Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
HELP! My desktop background is sometimes blue and sometimes it has an advertisement as the backgroun. I get loads and loads of pop-up ads. I have tried to use Spybot & Adaware but neither have worked. Any ideas? Below is the log from HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:33 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1117165902\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Gloria\Local Settings\Temporary Internet Files\Content.IE5\N5BZ5HLA\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ContextEnhancer - {4C6C4BA2-1646-0F3A-1FAE-B393C162C92E} - C:\Program Files\ContextEnhancer\ContextEnhancer-2.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117165902\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: &Search - ?p=ZZ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {1D8A63E5-F219-11D4-9BD1-000039051213} - http://a19.g.akamai.net/7/19/7125/4051/ftp.coupons.com/CouponBar/CouponBar.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://remote.ascensioncapitalgroup.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://real.gamehouse.com/games/dinerdash2/DinerDash2.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.47.55.downloads.esta....12.117.12_52732&=&req=1164366306109OneCC.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/f...itaire-secret-island/SpinTopGamesLauncher.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {B12213CD-4189-415D-A054-7999528459F7} (pixelStormLauncher Class) - http://aolsvc.aol.com/onlinegames/free-trial-word-travels/pixelstormlauncher.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10.6.0.6.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://aolsvc.aol.com/onlinegames/oberonmajongescape/PTGameLauncher.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15451 bytes
 

·
Retired Moderator
Joined
·
72,109 Posts
Hi Welcome to TSG!!

Download SDFix and save it to your Desktop.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • Open the c:\SDFix folder and double click RunThis.cmd to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #3 ·
Thank you for the help! Unfortunately, I am still having trouble. I have nasty sex ads popping up all the time. SDFix is the first log.

a-squared Command Line Scanner - Version 3.0

c:\program files\kazaa detected: Trace.Directory.KaZaA
c:\documents and settings\gloria\start menu\programs\sidestep detected: Trace.Directory.SideStep IE SideBar
c:\windows\downloaded program files\default.inf detected: Trace.File.iePlugin
c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf detected: Trace.File.MyWebSearch Toolbar
c:\documents and settings\gloria\start menu\sidestep.lnk detected: Trace.File.SideStep IE SideBar
Key: HKEY_CURRENT_USER\software\kazaa detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0 detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b0seconds detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\in --> b1 detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> b detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\lastestimate --> time detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0 detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b0seconds detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\bandwidth\out --> b1 detected: Trace.Registry.KaZaA
Value: HKEY_LOCAL_MACHINE\software\kazaa\cloudload --> sharedir detected: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa\connectioninfo detected: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa\localcontent detected: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\kazaa detected: Trace.Registry.KaZaA
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking detected: Trace.Registry.KaZaA
Value: HKEY_CURRENT_USER\Software\BestToolbars\IEToolbar --> firstTime detected: Trace.Registry.SearchNet Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{640B39C1-D713-464F-92C3-75BD972B95EE}\DownloadInformation --> CODEBASE detected: Trace.Registry.SideStep IE SideBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{640B39C1-D713-464F-92C3-75BD972B95EE}\DownloadInformation --> INF detected: Trace.Registry.SideStep IE SideBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{640B39C1-D713-464F-92C3-75BD972B95EE}\InstalledVersion --> LastModified detected: Trace.Registry.SideStep IE SideBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{640B39C1-D713-464F-92C3-75BD972B95EE} --> Installer detected: Trace.Registry.SideStep IE SideBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{640B39C1-D713-464F-92C3-75BD972B95EE} --> SystemComponent detected: Trace.Registry.SideStep IE SideBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3E230861-5C87-11D3-A1C6-00105A1B41B8} --> BandCLSID detected: Trace.Registry.SideStep IE SideBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3E230861-5C87-11D3-A1C6-00105A1B41B8} --> ButtonText detected: Trace.Registry.SideStep IE SideBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3E230861-5C87-11D3-A1C6-00105A1B41B8} --> CLSID detected: Trace.Registry.SideStep IE SideBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3E230861-5C87-11D3-A1C6-00105A1B41B8} --> Default Visible detected: Trace.Registry.SideStep IE SideBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3E230861-5C87-11D3-A1C6-00105A1B41B8} --> HotIcon detected: Trace.Registry.SideStep IE SideBar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3E230861-5C87-11D3-A1C6-00105A1B41B8} --> Icon detected: Trace.Registry.SideStep IE SideBar
Value: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {3E230861-5C87-11D3-A1C6-00105A1B41B8} detected: Trace.Registry.UnSpyPC
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall --> DisplayName detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall --> HelpLink detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall --> Publisher detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall --> UninstallString detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall --> UrlInfoAbout detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> Build detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> CfgUrl detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> ConfigDateStamp detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> ConfigRevision detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> ConfigRevisionURL detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> CurInstall detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> Flags detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> HTMLMenuRevision detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> Id detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> pid detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> pl detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> ShzmCurInstall detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> sr detected: Trace.Registry.Need2Find Bar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar --> Visible detected: Trace.Registry.Need2Find Bar
Value: HKEY_CLASSES_ROOT\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib --> Version detected: Trace.Registry.VirusBursters
Value: HKEY_CLASSES_ROOT\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib --> Version detected: Trace.Registry.VirusBursters
c:\program files\viewpoint\viewpoint toolbar detected: Trace.Directory.Viewpoint Media Toolbar
Value: HKEY_CURRENT_USER\Software\Viewpoint\Content Debugger --> SearchBar detected: Trace.Registry.Viewpoint Media Toolbar
Value: HKEY_CURRENT_USER\Software\Viewpoint\Content Debugger --> Viewbar Installer detected: Trace.Registry.Viewpoint Media Toolbar
Value: HKEY_CURRENT_USER\Software\Viewpoint\Content Debugger --> Viewpoint Manager detected: Trace.Registry.Viewpoint Media Toolbar
Value: HKEY_CURRENT_USER\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer detected: Trace.Registry.Viewpoint Media Toolbar
c:\windows\system32\activscr.dll detected: Trace.File.Summer Storm
Value: HKEY_CLASSES_ROOT\CLSID\{0991F601-3ACE-11D2-B3F1-0040053949C2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Summer Storm
Value: HKEY_CLASSES_ROOT\CLSID\{272481A3-39EA-11D2-B3F1-0040053949C2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Summer Storm
Value: HKEY_CLASSES_ROOT\CLSID\{3BC05A9B-423F-11D2-B3F1-0040053949C2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Summer Storm
Value: HKEY_CLASSES_ROOT\CLSID\{44197BE1-03E2-11D4-8512-00A0CC3D5744}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Summer Storm
Value: HKEY_CLASSES_ROOT\CLSID\{592A2812-1950-11D4-8514-00A0CC3D5744}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Summer Storm
Value: HKEY_CLASSES_ROOT\CLSID\{61AE9DEE-39D8-11D2-9955-00C0D1561041}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Summer Storm
Value: HKEY_CLASSES_ROOT\CLSID\{61AE9DF0-39D8-11D2-9955-00C0D1561041}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Summer Storm
Value: HKEY_CLASSES_ROOT\CLSID\{61AE9DF2-39D8-11D2-9955-00C0D1561041}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Summer Storm
Value: HKEY_CLASSES_ROOT\CLSID\{F1C8C330-F627-11D3-8512-00A0CC3D5744}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Summer Storm
c:\program files\instant cd & dvd burner detected: Trace.Directory.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\General --> ProgramCode detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> ArchiveFiles detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> Bootable detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> BootImage detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> CacheSize detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> CloseDisc detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> EjectDisc detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> ExtractFolder detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> FirstRun detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> ImportSession detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> JolietFS detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> PerformOPC detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> QuickSaveISO detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> SavePath detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> SessionNo detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> ShowFiles detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> TestWrite detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> UnderRunProtection detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> UpdateURL detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CURRENT_USER\Software\Instant CD & DVD Burner\Options --> VolumeLabel detected: Trace.Registry.Instant CD & DVD Burner PRO
Value: HKEY_CLASSES_ROOT\CLSID\{6434AFDA-BD68-492F-9A46-58E0160BDE6B}\InprocServer32 --> ThreadingModel detected: Trace.Registry.SpywareBot 3.6
C:\Documents and Settings\Gloria\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][3].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][3].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][3].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][4].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][3].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][3].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\Cookies\[email protected][1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Gloria\My Documents\My Music\Top of Charts - 2004.wma detected: Trojan-Downloader.WMA.Wimad.l
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Backup\CscC6013.BUD/cpbrkpie.ocx detected: Adware.Coupons.h
C:\Program Files\PlayMP3z\PlayMP3.exe detected: Adware.Win32.Agent.jb
C:\Program Files\Weight\weightcommandersetup3.exe detected: Dialer
C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll detected: Adware.Win32.SideStep.g
Found

Files: 5
Traces: 90
Cookies: 31
Processes: 0

Quarantined

Files: 4
Traces: 86
Cookies: 31
Processes: 0
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #4 ·
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:34 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\1117165902\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Gloria\Desktop\SDFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Gloria\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ContextEnhancer - {4C6C4BA2-1646-0F3A-1FAE-B393C162C92E} - C:\Program Files\ContextEnhancer\ContextEnhancer-2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1117165902\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Gloria\Application Data\Deskbar_{D8601737-42E7-4fa7-8E16-F09CAB419A2A}\starter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: &Search - ?p=ZZ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {1D8A63E5-F219-11D4-9BD1-000039051213} - http://a19.g.akamai.net/7/19/7125/4051/ftp.coupons.com/CouponBar/CouponBar.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://remote.ascensioncapitalgroup.com/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://real.gamehouse.com/games/dinerdash2/DinerDash2.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} -
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.47.55.downloads.esta....12.117.12_52732&=&req=1164366306109OneCC.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/f...itaire-secret-island/SpinTopGamesLauncher.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {B12213CD-4189-415D-A054-7999528459F7} (pixelStormLauncher Class) - http://aolsvc.aol.com/onlinegames/free-trial-word-travels/pixelstormlauncher.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/aolpPlugins.10.6.0.6.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://aolsvc.aol.com/onlinegames/oberonmajongescape/PTGameLauncher.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15112 bytes
 

·
Retired Moderator
Joined
·
72,109 Posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive and all other fixed drives..
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.

Please perform a scan with Kaspersky Webscan Online Virus Scanner

1. Read the Requirements and Privacy statement, then select "Accept".
2. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
3. Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. When the download is complete it will say ready, click "Next".
5. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
6. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
7. Click "OK".
8. Under "Select a target to scan", click on "My Computer".
9. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top