View Full Version : CmdService and GenericAd?
goodgetsbetter
2006-10-25, 02:19
Okay so I'll admit I'm not great with understanding this all..
I've read the other posts trying to find things that are similar to mine and although I've found a few that look identical, they have different custom responses so I decided to post this... Sorry if this is redundant..
I know that whatever I am infected with came from a file my brother opened that he downloaded with Frostwire.
I've run Panda ActiveScan as well as Spybot.
Spybot found "Command Service" and "Network Monitor" that it couldn't fix, even on reboot...
Here is the HJT log..
Logfile of HijackThis v1.99.1
Scan saved at 4:13:13 PM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\1159768727\ee\AOLSoftware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\lragtqqA.exe
C:\kybrdff_e36.exe
C:\nwnmff_e36.exe
C:\Program Files\Common Files\{9843FBB6-096B-1033-0223-061025050001}\Update.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4022
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4022
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\owkdu.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,arrhfbv.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {75AEBF82-CFDC-4BB6-A11B-2CA8F9F101F7} - C:\Program Files\MSN Gaming Zone\hore.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159768727\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [lragtqqA] C:\WINDOWS\lragtqqA.exe
O4 - HKLM\..\Run: [suq43048] RUNDLL32.EXE w1681229.dll,n 00643042000000031681229
O4 - HKLM\..\Run: [{3F-FB-BB-B6-ZN}] c:\windows\system32\dsreg.exe GEN001
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e35.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e35.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - C:\Program Files\Batty2\Batty2.dll
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\system32\iyeshare.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Thanks.
goodgetsbetter
2006-10-25, 02:29
I saved the Panda ActiveScan log too.
If you want me to post just ask...
It's pretty huge though...
pskelley
2006-10-25, 16:36
Welcome to the forum, if you still need help, please be aware that you have a pretty good mess here. My first suggestion is to advise you to stay offline as much as possible, this junk will attract more.
Let's start with the fix for Alcan worm, thanks to Metallica and any others who helped with this fix.
1. Please download Ewido Anti-Malware (http://www.ewido.net/en/download/)
Install ewido anti-malware
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates (http://download.ewido.net/ewido-signatures-full-current.exe)
2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
Do not do anything with these yet!
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
4. Once in Safe Mode, Open Ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.
Hold the logs until after the next tool, combofix is run.
Thanks to sUBs and anyone who helped with this fix.
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window while it's running. That may cause it to stallIf the log is large You might need to post half in one reply half in another.
Make sure the computer has been restarted and post the combofix log, ewido scan report and a new HJT log.
Thanks
goodgetsbetter
2006-10-25, 18:43
Hi, pskelley,
When I ran ewido in safemode, I saved the log while it was set to "ignore once" for everything. After I set it to "recommend actions" and told it to perform actions, it froze while doing it...
It appears that it still quarinteened at least some of the infection..
I don't know though.
Owner - 06-10-25 8:31:43.98 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Owner.CLARKCOMP001\Desktop"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
Granting sedebugprivilege to Administrators ... successful
((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))
* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *
O4 - HKCU\...\Run C:\WINDOWS\system32\yntyuu.exe
O4 - HKLM\...\Run C:\WINDOWS\system32\yntyuu.exe
F2 -REG:system.ini: UserInit C:\WINDOWS\system32\arrhfbv.exe
* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *
06-10-25 08:25 127488 yntyuu.exe.qoo
06-10-25 08:25 127488 ekicg.dat.qoo
06-10-23 12:43 23552 arrhfbv.exe.qoo
06-10-23 12:43 53 bllple.dat.qoo
DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Billy\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Guest\Application Data\Dxcuknwrd.dll
C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\Dxcknwrd.dll
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\offun.exe
C:\WINDOWS\system32\bszip.dll
C:\Program Files\Common Files\{3843FBB6-096B-1033-0223-061025050001}
C:\Program Files\Common Files\{9843FBB6-096B-1033-0223-061025050001}
((((((((((((((((((((((((((((((( Files Created from 2006-09-25 to 2006-10-25 ))))))))))))))))))))))))))))))))))
2006-10-25 06:48 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-23 12:43 554 --a------ C:\WINDOWS\wiafl.dll
2006-10-23 12:43 183,478 --a------ C:\WINDOWS\srvvozepkm.exe
2006-10-23 12:43 1,259 --a------ C:\WINDOWS\system32\suq43048.sys
2006-10-11 22:02 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-11 22:02 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-11 22:02 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-10-11 21:57 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2006-10-11 21:54 57,344 --a------ C:\WINDOWS\system32\CNCI160.DLL
2006-10-11 21:54 161,792 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2006-10-11 21:54 135,168 --a------ C:\WINDOWS\system32\CNCL160.DLL
2006-10-11 21:54 106,496 --a------ C:\WINDOWS\system32\cnco160.dll
2006-10-11 21:54 1,134,592 --a------ C:\WINDOWS\system32\CNCC160.DLL
2006-10-08 10:08 78,488 --a------ C:\WINDOWS\system32\XMD5.dll
2006-10-02 12:04 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 12:04 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 12:04 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 12:04 635,486 --a------ C:\WINDOWS\system32\DivX.dll
2006-10-01 20:49 90,112 --------- C:\WINDOWS\snymsico.dll
2006-10-01 20:49 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2006-10-01 20:49 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2006-10-01 20:49 643,072 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2006-10-01 20:49 585,728 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2006-10-01 20:49 520,192 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2006-10-01 20:49 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2006-10-01 20:49 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2006-10-01 20:49 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2006-10-01 20:49 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2006-10-01 12:45 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-01 12:45 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-29 23:49 23,040 --------- C:\WINDOWS\kb913800.exe
2006-09-29 19:19 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-09-29 19:19 249,856 --------- C:\WINDOWS\Setup1.exe
2006-09-28 21:57 228,788 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_671.exe
2006-09-28 21:56 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-28 17:25 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-26 16:40 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-25 08:32 -------- d-------- C:\Program Files\Common Files
2006-10-25 08:28 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-25 06:48 -------- d-------- C:\Program Files\Grisoft
2006-10-24 22:03 -------- d-------- C:\Program Files\Warcraft III
2006-10-24 16:06 -------- d-------- C:\Program Files\Windows Media Player
2006-10-24 16:05 -------- d-------- C:\Program Files\MSN Messenger
2006-10-24 16:05 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-24 16:02 -------- d-------- C:\Program Files\Messenger
2006-10-24 16:02 -------- d-------- C:\Program Files\iTunes
2006-10-24 16:01 -------- d-------- C:\Program Files\Internet Explorer
2006-10-24 15:59 -------- d-------- C:\Program Files\Digital Media Reader
2006-10-24 15:58 -------- d-------- C:\Program Files\Common Files\System
2006-10-24 15:14 -------- d-------- C:\Program Files\Windows Plus
2006-10-24 15:14 -------- d-------- C:\Program Files\Online Services
2006-10-24 12:16 -------- d-------- C:\Program Files\PSDream
2006-10-24 12:16 -------- d-------- C:\Program Files\PSCastor
2006-10-24 12:16 -------- d-------- C:\Program Files\CMIntex
2006-10-23 23:04 -------- d-------- C:\Program Files\Diablo II
2006-10-23 15:57 -------- d---s---- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\Microsoft
2006-10-23 13:29 -------- d-------- C:\Program Files\GameSpy Arcade
2006-10-23 12:43 32208 ---hs---- C:\Program Files\Common Files\Y1324OU.exe
2006-10-22 22:39 -------- d-------- C:\Program Files\QuickTime
2006-10-22 22:39 -------- d-------- C:\Program Files\iPod
2006-10-18 14:51 -------- d-------- C:\Program Files\Yahoo!
2006-10-15 18:38 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\DivX
2006-10-15 18:37 -------- d-------- C:\Program Files\DivX
2006-10-14 10:12 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-11 22:03 -------- d-------- C:\Program Files\Canon
2006-10-11 21:59 -------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2006-10-11 21:59 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-11 21:59 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\ScanSoft
2006-10-11 21:58 -------- d-------- C:\Program Files\ScanSoft
2006-10-11 21:57 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-11 21:57 -------- d-------- C:\Program Files\ArcSoft
2006-10-11 21:54 -------- d--h----- C:\Program Files\CanonBJ
2006-10-08 17:41 -------- d-------- C:\Program Files\MSN
2006-10-08 15:34 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\MySpace
2006-10-08 10:19 -------- d-------- C:\Program Files\SpywareBot
2006-10-08 10:03 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\McAfee.com Personal Firewall
2006-10-06 15:11 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\Sun
2006-10-02 20:42 -------- d-------- C:\Program Files\AOD
2006-10-02 20:42 -------- d-------- C:\Program Files\AIM
2006-10-02 20:42 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\Aim
2006-10-01 23:00 -------- d-------- C:\Program Files\AOL
2006-10-01 22:59 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-01 22:58 -------- d-------- C:\Program Files\Common Files\aolshare
2006-10-01 22:53 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\Sony Corporation
2006-10-01 22:18 -------- d-------- C:\Program Files\Sony
2006-10-01 20:48 -------- d-------- C:\Program Files\Common Files\Sony Shared
2006-09-30 11:23 -------- d-------- C:\Program Files\StealthBot
2006-09-30 10:25 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-30 01:56 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\FrostWire
2006-09-30 01:20 -------- d-------- C:\Program Files\Outlook Express
2006-09-29 20:32 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\Mozilla
2006-09-29 19:21 -------- d-------- C:\Program Files\Hero Editor
2006-09-29 18:58 -------- d-------- C:\Program Files\BitComet
2006-09-29 18:00 -------- d-------- C:\Program Files\MSXML 4.0
2006-09-29 17:58 -------- d-------- C:\Program Files\Microsoft Games
2006-09-29 17:09 -------- d-------- C:\Program Files\FrostWire
2006-09-29 15:46 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\Macromedia
2006-09-29 15:39 -------- d-------- C:\Program Files\support.com
2006-09-28 21:57 -------- d-------- C:\Program Files\Alcohol Toolbar
2006-09-28 21:56 -------- d-------- C:\Program Files\Alcohol Soft
2006-09-28 20:58 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\Help
2006-09-28 18:22 -------- d-------- C:\Program Files\Bethesda Softworks
2006-09-27 16:12 -------- d-------- C:\Program Files\Pure Networks
2006-09-27 16:12 -------- d-------- C:\Program Files\Google
2006-09-26 13:44 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-09-26 12:44 -------- d-------- C:\Program Files\EA GAMES
2006-09-25 09:50 -------- d-------- C:\Program Files\3DO
2006-09-25 09:43 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\CyberLink
2006-09-25 07:02 -------- d-------- C:\Documents and Settings\Owner.CLARKCOMP001\Application Data\Adobe
2006-09-23 19:04 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-09-23 19:04 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-09-23 19:04 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-09-22 21:44 -------- d-------- C:\Program Files\THQ
2006-09-22 21:28 2829 --a------ C:\WINDOWS\War3Unin.pif
2006-09-22 21:28 139264 --a------ C:\WINDOWS\War3Unin.exe
2006-09-22 20:57 94208 --a------ C:\WINDOWS\DIIUnin.exe
2006-09-22 20:57 2829 --a------ C:\WINDOWS\DIIUnin.pif
2006-09-12 22:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 08:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-08-24 22:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 22:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30 532992 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 22:30 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-08-24 22:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 22:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-08-24 22:30 211968 --a------ C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 22:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-08-24 22:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30 133120 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-08-24 22:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 20:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27 249344 --a------ C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 20:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 19:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-24 19:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-24 19:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 19:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 04:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 20:14 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-10 16:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-10 16:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-07 08:17 61440 --a------ C:\WINDOWS\system32\BattyRun2.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 10:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"readericon"="C:\\Program Files\\Digital Media Reader\\readericon45G.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"CHotkey"="zHotkey.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\
69,6e,64,5f,58,50,2e,65,78,65,00
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
55,41,52,44,2e,45,58,45,00
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"RTHDCPL"="RTHDCPL.EXE"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"tgcmd"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1159768727\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"seekmo"="\"c:\\program files\\seekmo\\seekmo.exe\""
"SpywareBot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
"CanonMyPrinter"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"OpwareSE4"="\"C:\\Program Files\\ScanSoft\\OmniPageSE4.0\\OpwareSE4.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"suq43048"="RUNDLL32.EXE w1681229.dll,n 00643042000000031681229"
"{3F-FB-BB-B6-ZN}"="c:\\windows\\system32\\dsreg.exe GEN001"
"Alcmtr"="ALCMTR.EXE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"lragtqqA"="C:\\WINDOWS\\lragtqqA.exe"
goodgetsbetter
2006-10-25, 18:45
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Online Services\\kyzeweqe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Windows Plus\\howy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="NA"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-10-25 8:37:01.04
C:\ComboFix.txt ... 06-10-25 08:37
C:\ComboFix2.txt ... 06-10-25 08:30
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:14:47 AM 10/25/2006
+ Scan result:
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP37\A0022673.exe -> Adware.180Solutions : Ignored.
C:\Documents and Settings\Billy\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\stub_sca4[1].exe -> Adware.BookedSpace : Ignored.
C:\Program Files\Batty2\Batty2.dll -> Adware.CASClient : Ignored.
C:\Program Files\Batty2\Batty2.exe -> Adware.CASClient : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP38\A0023770.exe -> Adware.CASClient : Ignored.
C:\WINDOWS\system32\BattyRun2.dll -> Adware.CASClient : Ignored.
C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : Ignored.
C:\WINDOWS\IA\command.exe -> Adware.CommAd : Ignored.
C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\DeluxeCommunications\Dxc.exe -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\DeluxeCommunications\DxcBho.dll -> Adware.DeluxeCommunications : Ignored.
C:\Program Files\DeluxeCommunications\DxcCore.dll -> Adware.DeluxeCommunications : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Ignored.
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
HKU\S-1-5-21-2274761656-568007786-3683569145-1007\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
HKU\S-1-5-21-2274761656-568007786-3683569145-1007\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Ignored.
HKU\S-1-5-21-2274761656-568007786-3683569145-1007\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Ignored.
C:\Documents and Settings\Billy\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\Installer[2].exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP38\A0025807.exe -> Adware.Look2Me : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP38\A0023772.exe -> Adware.PurityScan : Ignored.
C:\Program Files\Common Files\{3843FBB6-096B-1033-0223-061025050001}\MyToolBar.dll -> Adware.Softomate : Ignored.
C:\Program Files\Common Files\{9843FBB6-096B-1033-0223-061025050001}\Update.exe -> Adware.Softomate : Ignored.
C:\Program Files\Common Files\{9843FBB6-096B-1033-0223-061025050001}\services.dll -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\Cache -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\about.html -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\basis.xml -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\deskbar.crc -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\deskbar.inf -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\icons.bmp -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\inst.bat -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\mbback.bmp -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\mbbigopen.bmp -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\mbclose.bmp -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\mbfwd.bmp -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\mblogo.bmp -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\mbsep.bmp -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\options.html -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\softomate.gif -> Adware.Softomate : Ignored.
C:\Program Files\Deskbar\version.txt -> Adware.Softomate : Ignored.
C:\deskbar.exe -> Adware.Softomate : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E} -> Adware.Softomate : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38} -> Adware.Softomate : Ignored.
HKLM\SOFTWARE\Classes\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F} -> Adware.Softomate : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBTB00001.DBTB00001Deskbar -> Adware.Softomate : Ignored.
HKU\S-1-5-21-2274761656-568007786-3683569145-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8B28872-3324-4CD2-8AA3-7D555C872D96} -> Adware.Softomate : Ignored.
C:\Documents and Settings\Billy\Local Settings\Temp\i2A.tmp -> Adware.SurfSide : Ignored.
C:\Documents and Settings\Billy\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\DXC9[1].exe -> Adware.SurfSide : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP37\A0022687.dll -> Adware.SurfSide : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP37\A0022688.dll -> Adware.SurfSide : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP37\A0022689.exe -> Adware.SurfSide : Ignored.
C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[292] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[340] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[352] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[520] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[584] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
[648] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Ignored.
C:\Documents and Settings\Billy\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\TIGEN001[1].exe -> Adware.ZenoSearch : Ignored.
C:\Documents and Settings\Billy\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\drsmartload44a[1].exe -> Downloader.Adload.fu : Ignored.
C:\WINDOWS\Temp\ASHeuristic\drsmartload44a[1]_exe.vir -> Downloader.Adload.fu : Ignored.
C:\WINDOWS\Temp\ASHeuristic\mc44a36_exe.vir -> Downloader.Adload.fu : Ignored.
C:\mc44a36.exe -> Downloader.Adload.fu : Ignored.
C:\Documents and Settings\Billy\Local Settings\Temp\OA.exe -> Downloader.PurityScan.cq : Ignored.
C:\Program Files\Common Files\Y1324OA.exe -> Downloader.PurityScan.cq : Ignored.
C:\Documents and Settings\Billy\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\installerwnus[1].exe -> Downloader.Qoologic.at : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP38\A0025889.exe -> Downloader.Qoologic.bj : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP38\A0025890.dll -> Downloader.Qoologic.bj : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP38\A0025891.exe -> Downloader.Qoologic.bj : Ignored.
C:\WINDOWS\system32\ekicg.dat -> Downloader.Qoologic.bj : Ignored.
[1036] C:\WINDOWS\system32\fusyldg.dll -> Downloader.Qoologic.bj : Ignored.
C:\Documents and Settings\Billy\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\al3[1].txt -> Downloader.Small : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP37\A0022645.exe -> Downloader.Small.ajc : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP37\A0022656.exe -> Downloader.Small.ajc : Ignored.
C:\Documents and Settings\Billy\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP38\A0025805.exe -> Downloader.Small.buy : Ignored.
C:\Program Files\MSN Gaming Zone\hore.dll -> Downloader.Small.ctp : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP37\A0022686.dll -> Downloader.Small.ctp : Ignored.
C:\Documents and Settings\Billy\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\ac3_0003[1].exe -> Downloader.Small.cyh : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP38\A0025892.exe -> Downloader.VB.ang : Ignored.
C:\WINDOWS\lragtqq.exe -> Dropper.Agent.mu : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP37\A0023741.exe -> Hijacker.Small : Ignored.
C:\Documents and Settings\Billy\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\wallpap[1].exe -> Hijacker.Small.jf : Ignored.
C:\Program Files\Online Services\kyzeweqe.html -> Hijacker.Small.jf : Ignored.
C:\Program Files\Windows Plus\howy.html -> Hijacker.Small.jf : Ignored.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP38\A0025747.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
:mozilla.10:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.11:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@admarketplace[1].txt -> TrackingCookie.Admarketplace : Ignored.
C:\Documents and Settings\Guest\Cookies\guest@admarketplace[1].txt -> TrackingCookie.Admarketplace : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignored.
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt -> TrackingCookie.Adrevolver : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@www.adtrak[1].txt -> TrackingCookie.Adtrak : Ignored.
:mozilla.26:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.27:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.28:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.29:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@advertising[1].txt -> TrackingCookie.Advertising : Ignored.
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : Ignored.
:mozilla.30:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Momther\Cookies\momther@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Ignored.
goodgetsbetter
2006-10-25, 18:46
C:\Documents and Settings\Billy\Cookies\billy@com[1].txt -> TrackingCookie.Com : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignored.
:mozilla.8:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\Momther\Cookies\momther@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignored.
:mozilla.34:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.35:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@fastclick[1].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.7:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\ovkwv4on.default\cookies.txt -> TrackingCookie.Findwhat : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@ehg-speakeasy.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Momther\Cookies\momther@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.36:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.Hitslink : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@hotlog[2].txt -> TrackingCookie.Hotlog : Ignored.
:mozilla.24:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Guest\Cookies\guest@overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@qksrv[2].txt -> TrackingCookie.Qksrv : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@revenue[1].txt -> TrackingCookie.Revenue : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@edge.ru4[2].txt -> TrackingCookie.Ru4 : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Ignored.
C:\Documents and Settings\Momther\Cookies\momther@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@media.top-banners[1].txt -> TrackingCookie.Top-banners : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignored.
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignored.
:mozilla.32:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.33:C:\Documents and Settings\Billy\Application Data\Mozilla\Firefox\Profiles\vyrzi36v.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@ac2.valuead[1].txt -> TrackingCookie.Valuead : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@valueclick[1].txt -> TrackingCookie.Valueclick : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored.
C:\Documents and Settings\Billy\Cookies\billy@zedo[1].txt -> TrackingCookie.Zedo : Ignored.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 8:46:14 AM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1159768727\ee\AOLSoftware.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4022
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4022
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {75AEBF82-CFDC-4BB6-A11B-2CA8F9F101F7} - C:\Program Files\MSN Gaming Zone\hore.dll (file missing)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159768727\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [suq43048] RUNDLL32.EXE w1681229.dll,n 00643042000000031681229
O4 - HKLM\..\Run: [{3F-FB-BB-B6-ZN}] c:\windows\system32\dsreg.exe GEN001
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [lragtqqA] C:\WINDOWS\lragtqqA.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
pskelley
2006-10-25, 18:59
Please try running the AVG Anti-Spyware 7.5 scan again, follow the directions in this link:
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/33/ especially in number 6. Almost everything located was ignored. Place the setting like the instructions in #6. Before you post the next scan report, edit out cookies(make sure they are removed) and System Restore items. (we will clean that later) Whatever we do not remove with these tools we have to remove manually. You have removed a lot, but there is still much to remove. Make sure you restart the computer and post a new HJT log after the scan has been run.
Thanks
goodgetsbetter
2006-10-25, 22:32
The first saved report of the scan was before I checked "Recommend Actions"
After I checked it and began the fix, the program crashed.
I ran it again in safe mode, and once it came near the finish, all of the results went blank.
It still said that it had found 47 infected files but it didn't show anything.
Lag perhaps? I waited for a bit but nothing appeared... I saved the log and it is empty, I'll post it anyways... I still selected "recommend actions" and then began the actions...
So I'm not sure... I'll post a new hjt log too.
Thanks for the help so far, you've been extremely patient and more than helpful.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:18:16 PM 10/25/2006
+ Scan result:
::Report end
Empty report :sad:
And here is the HJT log...
Logfile of HijackThis v1.99.1
Scan saved at 12:31:58 PM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\1159768727\ee\AOLSoftware.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4022
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT4022
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {75AEBF82-CFDC-4BB6-A11B-2CA8F9F101F7} - C:\Program Files\MSN Gaming Zone\hore.dll (file missing)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159768727\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [suq43048] RUNDLL32.EXE w1681229.dll,n 00643042000000031681229
O4 - HKLM\..\Run: [{3F-FB-BB-B6-ZN}] c:\windows\system32\dsreg.exe GEN001
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [lragtqqA] C:\WINDOWS\lragtqqA.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Thanks again...
pskelley
2006-10-25, 23:46
OK and thanks for your efforts, let's allow HJT a try to see what it can accomplish.
1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
3) Start > Control Panel > Add Remove programs and uninstall:
seekmo, ZenoSearch, SpywareBot and other program you know should not be there. If you are unsure about any, let me know and I will look.
4) Turn off TeaTimer until you are done, it will block changes we must make:
http://russelltexas.com/malware/teatimer.htm
5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
The R items are optional and not making the browser run better. You can leave them if you wish. I left the Comcast assuming it is your HomePage?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.h...s=DTP&M=GT4022
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=DTP&M=GT4022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=DTP&M=GT4022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...s=DTP&M=GT4022
(next item is not working right if at all with the file missing, download it fresh if you use it once we are done)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {75AEBF82-CFDC-4BB6-A11B-2CA8F9F101F7} - C:\Program Files\MSN Gaming Zone\hore.dll (file missing)
(next two toolbar, you can leave them if you are positive they are safe)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe" G
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [suq43048] RUNDLL32.EXE w1681229.dll,n 00643042000000031681229
O4 - HKLM\..\Run: [{3F-FB-BB-B6-ZN}] c:\windows\system32\dsreg.exe GEN001
O4 - HKLM\..\Run: [lragtqqA] C:\WINDOWS\lragtqqA.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\
Close all programs but HJT and all browser windows, then click on "Fix Checked"
RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\WINDOWS\lragtqqA.exe <<< delete this file (watch it is in C:\Windows\)
c:\program files\seekmo\ <<< delete this folder
C:\Program Files\SpywareBot\ <<< delete this folder
c:\windows\system32\dsreg.exe <<< delete this file
C:\WINDOWS\system32\dwdsregt.exe <<< delete this file
Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post a new HJT log. Give me a report on how that computer is running now.
Thanks
goodgetsbetter
2006-10-26, 00:14
I tried to run AVG out of safemode to see if it would work without crashing like it did in Safemode, so some of these are missing...
I'm gonna reply in parentesis...
1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
(done)
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
(done)
3) Start > Control Panel > Add Remove programs and uninstall:
seekmo, ZenoSearch, SpywareBot and other program you know should not be there. If you are unsure about any, let me know and I will look.
(None of the 3 were on the list,... I deleted Seekmo from it a while ago, I've never seen the others)
4) Turn off TeaTimer until you are done, it will block changes we must make:
http://russelltexas.com/malware/teatimer.htm
(I've had to have TeaTimer disabled for a while, when it is on I am spammed with boxes saying that something is trying to change the registry:sad: )
5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
The R items are optional and not making the browser run better. You can leave them if you wish. I left the Comcast assuming it is your HomePage?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.h...s=DTP&M=GT4022
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=DTP&M=GT4022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=DTP&M=GT4022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...s=DTP&M=GT4022
(next item is not working right if at all with the file missing, download it fresh if you use it once we are done)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {75AEBF82-CFDC-4BB6-A11B-2CA8F9F101F7} - C:\Program Files\MSN Gaming Zone\hore.dll (file missing)
(next two toolbar, you can leave them if you are positive they are safe)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.1.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe" G
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [suq43048] RUNDLL32.EXE w1681229.dll,n 00643042000000031681229
O4 - HKLM\..\Run: [{3F-FB-BB-B6-ZN}] c:\windows\system32\dsreg.exe GEN001
O4 - HKLM\..\Run: [lragtqqA] C:\WINDOWS\lragtqqA.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\
Close all programs but HJT and all browser windows, then click on "Fix Checked"
(Done with all of these, except again, seekmo and spywarebot were not there)
RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\WINDOWS\lragtqqA.exe <<< delete this file (watch it is in C:\Windows\)
c:\program files\seekmo\ <<< delete this folder
C:\Program Files\SpywareBot\ <<< delete this folder
c:\windows\system32\dsreg.exe <<< delete this file
C:\WINDOWS\system32\dwdsregt.exe <<< delete this file
(these were gone... probably from AVG... so will they come back?)
Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
(done)
Restart the computer and post a new HJT log. Give me a report on how that computer is running now.
(I will post the HJT log when I reboot)
Thanks
(Once again thank you for your patience and help. I was getting frusterated before I came to these forums and you've been an awesome help.)
pskelley
2006-10-26, 00:16
Please post a new HJT log after you have completed those instructions so I can see what is done. I will know more then.
Thanks
goodgetsbetter
2006-10-26, 00:22
Logfile of HijackThis v1.99.1
Scan saved at 2:21:43 PM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\1159768727\ee\AOLSoftware.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {75AEBF82-CFDC-4BB6-A11B-2CA8F9F101F7} - (no file)
O2 - BHO: (no name) - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - (no file)
O2 - BHO: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159768727\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
goodgetsbetter
2006-10-26, 00:29
So it looks like Seekmo and Spywarebot have returned and the
O20 - Winlogon Notify: SharedDlls - C:\WINDOWS\
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\
are back in the HJT log...
pskelley
2006-10-26, 00:43
OK, we still have some problems. This item:
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
Is still there? Did you look for it in Add Remove programs? Did you look for and delete the folder:
c:\program files\seekmo\ <<< folder??
Try this information: http://www.seekmo.com/downloads/aboutSearchAssistant.aspx
You also have this back in the log and it was gone, you are not downloading this item are you?
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
this is a bad thing, it used to be called SurfSideKick and we need to get rid of it. Let's do this:
1) Follow these instructions:
Thanks to Grinler and anyone else who helped with this fix.
http://www.bleepingcomputer.com/forums/topic66364.html
I would print them so you can see them when you are working.
2) Follow these instruction next:
Thanks to Atribune and any others who helped with this fix.
Please download Look2Me-Destroyer.exe (http://www.atribune.org/ccount/click.php?id=7) to your desktop.
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
More info:
If for some reason Look2Me-Destroyer doesn't reopen check that task scheduler is running.
If it isnt you can use sc.exe to start it
start>run sc start schedule press enter.
Make sure the computer has been restarted and post the C:\Look2Me-Destroyer.txt and a new HiJackThis log.
Thanks
goodgetsbetter
2006-10-26, 01:26
No luck...
I could not find "DeluxeCommunications" anywhere.
I followed the guide you showed but it did not show up on the list and there is no program file for it. Same as Seekmo...
And the Look2Me-Destroyer did not find L2M...
There is no C:\Look2Me-Destroyer.txt file.
Here is another HJT Log though... :sad:
Logfile of HijackThis v1.99.1
Scan saved at 3:24:32 PM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\AOL\1159768727\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {75AEBF82-CFDC-4BB6-A11B-2CA8F9F101F7} - (no file)
O2 - BHO: (no name) - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - (no file)
O2 - BHO: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159768727\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Seekmo is STILL in the HJT log....
Is it possible that HJT is wrong?
:mad: :sad: My computer is frustrating...
pskelley
2006-10-26, 02:20
I would like you to look again to make sure you are seeing all files and folders, this is very important.
How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Now I would like you to use Search Companion: Start > Search > All Files and folders. Then search for these:
You must allow search companion time to complete the search, it can not be rushed. You will know when search companion is done, and it can take a while as there are a lot of files to search through. If you have not unhidden all files and folder, search companion can not see them either. I would like the results of these searches:
c:\program files\seekmo\seekmo.exe <<< search for both the program (seekmo) and the file (seekmo.exe)
C:\Program Files\DeluxeCommunications\Dxc.exe <<< search for both the program (DeluxeCommunications) and the file (Dxc.exe)
Post that information for me.
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Look at these instructions, instruction number 3. This item is running in the log and is probably blocking changes.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe follow these directions to turn it off.
If you have trouble turning it off, than uninstall the complete program.
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/33/
Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.
Please make sure TeaTimer is turned off and leave it off until we are done:
http://russelltexas.com/malware/teatimer.htm
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {75AEBF82-CFDC-4BB6-A11B-2CA8F9F101F7} - (no file)
O2 - BHO: (no name) - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - (no file)
O2 - BHO: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Post a new HJT log and any information I requested above. Let me know of any issues you are experiencing at this point.
Thanks
goodgetsbetter
2006-10-26, 03:16
There was NO results for DeluxeCommunications, dxc.exe, or Seekmo.exe.
There were 4 results for Seekmo.
2 Shortcuts to the sites "Seekmo Customer Support"
1 shortcut to "seekmo unistall instructions"
and 1 folder in the start menu->programs->Seekmo
Adobe Flash Player 9
Adobe Reader 7.0
Age of Empires III
Agere Systems PCI-SV92PP Soft Modem
Alcohol Toolbar
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
ArcSoft PhotoStudio 5.5
Athlon 64 Processor Driver
AVG Anti-Spyware 7.5
Battlefield 2(TM)
BigFix
BitComet 0.70
Browser Address Error Redirector
Canon MP Navigator 3.0
Canon MP160
Canon MP160 User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
Comcast High-Speed Internet Install Wizard
Command & Conquer Red Alert 2
Dawn Of War - Winter Assault
DawnOfWar
Desktop Doctor
Diablo II
Digital Media Reader
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Solution
Easy-WebPrint
FrostWire
GameSpy Arcade
gtw_logo
Hero Editor V0.95
Heroes of Might and Magic® III
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
iTunes
J2SE Runtime Environment 5.0 Update 2
McAfee Uninstall Wizard
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Digital Image Starter Edition 2006
Microsoft Halo
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Microsoft Works
Morrowind
Mozilla Firefox (1.5)
MSN
MSXML 4.0 SP2 Parser and SDK
Multimedia Keyboard Driver
Napster
Napster Burn Engine
NVIDIA Drivers
Oblivion
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
Panda ActiveScan
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
ScanSoft OmniPage SE 4.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sonic Encoders
SonicStage 4.0
Spybot - Search & Destroy 1.4
StealthBot v2.6 Revision 3 (remove only)
TES Construction Set
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Westwood Shared Internet Components
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB886185
Windows XP Media Center Edition 2005 KB912067
Yahoo! Toolbar
Yazzle by OIN
Logfile of HijackThis v1.99.1
Scan saved at 5:12:43 PM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\AOL\1159768727\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159768727\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
pskelley
2006-10-26, 03:50
There were 4 results for Seekmo.
2 Shortcuts to the sites "Seekmo Customer Support"
1 shortcut to "seekmo unistall instructions"
and 1 folder in the start menu->programs->Seekmo
Were you able to locate and remove this junk?
I am looking for malware, you should look to see if there are programs you do not know or no longer use and get rid of them.
Do you use this item? >> Alcohol Toolbar
This is the one you said started the problem >> FrostWire
Check your Java console in the Control Panel for an update, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Get rid off all old versions >> J2SE Runtime Environment 5.0 Update 2
Viewpoint Media Player << I suggest you uninstall this, see this information:
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.clickz.com/news/article.php/3561546
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
Yazzle by OIN <<< this is part of PurityScan adware, I strongly suggest you uninstall it.
This HJT log appears clean of malwar:bigthumb: How is the computer running now?
You can remove combofix from your computer.
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks
goodgetsbetter
2006-10-26, 06:20
I cannot thank you enough. Seriously.:D: :)
goodgetsbetter
2006-10-26, 06:33
I have another question though...
When I turn on TeaTimer, I am prompted with a box that says
"Spybot - Search & Destroy has detected an important registry entry that has been changed"
Category : System Startup User Entry
Change: Value Deleted
Entry: DeluxeCommunications
Old Data: C:\program files\deluxecommunications\dxc.exe
Now it has 4 button choices...
One on the left, which the box is too small(and can't be made bigger?) so I can't read it, a ?, Info, and another one.
Perhaps "Unblock" and "Block"?
and then a "remember this decision" selection..
Should I just unblock the change?
pskelley
2006-10-26, 15:40
Since you made the change by removing DeluxeCommunications
(deleted the value) then accept the change.
Thanks...Phil
goodgetsbetter
2006-10-26, 16:54
But the alert box is screwed up. I couldn't tell which button is "accept"
I used HackRes to fix it though, and now I am good.
Thank you so much man... Really.
pskelley
2006-10-26, 17:02
If you are talking about TeaTimer alerts, and you are sure you are running the latest version with all updates, then post here:
http://forums.spybot.info/forumdisplay.php?f=4
They will help you with the issue.
Thanks
LonnyRJones
2006-11-03, 14:26
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).