Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Solution Center

Free IT eBook

Howtos

Site Search

Message Find

RSS Feeds

Install Guides

Data Recovery

About

Home
Reply to Message Icon Go to Main Page Icon

Subject: whataboutadog.com needs removing

Original Message
Name: RKyle
Date: November 29, 2007 at 11:45:08 Pacific
Subject: whataboutadog.com needs removing
OS: XP Pro 2002
CPU/Ram: Athlon 3000+2.16
Model/Manufacturer: Hybrid
Comment:
I have downloaded and run AWF. The following is the txt file.

bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\SYSTEM32\BAK

04/08/2004 02:56 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\BAK

04/08/2004 02:56 AM 158,208 MSConfig.exe
1 File(s) 158,208 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
158208 Aug 4 2004 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe"
158208 Aug 4 2004 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe"


end of report

I would like to remove this pest from my computer. Can someone guide me through the process PLEASE. Thank you.

Robert B. Kyle


Report Offensive Message For Removal

Response Number 1
Name: jabuck
Date: November 29, 2007 at 18:54:21 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
Please download and install the latest version of HijackThis v2.0.2:

Download the HijackThis Installer from this link: HijackThis

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe"

Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.


Report Offensive Follow Up For Removal

Response Number 2
Name: RKyle
Date: November 29, 2007 at 19:41:25 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
hijackthis notepad (longer than I thought it would be.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:28 PM, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifie

r.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.investorvoice.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

= http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} -

C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program

Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE"

/AUTORUN
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Opware12] "C:\Program

Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE"

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE"

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program

Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program

Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [EM_EXEC]

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program

Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero

BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program

Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifie

r.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

present
O8 - Extra context menu item: Convert link target to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF

- res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

- C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.investorvoice.ca
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan

Object) - http://www.kaspersky.com/kos/englis...
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client)

-

http://a516.g.akamai.net/f/516/2517...

25175/citrix/wficat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -

http://security.symantec.com/sscv6/...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://update.microsoft.com/windows...

/wuweb_site.cab?1151520742514
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

http://security.symantec.com/sscv6/...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -

https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/g...

b
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB -

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program

Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG

- C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -

C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia

Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10436 bytes


Robert B. Kyle


Report Offensive Follow Up For Removal

Response Number 3
Name: RKyle
Date: November 29, 2007 at 19:55:55 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 29/11/2007
The current time is: 20:53:59.87


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\SYSTEM32\BAK

04/08/2004 02:56 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\BAK

04/08/2004 02:56 AM 158,208 MSConfig.exe
1 File(s) 158,208 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
158208 Aug 4 2004 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig.exe"
158208 Aug 4 2004 "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe"


end of report


Robert B. Kyle


Report Offensive Follow Up For Removal

Response Number 4
Name: jabuck
Date: November 29, 2007 at 20:26:48 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)

Go to start> run> type in notepad > ok> click format> uncheck "Word Wrap" then exit notepad.

Option 3:
Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:


C:\WINDOWS\system32\bak
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak

Next, close and click Yes to save the changes.

Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.


Next Option 4.


Option 4:
Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones

This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

Next,

Launch Notepad, and copy/paste everything between the X's making "regedit4" the very top line.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
Delete the fixme.reg file just created.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.

Post a new Hijack This log.


Report Offensive Follow Up For Removal

Response Number 5
Name: RKyle
Date: November 29, 2007 at 20:33:04 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: 29/11/2007
The current time is: 21:31:56.26


bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

Robert B. Kyle


Report Offensive Follow Up For Removal

Response Number 6
Name: RKyle
Date: November 29, 2007 at 20:59:05 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
The log that ComboFix.exe produced is quite large; still want me to post it?

Robert B. Kyle


Report Offensive Follow Up For Removal

Response Number 7
Name: jabuck
Date: November 29, 2007 at 21:02:31 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
Yes please.

Report Offensive Follow Up For Removal

Response Number 8
Name: RKyle
Date: November 29, 2007 at 21:04:26 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
You sure have patience. Thank you.

ComboFix 07-11-19.4C - Robert Kyle 2007-11-29 21:49:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.621 [GMT -5:00]
Running from: C:\Documents and Settings\Robert Kyle\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Robert Kyle\Application Data\macromedia\Flash Player\#SharedObjects\PNFH82YB\www.broadcaster.com
C:\Documents and Settings\Robert Kyle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Robert Kyle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\_000006_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-29 12:48 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-27 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-27 16:39 7,001,401 --a------ C:\WINDOWS\system32\SNAGIT7
2007-11-27 04:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-22 16:44 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2007-11-22 16:43 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2007-11-22 16:41 <DIR> d-------- C:\Program Files\Macromedia
2007-11-17 16:48 <DIR> d-------- C:\Program Files\Citrix
2007-11-17 16:48 <DIR> d-------- C:\Documents and Settings\Robert Kyle\Application Data\ICAClient
2007-11-13 15:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-13 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-13 15:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-11 03:48 <DIR> d-------- C:\Program Files\Google
2007-11-10 05:34 <DIR> d-------- C:\Program Files\RegCure
2007-11-09 06:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-08 08:52 <DIR> d-------- C:\Program Files\SonicWallES
2007-11-08 06:29 164 --a------ C:\install.dat
2007-11-07 15:43 512 --a------ C:\ScanSectorLog.dat
2007-11-07 14:13 <DIR> d-------- C:\Documents and Settings\Robert Kyle\Application Data\MailFrontier
2007-11-07 14:02 3,463,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-07 14:02 47,444 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-06 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-06 18:26 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-06 18:25 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-11-06 18:24 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-06 18:19 <DIR> d-------- C:\Program Files\RegistryFix
2007-11-06 17:22 <DIR> d-------- C:\Program Files\WinFax
2007-10-19 20:16 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-10-19 20:16 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 23:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-29 17:58 --------- d-----w C:\Program Files\Java
2007-11-28 00:38 --------- d-----w C:\Program Files\QuickTime
2007-11-28 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-28 00:36 --------- d-----w C:\Program Files\Apple Software Update
2007-11-22 21:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 12:17 --------- d-----w C:\Program Files\MSN Messenger
2007-11-15 18:14 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 21:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-13 16:55 --------- d-----w C:\Documents and Settings\Robert Kyle\Application Data\Xara
2007-11-13 16:03 --------- d-----w C:\Program Files\Xara
2007-11-07 09:28 --------- d-----w C:\Documents and Settings\Robert Kyle\Application Data\Lavasoft
2007-09-29 23:45 --------- d-----w C:\Program Files\TechSmith
2007-09-29 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2007-01-04 00:31 22,616 ----a-w C:\Documents and Settings\Robert Kyle\Application Data\GDIPFONTCACHEV1.DAT
2006-12-08 19:17 630,784 ----a-w C:\Documents and Settings\Robert Kyle\GoToAssist_chat2way__317_en.exe
2006-02-11 18:38 56 --sh--r C:\WINDOWS\system32\8989084DAD.sys
2006-02-11 18:38 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 18:14]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 16:07]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-11 03:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 04:01 C:\WINDOWS\soundman.exe]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"QD FastAndSafe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 02:49]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 16:37]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 16:47]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-07-16 07:50]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 08:41]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-10-23 17:37:03]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

S3 WINIO;WINIO;\??\D:\winio.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-29 17:13:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-30 02:53:06 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-29 08:48:44 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-29 12:54:15 C:\WINDOWS\Tasks\User_Feed_Synchronization-{F47CF9BB-B844-4D89-9837-4A4AECBEFE8D}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 21:55:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-29 21:55:44 - machine was rebooted
.
--- E O F ---


HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:53 PM, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.investorvoice.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/englis...
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/2517...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10417 bytes

Robert B. Kyle


Report Offensive Follow Up For Removal

Response Number 9
Name: jabuck
Date: November 29, 2007 at 21:33:03 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present (Delete unless you set this)

Exit Hijack This.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Post one last Hijack This log if you like, but I suspect it will be clean.


Report Offensive Follow Up For Removal

Response Number 10
Name: RKyle
Date: November 29, 2007 at 22:06:17 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
Tried to reboot in safe mode, but there doesn't appear to be a last good configuration so I could only restart in normal mode. Suggestions jabuck?

Robert B. Kyle


Report Offensive Follow Up For Removal

Response Number 11
Name: RKyle
Date: November 29, 2007 at 22:41:34 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
Intuitively, what I said in my last post doesn't make sense. Howrver the computer would only reboot in normal mode and would not reboot in safe mode. IT's 11;39PM my time and I was up at 4:00 a.m. so I will log odd before I nod off. Thanks very much for your help Jabuck. I will revisit here tomorrow morning if you have any suggestions. Again, your help is extremely appreciated.
Robert

Robert B. Kyle


Report Offensive Follow Up For Removal

Response Number 12
Name: jabuck
Date: November 30, 2007 at 05:38:11 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
The following may fix your safe mode problem.

Download and run AVZ from rhis link Repair SafeBoot

Unzip it to a folder on your desktop
Double click on AVZ.exe
Click on the file tab and then click on System recovery
Put a checkmark next to Restore SafeBoot registry keys
Click on Execute selected operations


Report Offensive Follow Up For Removal

Response Number 13
Name: RKyle
Date: November 30, 2007 at 06:27:51 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
Good morning. I am downloading it now.

Robert B. Kyle


Report Offensive Follow Up For Removal

Response Number 14
Name: RKyle
Date: November 30, 2007 at 06:44:52 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
No change after running [Restore SafeBoot registry keys]. Still restricted to Normal Start.

Robert B. Kyle


Report Offensive Follow Up For Removal

Response Number 15
Name: RKyle
Date: November 30, 2007 at 09:37:51 Pacific
Subject: whataboutadog.com needs removing
Reply: (edit)
Find AWF report by noahdfear ©2006
Version 1.40

The current date is: 30/11/2007
The current time is: 10:35:22.90


bak folders found
~~~~~~~~~~~
I ran awf anyway and this was the result.


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report


Robert B. Kyle


Report Offensive Follow Up For Removal



Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: whataboutadog.com needs removing

Comments:
         

 
  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 


Data Recovery Software



Version Tracker Pro
Keep your software current and secure, effortlessly
Click Here for a Free Scan

Driver Agent
Automatically find the latest drivers for your computer.
 Click Here for a Free Scan

The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net, LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE

All content ©1996-2007 Computing.Net, LLC