away on business and away from the computer that is giving me problems. I just did as you requested. Give me a day or two to use the computer normally and I'll let you know how it's running.
Thanks for all your help so far, I'll keep you posted.
Well after normal usage for the past week, it seems like everything is back to normal. Neither myself nor my girlfriend have had any problems. Let me know if you need to see anything else or if there is anything else I should do. If not, feel free to archive this and if this same problem pops up in the future, I will PM you.
Thanks for your help!
As long as everything is OK for you that is fine :bigthumb:
You can delete DSS.exe and any logs we have produced
There is no need for me to give you any tips on staying safe,
because PSKelley covered that ;)
Have a happy Xmas
K'
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.