|
|
|
Internet Explorer pops up on Startu
|
Original Message
|
Name: donthavaclue
Date: January 8, 2007 at 12:26:28 Pacific
Subject: Internet Explorer pops up on StartuOS: windows xpCPU/Ram: pentium 4, 768 m |
Comment: Please help! My internet explorer automatically pops up every time I start or reboot my computer. It doesn't really display anything, but the same url comes up in five or more different windows. It has also affected my AOL. When I click on Aol, it bypasses the sign on screen and goes directly to internet explorer with this same url. Micro Trend pops up with a warning that I'm trying to access a dangerous website. What can I do about this?
Report Offensive Message For Removal
|
|
Response Number 1
|
Name: jabuck
Date: January 8, 2007 at 14:42:06 Pacific
Subject: Internet Explorer pops up on Startu |
Reply: (edit) Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly. Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
 Report Offensive Follow Up For Removal
|
|
Response Number 2
|
Name: donthavaclue
Date: January 8, 2007 at 16:18:58 Pacific
Subject: Internet Explorer pops up on Startu |
Reply: (edit)Thanks so much for your response. Sorry it took me so long to get the log back to you. I'm a little slow at this kind of stuff. But here's what I have. Logfile of HijackThis v1.99.1
Scan saved at 2:06:56 PM, on 1/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1158955071\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\CTRegRun.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\America Online 9.0\AOL.EXE
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AOL\AOL 9.0\aoltray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\program files\common files\aol\1158955071\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1158955071\ee\aolsoftware.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34AA1~1\Bar888.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34AA1~1\Bar888.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158955071\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f4452b6ad3af4d449f8a61faf3abefdd
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f4452b6ad3af4d449f8a61faf3abefdd
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: http://care.alltel.com
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.8.4....
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Acti...
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://aolsvc.aol.com/onlinegames/t...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/121cba8...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/f...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Report Offensive Follow Up For Removal
|
|
Response Number 3
|
Name: donthavaclue
Date: January 8, 2007 at 16:41:34 Pacific
Subject: Internet Explorer pops up on Startu |
Reply: (edit)I forgot to post the other report. Sorry. Here it is. SmitFraudFix v2.132 Scan done at 18:39:16.75, Mon 01/08/2007
Run from C:\Program Files\Common Files\mozilla.org\GRE\1.7.13_2006041421\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Home
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Home\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Home\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Report Offensive Follow Up For Removal
|
|
Response Number 4
|
Name: jabuck
Date: January 8, 2007 at 19:00:56 Pacific
Subject: Internet Explorer pops up on Startu |
Reply: (edit)Go to start > controlpanel > software > add/remove programs and uninstall next if present: Oin
Yazzle by Oin
YazzleActiveX By OIN
Yazzle anything
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it
888 toolbar
or anything with 888 in it
Lime Wire If OIN not listed, download and run this uninstaller OiUninstaller.exe Reboot when done! Really important! Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode Download and install AVG Anti-Spyware We will need this later in safe mode Be sure to update AVG Anti- Spyware Please download ComboFix to the desktop from this link: http://download.bleepingcomputer.com/sUBs/combofix.exe Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.) Please post the combofix.txt log. Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked": All of the 01's O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34AA1~1\Bar888.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34AA1~1\Bar888.dll O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.... - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Acti... O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/121cba8... O20 - AppInit_DLLs:
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing) Exit Hijack This but remain in safe mode. Navigate to and delete these files if found: C:\Windows\System32\wineij32.dll C:\Program Files\LimeWire\LimeWire.exe Navigate to and delete this folder if found: C:\Program Files\LimeWire Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared. AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Post the AVG-AntiSpyware log and a new Hijack This log please.
Report Offensive Follow Up For Removal
|
|
Response Number 5
|
Name: donthavaclue
Date: January 9, 2007 at 06:56:25 Pacific
Subject: Internet Explorer pops up on Startu |
Reply: (edit)Thanks so much for your help, jabuck. I'm getting ready to run Hijack This in safe mode but I wanted to post the Combofix log first. Here it is. Home - 07-01-09 8:39:08.23 Service Pack 1
ComboFix 06.11.27 - Running from: "C:\Program Files" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\taskkill.com
C:\Program Files\Common Files\{34AA102A-07CA-1033-1113-010723010001}
C:\Program Files\Common Files\{A4AA102A-07CA-1033-1113-010723010001}
((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))
2007-01-09 08:35 381,390 --a------ C:\Program Files\combofix.exe
2007-01-09 08:32 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-09 08:30 776,096 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-09 08:30 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-09 08:30 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-09 08:30 27,776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-09 08:30 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2007-01-09 08:30 <DIR> d-------- C:\Documents and Settings\Home\Application Data\AVG7
2007-01-09 08:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-01-09 08:09 47,104 --a------ C:\Program Files\ATF-Cleaner.exe
2007-01-09 08:02 109,576 --a------ C:\Program Files\OiUninstaller.exe
2007-01-08 13:49 <DIR> d-------- C:\Program Files\SmitfraudFix
2007-01-08 13:36 2,500 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-08 13:35 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-08 13:35 778,958 --a------ C:\Program Files\SmitfraudFix.exe
2007-01-08 13:35 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-08 13:35 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-08 13:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-08 13:35 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-08 10:19 1,410,680 --a------ C:\Program Files\install_flash_player.exe
2007-01-08 08:41 <DIR> d-------- C:\Desktop
2007-01-07 14:46 92,485 --a------ C:\tc.exe
2007-01-06 04:51 10,376,696 --a------ C:\Program Files\ymsgr8us.exe
2007-01-06 04:24 415,784 --a------ C:\Program Files\msgr8us.exe
2007-01-05 23:25 1,475,376 --a------ C:\Program Files\GenuineCheck.exe
2007-01-05 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-01-05 23:20 29,724,464 --a------ C:\Program Files\IE7-WindowsServer2003-x64-enu.exe
2007-01-05 22:08 281,600 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-01-05 22:08 101,376 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2007-01-05 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-01-05 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-01-05 21:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-01-05 21:50 70,874,664 --a------ C:\Program Files\pccillin2007_v151329_trial.exe
2007-01-05 21:39 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-01-05 21:38 1,839,480 --a------ C:\Program Files\noadware.exe
2007-01-05 21:37 <DIR> d-------- C:\Program Files\Common Files\housecalls
2007-01-05 21:36 <DIR> d-------- C:\New Folder
2007-01-05 21:21 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-05 20:37 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-01-05 20:37 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-01-05 20:37 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-01-05 20:37 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-01-05 20:37 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-01-05 20:37 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-01-05 20:37 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-04 21:38 <DIR> d-------- C:\WINDOWS\bak
2007-01-03 16:02 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Motive
2007-01-03 15:47 <DIR> d-------- C:\Program Files\PlayFirst
2007-01-03 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-01-03 15:13 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Google
2007-01-03 11:46 <DIR> d-------- C:\Program Files\Ipwindows
2007-01-03 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-01-02 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2007-01-02 09:50 <DIR> d-------- C:\WINDOWS\wt
2007-01-02 09:49 <DIR> d-------- C:\Program Files\WildTangent
2007-01-02 00:02 <DIR> d-------- C:\Program Files\Google
2007-01-01 10:46 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-01-01 10:46 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2007-01-01 10:46 <DIR> d-------- C:\WUTemp
2007-01-01 10:35 75,776 --a------ C:\WINDOWS\system32\CNBJMON2.DLL
2006-12-30 22:26 92,485 --a------ C:\gp.exe
2006-12-30 20:48 <DIR> d--hs---- C:\WINDOWS\system32\kenubnaevv
2006-12-29 19:41 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Creative
2006-12-29 19:33 <DIR> d-------- C:\Program Files\Audible
2006-12-29 19:29 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2006-12-29 19:29 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2006-12-29 19:29 <DIR> d--h----- C:\Program Files\Creative Installation Information
2006-12-29 19:29 <DIR> d-------- C:\Program Files\Common Files\Creative
2006-12-29 19:25 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-12-29 19:25 151,552 --------- C:\WINDOWS\system32\pxwma.dll
2006-12-29 19:25 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-29 19:25 <DIR> d-------- C:\Program Files\illiminable
2006-12-29 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2006-12-29 19:23 <DIR> d-------- C:\Program Files\Yahoo!
2006-12-29 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2006-12-29 19:20 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-12-29 19:20 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-12-29 19:20 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-12-29 19:20 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-12-29 19:20 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-12-29 19:20 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-12-29 19:20 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-12-29 19:20 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-12-29 19:20 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-12-29 19:20 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-12-29 19:20 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-12-29 19:20 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-12-29 19:20 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-12-29 19:20 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-12-29 19:20 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2006-12-29 19:20 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-12-29 19:20 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2006-12-29 19:20 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-12-29 19:20 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2006-12-29 19:20 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-12-29 19:20 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2006-12-29 19:20 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-12-29 19:20 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2006-12-29 19:20 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-12-29 19:20 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-12-29 19:20 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-12-29 19:20 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2006-12-28 21:20 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-12-28 21:20 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2006-12-28 21:20 <DIR> d-------- C:\Program Files\MSN Messenger
2006-12-28 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2006-12-28 20:58 <DIR> d-------- C:\Program Files\Creative
2006-12-28 20:14 <DIR> d-------- C:\WINDOWS\Motive
2006-12-28 20:14 <DIR> d-------- C:\Program Files\ALLTEL DSL Check-up Center
2006-12-28 20:13 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2006-12-28 20:13 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2006-12-28 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2006-12-28 20:03 589,824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll
2006-12-28 20:03 <DIR> d-------- C:\Program Files\Common Files\Motive
2006-12-28 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2006-12-28 19:55 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2006-12-28 19:55 22,016 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2006-12-28 19:55 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-12-28 19:55 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-12-28 19:55 <DIR> d-------- C:\Program Files\Microsoft Hardware
2006-12-12 23:28 <DIR> d-------- C:\Program Files\Microsoft Visual Studio
2006-12-12 23:28 <DIR> d-------- C:\Program Files\Common Files\Designer
2006-12-12 23:27 <DIR> d-------- C:\WINDOWS\ShellNew
2006-12-12 23:27 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Microsoft Web Folders
2006-12-12 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2006-12-12 08:52 <DIR> d-------- C:\Program Files\Common Files\xing shared
2006-12-12 08:51 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Real
2006-12-12 08:49 <DIR> d-------- C:\My Downloads
2006-12-10 18:27 <DIR> d-------- C:\Program Files\Common Files\Scanner
2006-12-10 01:56 66,048 --a------ C:\WINDOWS\system32\durvily.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-09 08:39 -------- d-------- C:\Program Files\Common Files
2007-01-09 08:34 -------- d-------- C:\Program Files\America Online 9.0
2007-01-09 08:29 -------- d---s---- C:\Documents and Settings\Home\Application Data\Microsoft
2007-01-05 21:50 -------- d-------- C:\Program Files\AOL
2007-01-05 20:37 -------- d--h----- C:\Program Files\WindowsUpdate
2007-01-04 22:12 -------- d-------- C:\Program Files\QuickTime
2007-01-04 16:55 -------- d-------- C:\Documents and Settings\Home\Application Data\Adobe
2007-01-02 09:35 -------- d-------- C:\Program Files\Adobe
2007-01-02 09:02 -------- d-------- C:\Program Files\Common Files\Adobe
2007-01-02 08:05 -------- d-------- C:\Program Files\Adobe Extract
2006-12-30 16:32 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-29 19:31 -------- d-------- C:\Program Files\Windows Media Player
2006-12-28 21:20 -------- d-------- C:\Program Files\Real
2006-12-28 21:20 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-13 10:09 1397528 --------- C:\Program Files\Fonts.zip
2006-12-13 10:09 103558501 --------- C:\Program Files\Adobe Extract.zip
2006-12-12 23:28 -------- d-------- C:\Program Files\Common Files\System
2006-12-12 23:27 -------- d-------- C:\Program Files\Microsoft Office
2006-12-12 23:26 -------- d-------- C:\Program Files\microsoft frontpage
2006-12-12 08:52 -------- d-------- C:\Program Files\Common Files\Real
2006-12-02 21:27 69 --a-s---- C:\WINDOWS\test.bat
2006-11-18 08:19 -------- d-------- C:\Program Files\Fonts
2006-11-15 12:20 -------- d-------- C:\Program Files\ProFantasy Software Ltd
2006-11-15 12:12 -------- d-------- C:\Program Files\Campaign Cartographer
2006-11-14 02:26 -------- d-------- C:\Program Files\South River Technologies
2006-11-14 01:05 532480 --a------ C:\WINDOWS\system32\home box office.scr
2006-11-11 09:33 -------- d-------- C:\Program Files\Dictionary
2006-11-11 08:24 -------- d-------- C:\Program Files\AIM
2006-11-10 08:28 -------- d-------- C:\Program Files\Winamp
2006-11-10 01:59 -------- d-------- C:\Program Files\ginttaspar80
2006-11-10 01:59 -------- d-------- C:\Program Files\Campaign Suite Extended
2006-11-08 03:11 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-08 03:11 56 -r-hs---- C:\WINDOWS\system32\D1A9D7B755.sys
2006-10-21 02:59 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-10-21 02:59 286720 --------- C:\WINDOWS\Setup1.exe
2006-10-18 16:18 99024 --a------ C:\WINDOWS\MozillaUninstall.exe
2006-10-18 16:18 98512 --a------ C:\WINDOWS\GREUninstall.exe
2006-10-10 08:23 877 --a------ C:\Documents and Settings\Home\Application Data\AdobeDLM.log
2006-10-10 08:23 0 --a------ C:\Documents and Settings\Home\Application Data\dm.ini
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"CTSyncU.exe"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0\\AOL.EXE\" -b"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.8472\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1158955071\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"POINTER"="point32.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\ALLTEL~1\\SMARTB~1\\MotiveSB.exe"
"ymetray"="\"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe\" -preload"
"CTRegRun"="C:\\WINDOWS\\CTRegRun.EXE"
"LXSUPMON"="C:\\WINDOWS\\System32\\LXSUPMON.EXE RUN"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,7c,01,00,00,00,00,00,00,63,02,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineij32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job Completion time: 07-01-09 8:40:17.84
C:\ComboFix.txt ... 07-01-09 08:40
Report Offensive Follow Up For Removal
|
|
Response Number 6
|
Name: donthavaclue
Date: January 9, 2007 at 07:06:55 Pacific
Subject: Internet Explorer pops up on Startu |
Reply: (edit)I'm sorry to be such a pain, jabuck, but I tried to go into the "safe mode" by pressing the F8 key and the only options it gave was: Please select boot device:
Removable dev.
Hard drive
ATAPI CD-Rom
IBA 4.0.19 Slot 0208 Am I doing something wrong?
Report Offensive Follow Up For Removal
|
|
Response Number 7
|
Name: jabuck
Date: January 9, 2007 at 14:42:03 Pacific
Subject: Internet Explorer pops up on Startu |
Reply: (edit)Check in the "A" drive (floppy) for a disk if you have a floppy drive. Then check your cd-rom or dvd to see if a disk is in them. Remove any disk and try to boot into safe mode again.
Report Offensive Follow Up For Removal
|
|
Response Number 8
|
Name: donthavaclue
Date: January 10, 2007 at 16:41:06 Pacific
Subject: Internet Explorer pops up on Startu |
Reply: (edit)Hi, Jabuck. I know it took a long time to get back to you. I finally figured out that I had downloaded the wrong version of the AVG software. And when I tried to get to the ewido website, Mozzila kept timing out, and my internet explorer just sits there and does nothing. Thank goodness. I'm so glad that it doesn't continuously pop up now. Anyway, i did manage to download the correct spyware. I have that log and the Hijack this log. Please don't give up on me. I'm just a little slow at this. Thanks again.
AVG Anti-Spyware - Scan Report
+ Created at: 6:28:40 PM 1/10/2007
+ Scan result: C:\Program Files\Ipwindows\ipwins.exe -> Adware.Maxifiles : No action taken.
C:\gp.exe -> Adware.MaxSearch : No action taken.
C:\tc.exe -> Adware.MaxSearch : No action taken.
:mozilla.25:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.26:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.28:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.31:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.32:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.33:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.421:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Home\Cookies\home@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.189:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.190:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.191:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.153:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.154:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.155:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.156:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.157:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.158:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.393:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.11:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.19:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.20:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.21:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.22:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.63:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.64:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.65:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.66:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Ashley\Cookies\ashley@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Home\Cookies\home@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.433:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Adviva : No action taken.
:mozilla.46:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.91:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Ashley\Cookies\ashley@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Home\Cookies\home@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.203:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.74:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.75:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.76:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.83:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.84:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.85:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.86:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.87:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.88:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.89:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.90:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.227:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.188:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.63:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.335:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.336:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.337:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.338:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.103:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.23:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Ashley\Cookies\ashley@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Home\Cookies\home@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.204:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.205:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.206:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.207:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Ashley\Cookies\ashley@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.131:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.140:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.141:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.142:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.112:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.113:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.75:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.76:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.77:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.78:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.79:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.80:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.81:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.82:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Ashley\Cookies\ashley@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.426:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.216:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.218:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.219:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.220:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.352:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.111:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.112:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.52:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Ashley\Cookies\ashley@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Home\Cookies\home@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.152:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.390:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.105:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.106:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.107:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.108:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.109:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.82:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.83:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.84:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.85:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Home\Cookies\home@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.193:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.194:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.86:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.87:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.332:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Realtracker : No action taken.
:mozilla.248:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.249:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.40:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.41:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.42:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.43:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.44:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.45:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.316:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.317:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.318:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.319:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.320:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.321:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.159:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.161:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.162:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.163:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.165:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.242:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.243:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.244:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.245:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.323:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.144:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.145:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.146:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.147:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.148:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.149:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.150:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Ashley\Cookies\ashley@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.143:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.60:C:\Documents and Settings\Home\Application Data\Mozilla\Profiles\default\1fheggo5.slt\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Ashley\Cookies\ashley@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Home\Cookies\home@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.324:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.325:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.326:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.327:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.328:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.329:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.330:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.199:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.17:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.18:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.20:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.21:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.22:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.23:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.24:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.25:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.26:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Ashley\Cookies\ashley@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.208:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.209:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.210:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.211:C:\Documents and Settings\Ashley\Application Data\Mozilla\Profiles\default\dmu2qs9u.slt\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\RECYCLER\S-1-5-21-842925246-1637723038-1801674531-1004\Dc43.zip/adobe adobe PHOTOSHOP CS.exe -> Trojan.Agent.vg : No action taken.
C:\RECYCLER\S-1-5-21-842925246-1637723038-1801674531-1004\Dc44.zip/adobe photoshop 8.exe -> Trojan.Agent.vg : No action taken.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 6:30:36 PM, on 1/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1158955071\ee\AOLSoftware.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AOL\AOL 9.0\aoltray.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
c:\program files\common files\aol\1158955071\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1158955071\ee\aolsoftware.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158955071\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f4452b6ad3af4d449f8a61faf3abefdd
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f4452b6ad3af4d449f8a61faf3abefdd
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O15 - Trusted Zone: http://care.alltel.com
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.8.4....
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Acti...
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://aolsvc.aol.com/onlinegames/t...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/f...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Report Offensive Follow Up For Removal
|
|
Response Number 9
|
Name: jabuck
Date: January 10, 2007 at 19:15:57 Pacific
Subject: Internet Explorer pops up on Startu |
Reply: (edit)That is good. Update AVG-AntiSpyware. Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Reboot into safe mode. Run Hijack this and remove these items: O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com Exit Hijack This but remain in safe mode. Navigate to and delete these files if found: C:\tc.exe C:\tc.exe C:\Program Files\Ipwindows\ipwins.exe Navigate to and delete this folder if found: C:\Program Files\Ipwindows Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
On your last scan AVGAS was not set to Quarantine, it must be set that way . In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared. AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Post a new combofix log and a new Hijack This scan please.
Report Offensive Follow Up For Removal
|
|
Response Number 10
|
Name: donthavaclue
Date: January 11, 2007 at 18:51:44 Pacific
Subject: Internet Explorer pops up on Startu |
Reply: (edit)Thanks so much, jabuck. Logfile of HijackThis v1.99.1
Scan saved at 8:37:25 PM, on 1/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1158955071\ee\AOLSoftware.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
c:\program files\common files\aol\1158955071\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\lexpps.exe
c:\program files\common files\aol\1158955071\ee\aolsoftware.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\AOL\AOL 9.0\aoltray.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158955071\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windstream Broadband Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f4452b6ad3af4d449f8a61faf3abefdd
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f4452b6ad3af4d449f8a61faf3abefdd
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O15 - Trusted Zone: http://care.alltel.com
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.8.4....
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Acti...
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://aolsvc.aol.com/onlinegames/t...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/f...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Home - 07-01-11 20:28:40.75 Service Pack 1
ComboFix 06.11.27 - Running from: "C:\Program Files" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\taskkill.com
((((((((((((((((((((((((((((((( Files Created from 2006-12-11 to 2007-01-11 ))))))))))))))))))))))))))))))))))
2007-01-10 20:34 183,965 --a------ C:\utc.exe
2007-01-10 17:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-10 17:18 6,469,352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe
2007-01-09 12:18 <DIR> d-------- C:\WINDOWS\pss
2007-01-09 08:35 381,390 --a------ C:\Program Files\combofix.exe
2007-01-09 08:32 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-09 08:30 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-09 08:30 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-09 08:30 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-09 08:30 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-09 08:30 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2007-01-09 08:30 <DIR> d-------- C:\Documents and Settings\Home\Application Data\AVG7
2007-01-09 08:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-01-09 08:09 47,104 --a------ C:\Program Files\ATF-Cleaner.exe
2007-01-09 08:02 109,576 --a------ C:\Program Files\OiUninstaller.exe
2007-01-08 13:49 <DIR> d-------- C:\Program Files\SmitfraudFix
2007-01-08 13:36 2,500 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-08 13:35 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-08 13:35 778,958 --a------ C:\Program Files\SmitfraudFix.exe
2007-01-08 13:35 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-08 13:35 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-08 13:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-08 13:35 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-08 10:19 1,410,680 --a------ C:\Program Files\install_flash_player.exe
2007-01-08 08:41 <DIR> d-------- C:\Desktop
2007-01-06 04:51 10,376,696 --a------ C:\Program Files\ymsgr8us.exe
2007-01-06 04:24 415,784 --a------ C:\Program Files\msgr8us.exe
2007-01-05 23:25 1,475,376 --a------ C:\Program Files\GenuineCheck.exe
2007-01-05 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-01-05 23:20 29,724,464 --a------ C:\Program Files\IE7-WindowsServer2003-x64-enu.exe
2007-01-05 22:08 281,600 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-01-05 22:08 101,376 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2007-01-05 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-01-05 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-01-05 21:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-01-05 21:50 70,874,664 --a------ C:\Program Files\pccillin2007_v151329_trial.exe
2007-01-05 21:39 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-01-05 21:38 1,839,480 --a------ C:\Program Files\noadware.exe
2007-01-05 21:37 <DIR> d-------- C:\Program Files\Common Files\housecalls
2007-01-05 21:36 <DIR> d-------- C:\New Folder
2007-01-05 21:21 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-05 20:37 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-01-05 20:37 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-01-05 20:37 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-01-05 20:37 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-01-05 20:37 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-01-05 20:37 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-01-05 20:37 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-04 21:38 <DIR> d-------- C:\WINDOWS\bak
2007-01-03 16:02 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Motive
2007-01-03 15:47 <DIR> d-------- C:\Program Files\PlayFirst
2007-01-03 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-01-03 15:13 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Google
2007-01-03 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-01-02 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2007-01-02 09:50 <DIR> d-------- C:\WINDOWS\wt
2007-01-02 09:49 <DIR> d-------- C:\Program Files\WildTangent
2007-01-02 00:02 <DIR> d-------- C:\Program Files\Google
2007-01-01 10:46 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-01-01 10:46 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2007-01-01 10:46 <DIR> d-------- C:\WUTemp
2007-01-01 10:35 75,776 --a------ C:\WINDOWS\system32\CNBJMON2.DLL
2006-12-30 20:48 <DIR> d--hs---- C:\WINDOWS\system32\kenubnaevv
2006-12-29 19:41 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Creative
2006-12-29 19:33 <DIR> d-------- C:\Program Files\Audible
2006-12-29 19:29 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2006-12-29 19:29 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2006-12-29 19:29 <DIR> d--h----- C:\Program Files\Creative Installation Information
2006-12-29 19:29 <DIR> d-------- C:\Program Files\Common Files\Creative
2006-12-29 19:25 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-12-29 19:25 151,552 --------- C:\WINDOWS\system32\pxwma.dll
2006-12-29 19:25 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-29 19:25 <DIR> d-------- C:\Program Files\illiminable
2006-12-29 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2006-12-29 19:23 <DIR> d-------- C:\Program Files\Yahoo!
2006-12-29 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2006-12-29 19:20 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-12-29 19:20 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-12-29 19:20 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-12-29 19:20 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-12-29 19:20 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-12-29 19:20 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-12-29 19:20 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-12-29 19:20 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-12-29 19:20 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-12-29 19:20 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-12-29 19:20 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-12-29 19:20 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-12-29 19:20 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-12-29 19:20 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-12-29 19:20 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2006-12-29 19:20 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-12-29 19:20 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2006-12-29 19:20 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-12-29 19:20 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2006-12-29 19:20 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-12-29 19:20 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2006-12-29 19:20 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-12-29 19:20 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2006-12-29 19:20 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-12-29 19:20 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-12-29 19:20 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-12-29 19:20 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
20
| |
