Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - jmfft

Pages: [1]

Tech Clinic / malware having trouble eliminating HELP

« on: March 30, 2008, 08:18:15 PM »

thanks. i have followed your latest downloaded spywarebuster, immunized with spybot and updated avg. i will be looking at the links you mentioned at the bottom of your latest reply. the computer is running much better.

Tech Clinic / malware having trouble eliminating HELP

« on: March 29, 2008, 05:44:52 PM »

that was a typo. thanks for the help!

Tech Clinic / malware having trouble eliminating HELP

« on: March 28, 2008, 10:08:05 AM »

things seem to be running 100% better. no pop-ups or signs of a virus or malware anywhere. start-up seems to be quicker. here is the latest Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:20 AM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\usb.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Startup: AutoPlay.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Blooop by pogo - http://game1.pogo.com/v/8.1.6.3/applet/cas...scade-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.5.27/applet/ca...nasta-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/dr...poker-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/v/8.1.5.27/applet/gin2/gin2-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/ma...jong2-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/v/8.1.6.21/applet/fl...inger-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.5.27/applet/po...ppit2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sp...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sq...chies-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/ho...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.0.25/peak...s-ob-assets.cab
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.9.1.18/word...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/v/8.1.6.21/applet/wh...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/v/8.1.5.42/applet/wo...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/wo...class-en_US.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://sympatico.zone.msn.com/bingame/rtlw...bGameLoader.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://sympatico.zone.msn.com/bingame/pppp...rs.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://sympatico.zone.msn.com/bingame/amad...t/atomaders.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://download-games.pogo.com/online2/pog...mesLauncher.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://sympatico.zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://sympatico.zone.msn.com/bingame/zpag...vl.cab55579.cab
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} - http://sympatico.zone.msn.com/bingame/zpag...S2.cab61895.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) - http://zone.msn.com/bingame/zpagames/zpa_catan.cab36135.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong...ameLauncher.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games â€“ Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13765 bytes

I still have 37 processes that are running at all times. Is this normal?
They are:
Image Name Mem Usage
iexplore.exe 21,988k
alg.exe 3,596k
iPodService.exe 4,080k
iTunesHelper.exe 4,140k
guard.exe 1,332k
rundll32.exe 3,476k
realsched.exe 136k
mmtask.exe 2,904k
avgcc.exe 840k
ltmsg.exe 1,944k
usb.exe 3,192k
hpsysdrv.exe 1,952k
explorer.exe 27,824k
spoolsv.exe 4,776k
svchost.exe network 5,232k
svchost.exe local 4,620k
svchost.exe system 21,980k
taskmgr.exe 5,244k
mpbtn.exe 3,108k
svchost.exe network 4,340k
svcghost.exe system 5,172k
svchost.exe system 4,628k
lsass.exe 992k
services.exe 4,392k
winlogon.exe 1,104k
csrss.exe 5,100k
smss.exe 372k
nvsvc32.exe 2,400k
avgupsvc.exe 648k
GoogleToolbarNotifier.exe 804k
ctfmon.exe 3,956k
jusched.exe 2,672k
avgamsvr.exe 296k
MotiveSB.exe 15,092k
System 220k
Systemidle Process 16k

thanks

Tech Clinic / malware having trouble eliminating HELP

« on: March 27, 2008, 04:41:37 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:48 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\usb.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\SWHELP~1.EXE
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\SWHELP~1.EXE" -Update -1020023 -iexplore.exe7.0
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Blooop by pogo - http://game1.pogo.com/v/8.1.6.3/applet/cas...scade-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.5.27/applet/ca...nasta-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/dr...poker-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/v/8.1.5.27/applet/gin2/gin2-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/ma...jong2-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/v/8.1.6.21/applet/fl...inger-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.5.27/applet/po...ppit2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sp...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sq...chies-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/ho...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.0.25/peak...s-ob-assets.cab
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.9.1.18/word...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/v/8.1.6.21/applet/wh...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/v/8.1.5.42/applet/wo...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/wo...class-en_US.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://sympatico.zone.msn.com/bingame/rtlw...bGameLoader.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://sympatico.zone.msn.com/bingame/pppp...rs.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://sympatico.zone.msn.com/bingame/amad...t/atomaders.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://download-games.pogo.com/online2/pog...mesLauncher.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://sympatico.zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://sympatico.zone.msn.com/bingame/zpag...vl.cab55579.cab
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} - http://sympatico.zone.msn.com/bingame/zpag...S2.cab61895.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) - http://zone.msn.com/bingame/zpagames/zpa_catan.cab36135.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong...ameLauncher.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games â€“ Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 15027 bytes

Tech Clinic / malware having trouble eliminating HELP

« on: March 27, 2008, 03:29:57 PM »

AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Shockwave Player
Apple Software Update
ArcSoft Software Suite
AVG Anti-Spyware 7.5
AVG Free Edition
ClueFinders 6th Grade Adventures
Codec Pack - All In 1 6.0.2.6
Creative Photo Manager
Creative WebCam Center
Creative WebCam Instant Driver (1.03.02.0425)
Creative WebCam Instant User's Guide (English)
Cucusoft DVD to iPod + iPod Video Converter Suite 5.26.5.12
Cucusoft MPEG to DVD Author 1.09
DivX
DivX Converter
DivX Player
DivX Pro Codec
DivX Web Player
Documents To Go
Easy Internet Sign-up
Google Earth
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
hp center
HP Instant Support
HP RecordNow
Inactive HP Printer Drivers (Remove only)
Intel® PRO Network Adapters and Drivers
InterActual Player
InterVideo WinDVD
IPIX ActiveX Viewer
iTunes
James Bond 007: Nightfire
Java(tm) 6 Update 2
Language Arts 3 & 5
LEAD MCMP_MJPEG Codec Eval
Madeline Thinking Games
MAGIX Movie Edit Pro 11 (US)
Math 1 & 2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 6.0
Microsoft Works and Money 2002 Setup Launcher
Morpheus Toolbar
Motorola Phone Tools
MP3 Player Utilities
MP3 Rocket
MP3 To Wave Converter PLUS
Mr. Grabber
MSN Gaming Zone
MSN Music Assistant
MSN Toolbar
MSVC80_x86
MusicmatchÂ® Jukebox
My Photo Center
MyLearnExpress
Navilog1 3.5.1
NetZero For Cosmi
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Windows 2000/XP Display Drivers
Palm Desktop
PC Connectivity Solution
PC-Doctor for Windows
Phonics
Print Perfect Gold
Quicken 2002 New User Edition
Quicken Financial Center
QuickTime
Reading 1 & 2
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SightSpeed (remove only)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Studio
StudioTax 2005
Tcl 8.0.5 for Windows
TELUS eCare
TELUS eCare Plugin
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB
Web Savings from Ebates
WebCam Instant Product Registration
Winamp (remove only)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Related
Windows XP Service Pack 2
WordPerfect Office 2002 Try Before You Buy
WordPerfect Office 2002 Try Before You Buy
XviD MPEG-4 Codec

Tech Clinic / malware having trouble eliminating HELP

« on: March 26, 2008, 08:50:45 AM »

it looks like the virus is gone. thanks. do i need to keep all the programs downloaded to help with the fix? also, is there something I can do to reduce the number of processes that start as soon as my computer starts? Usually there are 43 processes are running from the get go. thanks for all of the assistance so far.

[quote name=\'jmfft\' post=\'424887\' date=\'Mar 25 2008, 11:18 PM\']Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:47 AM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\usb.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Blooop by pogo - http://game1.pogo.com/v/8.1.6.3/applet/cas...scade-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.5.27/applet/ca...nasta-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/dr...poker-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/v/8.1.5.27/applet/gin2/gin2-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/ma...jong2-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/v/8.1.6.21/applet/fl...inger-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.5.27/applet/po...ppit2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sp...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sq...chies-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/ho...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.0.25/peak...s-ob-assets.cab
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.9.1.18/word...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/v/8.1.6.21/applet/wh...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/v/8.1.5.42/applet/wo...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/wo...class-en_US.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games ï¿½ï¿½" Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://sympatico.zone.msn.com/bingame/rtlw...bGameLoader.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://sympatico.zone.msn.com/bingame/pppp...rs.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://sympatico.zone.msn.com/bingame/amad...t/atomaders.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://download-games.pogo.com/online2/pog...mesLauncher.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://sympatico.zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://sympatico.zone.msn.com/bingame/zpag...vl.cab55579.cab
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} - http://sympatico.zone.msn.com/bingame/zpag...S2.cab61895.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) - http://zone.msn.com/bingame/zpagames/zpa_catan.cab36135.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games ï¿½ï¿½" Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong...ameLauncher.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games ï¿½ï¿½" Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14373 bytes
ComboFix 08-03-25.2 - Owner 2008-03-25 23:55:17.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.328 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
TimedOut: progfile.dat
-- Script messages for sUBs --
VFind -rtd "C:\Program Files\spycrush*"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\

??*[0-9].dll"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mseggrpid.dll
C:\WINDOWS\tmlpcert2005

.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.

2008-03-25 23:47 . 2008-03-25 23:47 3,108 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-03-25 22:41 . 2008-03-25 22:57 <DIR> d-------- C:\Program Files\Navilog1
2008-03-25 22:32 . 2008-03-25 22:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-23 23:06 . 2008-03-23 23:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-03-23 23:06 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\SYSTEM32\drivers\AvgAsCln.sys
2008-03-23 16:01 . 2008-03-23 15:59 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-23 16:01 . 2008-03-23 16:01 2,550 --a------ C:\WINDOWS\unins000.dat
2008-03-23 11:40 . 2008-03-23 11:40 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-22 21:56 . 2008-03-22 21:56 49 --a------ C:\xmp.bat
2008-03-20 21:08 . 2008-03-20 21:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-20 21:08 . 2008-03-20 21:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-04 11:24 . 2008-03-04 11:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Avernum 4 Saved Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-03-24 07:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-24 01:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 00:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-23 20:58 --------- d-----w C:\Program Files\MSN Games
2008-03-23 20:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-23 18:08 --------- d-----w C:\Program Files\Morpheus Ultra
2008-03-23 18:05 --------- d-----r C:\Program Files\Morpheus
2008-03-23 17:46 --------- d-----w C:\Program Files\MorpheusBar
2008-03-22 20:51 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-03-22 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-14 06:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-02-25 00:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\MP3Rocket
2008-02-19 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\FloodLightGames
2008-02-19 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\FloodLightGames
2008-02-19 04:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\Flood Light Games
2008-02-19 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-02-17 03:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-02-16 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon
2008-02-16 03:53 --------- d-----w C:\Program Files\Oberon Media
2008-02-15 16:58 --------- d-----w C:\Program Files\InterActual
2008-01-31 00:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 23:13 --------- d-----w C:\Program Files\Maestro Learning(V)
2008-01-30 23:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2006-10-23 00:57 24,192 ----a-w C:\Documents and Settings\Owner\usbsermptxp.sys
2006-10-23 00:57 22,768 ----a-w C:\Documents and Settings\Owner\usbsermpt.sys
2006-09-28 04:19 65,296 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2004-09-30 23:15 45,568 --sha-w C:\Program Files\Thumbs.db
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\Program Files\Microsoft Works\WkDetect.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 10:22 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [ ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-03-28 22:13 258048]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 09:04 52736]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-06-15 15:34 212992]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 13:19 4841472]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 17:25 143360]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 16:36 90112]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"USB"="C:\WINDOWS\system32\usb.exe" [2001-07-03 14:14 102400]
"nwiz"="nwiz.exe" [2003-07-28 13:19 323584 C:\WINDOWS\SYSTEM32\nwiz.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 09:52 40960 C:\WINDOWS\ltmsg.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 00:23 579072]
"mmtask"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2006-01-17 13:03 53248]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-22 15:40 180269]
"NWEReboot"="" []
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 09:03 36864 C:\WINDOWS\SYSTEM32\P0620Pin.dll]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25 257088]
"Motive SmartBridge"="C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [2007-11-05 02:23 393216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [ ]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-05 00:24 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Palm\HOTSYNC.EXE [2003-03-17 17:50:26 299008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk - C:\Program Files\hp center\137903\Shadow\ShadowBar.exe [2001-11-06 18:46:15 69632]
hp center.lnk - C:\Program Files\hp center\137903\Program\BackWeb-137903.exe [2001-11-06 18:46:17 16384]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
TELUS eCare.lnk - C:\Program Files\TELUS eCare\bin\matcli.exe [2007-11-04 13:58:06 217088]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KLiteGold]
C:\Program Files\KLiteGold\KLiteGold.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Morpheus Ultra]
C:\Program Files\StreamCast\Morpheus Ultra\Morpheus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
wjview /cp:p C:\Program Files\WebSavingsfromEbates\System\Code Main lp: C:\Program Files\WebSavingsfromEbates

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zero Knowledge Freedom]
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Documents and Settings\\Owner\\My Documents\\AVG Anti Virus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\StreamCast\\Morpheus\\mldonkey\\mlnet.exe"=
"C:\\Program Files\\StreamCast\\Morpheus\\MorphEXE.exe"=
"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7682c04-ab81-11db-b055-00e018543d1a}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0f3bf6-0703-11db-8afb-00e018543d1a}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-23 19:21:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 23:59:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-26 0:00:36
ComboFix-quarantined-files.txt 2008-03-26 08:00:08
.
2008-03-12 11:02:41 --- E O F ---[/quote]

Tech Clinic / malware having trouble eliminating HELP

« on: March 26, 2008, 01:18:38 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:47 AM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\usb.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Blooop by pogo - http://game1.pogo.com/v/8.1.6.3/applet/cas...scade-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.5.27/applet/ca...nasta-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/dr...poker-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/v/8.1.5.27/applet/gin2/gin2-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/ma...jong2-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/v/8.1.6.21/applet/fl...inger-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.5.27/applet/po...ppit2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sp...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sq...chies-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/ho...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.0.25/peak...s-ob-assets.cab
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.9.1.18/word...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/v/8.1.6.21/applet/wh...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/v/8.1.5.42/applet/wo...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/wo...class-en_US.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://sympatico.zone.msn.com/bingame/rtlw...bGameLoader.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://sympatico.zone.msn.com/bingame/pppp...rs.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://sympatico.zone.msn.com/bingame/amad...t/atomaders.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://download-games.pogo.com/online2/pog...mesLauncher.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://sympatico.zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://sympatico.zone.msn.com/bingame/zpag...vl.cab55579.cab
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} - http://sympatico.zone.msn.com/bingame/zpag...S2.cab61895.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) - http://zone.msn.com/bingame/zpagames/zpa_catan.cab36135.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong...ameLauncher.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games â€“ Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14373 bytes
ComboFix 08-03-25.2 - Owner 2008-03-25 23:55:17.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.328 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
TimedOut: progfile.dat
-- Script messages for sUBs --
VFind -rtd "C:\Program Files\spycrush*"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\

Tech Clinic / malware having trouble eliminating HELP

« on: March 26, 2008, 01:11:10 AM »

Navipromo Removal version 3.5.1 started on Wed 03/26/2008 at 0:09:22.71Fix running from C:\Program Files\navilog1Session actuelle : "Owner" Actual User Account : "Owner" Updated on 23.03.2008 at 22h00 by IL-MAFIOSOMicrosoft Windows XP [Version 5.1.2600]Internet Explorer : 7.0.5730.11Filesystem type : NTFSAutomatic removal with Catchme and GNS results *** fsbl1.txt not found ***(Check that Catchme found nothing in Search Mode) *** Deleting with Backups GenericNaviSearch results **** Deletion in C:\WINDOWS\System32 ** Deletion in "C:\Documents and Settings\Owner\locals~1\applic~1" * * Deletion in "C:\docume~1\Administrator\locals~1\applic~1" * *** Deleting folders in C:\WINDOWS ****** Deleting folders in C:\Program Files ****** Deleting folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ****** Deleting folders in "C:\Documents and Settings\Owner\applic~1" *** *** Deleting folders in "C:\Documents and Settings\Owner\locals~1\applic~1" *** *** Deleting folders in "C:\Documents and Settings\Owner\startm~1\programs" *** *** Deleting folders in C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs *** *** Deleting files ****** Deleting temporary files ***Cleaning of C:\WINDOWS\Temp done !Cleaning of C:\Documents and Settings\Owner\locals~1\Temp done !*** Complementary Search ***(Search specific files)1)Deletion with backups new Instant Access files:2)Heuristic search and deletion with backups :* In C:\WINDOWS\system32 ** In "C:\Documents and Settings\Owner\locals~1\applic~1" * * In "C:\docume~1\Administrator\locals~1\applic~1" * *** Copy Registry to Backupnavi folder ***Backing up Registry done !*** Cleaning Registry ***Registry cleaned*** Certificates ***Egroup Certificate not found !Electronic-Group Certificate not found !OOO-Favorit Certificate not found !Sunny-Day-Design-Ltd Certificate not found !*** Cleaning stage complete on Wed 03/26/2008 at 0:12:49.46 ***SmitFraudFix v2.308Scan done at 23:47:02.75, Tue 03/25/2008Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe modeÂ»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» SharedTaskScheduler Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dllÂ»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Killing processÂ»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» hosts127.0.0.1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.1001-search.info127.0.0.1 1001-search.info127.0.0.1 www.100888290cs.com127.0.0.1 100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 www.10sek.com127.0.0.1 10sek.com127.0.0.1 www.123topsearch.com127.0.0.1 123topsearch.com127.0.0.1 www.132.com127.0.0.1 132.com127.0.0.1 www.136136.net127.0.0.1 136136.net127.0.0.1 www.139mm.com127.0.0.1 139mm.com127.0.0.1 www.163ns.com127.0.0.1 163ns.com127.0.0.1 171203.com127.0.0.1 17-plus.com127.0.0.1 www.1800searchonline.com127.0.0.1 1800searchonline.com127.0.0.1 www.180searchassistant.com127.0.0.1 180searchassistant.com127.0.0.1 www.180solutions.com127.0.0.1 180solutions.com127.0.0.1 www.181.365soft.info127.0.0.1 181.365soft.info127.0.0.1 www.1987324.com127.0.0.1 1987324.com127.0.0.1 www.1-domains-registrations.com127.0.0.1 1-domains-registrations.com127.0.0.1 www.1-extreme.biz127.0.0.1 1-extreme.biz127.0.0.1 www.1sexparty.com127.0.0.1 1sexparty.com127.0.0.1 www.1stantivirus.com127.0.0.1 1stantivirus.com127.0.0.1 www.1stpagehere.com127.0.0.1 1stpagehere.com127.0.0.1 www.1stsearchportal.com127.0.0.1 1stsearchportal.com127.0.0.1 2.82211.net127.0.0.1 www.2006ooo.com127.0.0.1 www.2007-download.com127.0.0.1 2007-download.com127.0.0.1 www.2020search.com127.0.0.1 2020search.com127.0.0.1 20x2p.com127.0.0.1 www.24.365soft.info127.0.0.1 24.365soft.info127.0.0.1 www.24-7pharmacy.info127.0.0.1 24-7pharmacy.info127.0.0.1 www.24-7searching-and-more.com127.0.0.1 24-7searching-and-more.com127.0.0.1 www.24teen.com127.0.0.1 24teen.com127.0.0.1 www.2every.net127.0.0.1 2every.net127.0.0.1 2ndpower.com127.0.0.1 www.2search.com127.0.0.1 2search.com127.0.0.1 www.2search.org127.0.0.1 2search.org127.0.0.1 www.2squared.com127.0.0.1 2squared.com127.0.0.1 www.3322.org127.0.0.1 3322.org127.0.0.1 365soft.info127.0.0.1 www.36site.com127.0.0.1 36site.com127.0.0.1 3721.com127.0.0.1 39-93.com127.0.0.1 www.3abetterinternet.com127.0.0.1 3abetterinternet.com127.0.0.1 www.3bay.it127.0.0.1 3bay.it127.0.0.1 www.3ebay.it127.0.0.1 3ebay.it127.0.0.1 www.3xclipsonline.com127.0.0.1 3xclipsonline.com127.0.0.1 www.3xcurves.com127.0.0.1 3xcurves.com127.0.0.1 www.3xfestival.com127.0.0.1 3xfestival.com127.0.0.1 www.3x-festival.com127.0.0.1 3x-festival.com127.0.0.1 www.3x-galls.com127.0.0.1 3x-galls.com127.0.0.1 www.3xmiracle.com127.0.0.1 3xmiracle.com127.0.0.1 www.3xmoviesblog.com127.0.0.1 3xmoviesblog.com127.0.0.1 www.404dns.com127.0.0.1 404dns.com127.0.0.1 www.4199.com127.0.0.1 4199.com127.0.0.1 www.4corn.net127.0.0.1 4corn.net127.0.0.1 www.4ebay.it127.0.0.1 4ebay.it127.0.0.1 4klm.com127.0.0.1 www.4mpg.com127.0.0.1 4mpg.com127.0.0.1 www.4repubblica.it127.0.0.1 4repubblica.it127.0.0.1 www.4softget.com127.0.0.1 4softget.com127.0.0.1 www.5iscali.it127.0.0.1 5iscali.it127.0.0.1 www.5repubblica.it127.0.0.1 5repubblica.it127.0.0.1 www.5starvideos.com127.0.0.1 5starvideos.com127.0.0.1 www.5tiscali.it127.0.0.1 5tiscali.it127.0.0.1 www.5zgmu7o20kt5d8yq.com127.0.0.1 5zgmu7o20kt5d8yq.com127.0.0.1 www.680180.net127.0.0.1 680180.net127.0.0.1 www.6iscali.it127.0.0.1 6iscali.it127.0.0.1 www.6njaga.com127.0.0.1 6njaga.com127.0.0.1 www.6sek.com127.0.0.1 6sek.com127.0.0.1 www.6tiscali.it127.0.0.1 6tiscali.it127.0.0.1 www.70-music.com127.0.0.1 70-music.com127.0.0.1 www.7322.com127.0.0.1 7322.com127.0.0.1 75tz.com127.0.0.1 www.777search.com127.0.0.1 777search.com127.0.0.1 www.777top.com127.0.0.1 777top.com127.0.0.1 www.7939.com127.0.0.1 7939.com127.0.0.1 www.7search.com127.0.0.1 7search.com127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com127.0.0.1 www.80-music.com127.0.0.1 80-music.com127.0.0.1 82211.net127.0.0.1 8866.org127.0.0.1 www.888.com127.0.0.1 888.com127.0.0.1 www.8ad.com127.0.0.1 8ad.com127.0.0.1 www.90-music.com127.0.0.1 90-music.com127.0.0.1 www.9505.com127.0.0.1 9505.com127.0.0.1 www.971searchbox.com127.0.0.1 971searchbox.com127.0.0.1 a.bestmanage.org127.0.0.1 www.aaabesthomepage.com127.0.0.1 aaabesthomepage.com127.0.0.1 aaasexypics.com127.0.0.1 www.aaawebfinder.com127.0.0.1 aaawebfinder.com127.0.0.1 www.aaqadarsztriv.com127.0.0.1 aaqadarsztriv.com127.0.0.1 www.aaqada-rsztriv.com127.0.0.1 aaqada-rsztriv.com127.0.0.1 www.aaqadaueorn.com127.0.0.1 aaqadaueorn.com127.0.0.1 www.aaqada-ueorn.com127.0.0.1 aaqada-ueorn.com127.0.0.1 www.aaqada-ygco.com127.0.0.1 aaqada-ygco.com127.0.0.1 www.aaqada-ymct.com127.0.0.1 aaqada-ymct.com127.0.0.1 aavc.com127.0.0.1 www.abcdperformance.com127.0.0.1 abcdperformance.com127.0.0.1 www.abc-find.info127.0.0.1 abc-find.info127.0.0.1 www.abcsearch.com127.0.0.1 abcsearch.com127.0.0.1 www.abetterinternet.com127.0.0.1 abetterinternet.com127.0.0.1 www.abnetsoft.info127.0.0.1 abnetsoft.info127.0.0.1 www.aboutclicker.com127.0.0.1 aboutclicker.com127.0.0.1 www.abrp.net127.0.0.1 abrp.net127.0.0.1 www.absolutee.com127.0.0.1 absolutee.com127.0.0.1 www.abyssmedia.com127.0.0.1 abyssmedia.com127.0.0.1 www.ac66.cn127.0.0.1 ac66.cn127.0.0.1 access.Navinetwork.com127.0.0.1 access.rapid-pass.net127.0.0.1 www.accessactivexvideo.com127.0.0.1 accessactivexvideo.com127.0.0.1 www.accessclips.com127.0.0.1 accessclips.com127.0.0.1 www.access-dvd.com127.0.0.1 access-dvd.com127.0.0.1 www.accesskeygenerator.com127.0.0.1 accesskeygenerator.com127.0.0.1 www.accessorygeeks.com127.0.0.1 accessorygeeks.com127.0.0.1 www.accessthefuture.net127.0.0.1 accessthefuture.net127.0.0.1 www.accessvid.net127.0.0.1 accessvid.net127.0.0.1 www.acemedic.com127.0.0.1 acemedic.com127.0.0.1 www.ace-webmaster.com127.0.0.1 ace-webmaster.com127.0.0.1 acjp.com127.0.0.1 www.acrobat-2007.com127.0.0.1 acrobat-2007.com127.0.0.1 www.acrobat-8.com127.0.0.1 acrobat-8.com127.0.0.1 www.acrobat-center.com127.0.0.1 acrobat-center.com127.0.0.1 www.acrobat-hq.com127.0.0.1 acrobat-hq.com127.0.0.1 www.acrobatreader-8.com127.0.0.1 acrobatreader-8.com127.0.0.1 www.acrobat-reader-8.de127.0.0.1 acrobat-reader-8.de127.0.0.1 www.acrobat-stop.com127.0.0.1 acrobat-stop.com127.0.0.1 www.actionbreastcancer.org127.0.0.1 actionbreastcancer.org127.0.0.1 www.activesearcher.info127.0.0.1 activesearcher.info127.0.0.1 www.activexaccessobject.com127.0.0.1 activexaccessobject.com127.0.0.1 www.activexaccessvideo.com127.0.0.1 activexaccessvideo.com127.0.0.1 www.activexemedia.com127.0.0.1 activexemedia.com127.0.0.1 www.activexmediaobject.com127.0.0.1 activexmediaobject.com127.0.0.1 www.activexmediapro.com127.0.0.1 activexmediapro.com127.0.0.1 www.activexmediasite.com127.0.0.1 activexmediasite.com127.0.0.1 www.activexmediasoftware.com127.0.0.1 activexmediasoftware.com127.0.0.1 www.activexmediasource.com127.0.0.1 activexmediasource.com127.0.0.1 www.activexmediatool.com127.0.0.1 activexmediatool.com127.0.0.1 www.activexmediatour.com127.0.0.1 activexmediatour.com127.0.0.1 www.activexsoftwares.com127.0.0.1 activexsoftwares.com127.0.0.1 www.activexsource.com127.0.0.1 activexsource.com127.0.0.1 www.activexupdate.com127.0.0.1 activexupdate.com127.0.0.1 www.activexvideo.com127.0.0.1 activexvideo.com127.0.0.1 www.activexvideotool.com127.0.0.1 activexvideotool.com127.0.0.1 www.ad.marketingsector.com127.0.0.1 ad.marketingsector.com127.0.0.1 www.ad.mokead.com127.0.0.1 ad.mokead.com127.0.0.1 ad.oinadserver.com127.0.0.1 ad.outerinfoads.com127.0.0.1 www.ad25.com127.0.0.1 ad25.com127.0.0.1 www.ad45.com127.0.0.1 ad45.com127.0.0.1 www.ad77.com127.0.0.1 ad77.com127.0.0.1 www.ad86.com127.0.0.1 ad86.com127.0.0.1 www.adamsupportgroup.org127.0.0.1 adamsupportgroup.org127.0.0.1 www.adarmor.com127.0.0.1 adarmor.com127.0.0.1 www.adasearch.com127.0.0.1 adasearch.com127.0.0.1 adaware.cc127.0.0.1 www.adawarenow.com127.0.0.1 adawarenow.com127.0.0.1 adchannel.contextplus.net127.0.0.1 www.addetect.com127.0.0.1 addetect.com127.0.0.1 www.add-hhh.info127.0.0.1 add-hhh.info127.0.0.1 www.addictivetechnologies.com127.0.0.1 addictivetechnologies.com127.0.0.1 www.addictivetechnologies.net127.0.0.1 addictivetechnologies.net127.0.0.1 www.addioerrori.com127.0.0.1 addioerrori.com127.0.0.1 www.add-manager.com127.0.0.1 add-manager.com127.0.0.1 www.adgate.info127.0.0.1 adgate.info127.0.0.1 www.adintelligence.net127.0.0.1 adintelligence.net127.0.0.1 www.adioserrores.com127.0.0.1 adioserrores.com127.0.0.1 www.adipics.com127.0.0.1 adipics.com127.0.0.1 www.adlogix.com127.0.0.1 adlogix.com127.0.0.1 www.admin2cash.biz127.0.0.1 admin2cash.biz127.0.0.1 adnet-plus.com127.0.0.1 www.adnetserver.com127.0.0.1 adnetserver.com127.0.0.1 adobe-download-now.com127.0.0.1 www.adobe-downloads.com127.0.0.1 adobe-downloads.com127.0.0.1 www.adobe-reader-8.fr127.0.0.1 adobe-reader-8.fr127.0.0.1 www.adprotect.com127.0.0.1 adprotect.com127.0.0.1 ads.centralmedia.ws127.0.0.1 ads.k8l.info127.0.0.1 ads.kmpads.com127.0.0.1 ads.kw.revenue.net127.0.0.1 ads.marketingsector.com127.0.0.1 ads.searchingbooth.com127.0.0.1 ads.z-quest.com127.0.0.1 ads1.revenue.net127.0.0.1 www.ads183.com127.0.0.1 ads183.com127.0.0.1 www.adscontex.com127.0.0.1 adscontex.com127.0.0.1 www.adservices1.enhance.com127.0.0.1 adservices1.enhance.com127.0.0.1 adservs.com127.0.0.1 www.adsextend.net127.0.0.1 adsextend.net127.0.0.1 www.adshttp.com127.0.0.1 adshttp.com127.0.0.1 www.adsniffer.com127.0.0.1 adsniffer.com127.0.0.1 www.adsonwww.com127.0.0.1 adsonwww.com127.0.0.1 www.adspics.com127.0.0.1 adspics.com127.0.0.1 www.adsrevenue.net127.0.0.1 adsrevenue.net127.0.0.1 www.adtrak.net127.0.0.1 adtrak.net127.0.0.1 adtrgt.com127.0.0.1 www.adult777search.info127.0.0.1 adult777search.info127.0.0.1 www.adultan.com127.0.0.1 adultan.com127.0.0.1 www.adult-engine-search.com127.0.0.1 adult-engine-search.com127.0.0.1 www.adult-erotic-guide.net127.0.0.1 adult-erotic-guide.net127.0.0.1 www.adultfilmsite.com127.0.0.1 adultfilmsite.com127.0.0.1 www.adult-friends-finder.net127.0.0.1 adult-friends-finder.net127.0.0.1 adultgambling.org127.0.0.1 adult-host.org127.0.0.1 www.adulthyperlinks.com127.0.0.1 adulthyperlinks.com127.0.0.1 www.adultmovieplus.com127.0.0.1 adultmovieplus.com127.0.0.1 www.adult-mpg.net127.0.0.1 adult-mpg.net127.0.0.1 adult-personal.us127.0.0.1 adultsgames.net127.0.0.1 www.adultsonlyvids.com127.0.0.1 adultsonlyvids.com127.0.0.1 www.adultsper.com127.0.0.1 adultsper.com127.0.0.1 www.adulttds.com127.0.0.1 adulttds.com127.0.0.1 www.adultzoneworld.com127.0.0.1 adultzoneworld.com127.0.0.1 www.advcash.biz127.0.0.1 advcash.biz127.0.0.1 advert.exaccess.ru127.0.0.1 www.advertisemoney.info127.0.0.1 advertisemoney.info127.0.0.1 advertising.paltalk.com127.0.0.1 www.advertising-money.info127.0.0.1 advertising-money.info127.0.0.1 ad-ware.cc127.0.0.1 www.ad-w-a-r-e.com127.0.0.1 ad-w-a-r-e.com127.0.0.1 www.a-d-w-a-r-e.com127.0.0.1 a-d-w-a-r-e.com127.0.0.1 www.adware.pro127.0.0.1 adware.pro127.0.0.1 www.adwarealert.com127.0.0.1 adwarealert.com127.0.0.1 www.ad-warealert.com127.0.0.1 ad-warealert.com127.0.0.1 www.adwarearrest.com127.0.0.1 adwarearrest.com127.0.0.1 www.adwarebazooka.com127.0.0.1 adwarebazooka.com127.0.0.1 www.adwarecommander.com127.0.0.1 adwarecommander.com127.0.0.1 www.adwarefinder.com127.0.0.1 adwarefinder.com127.0.0.1 www.adwaregold.com127.0.0.1 adwaregold.com127.0.0.1 www.adwarepatrol.com127.0.0.1 adwarepatrol.com127.0.0.1 www.adwareplatinum.com127.0.0.1 adwareplatinum.com127.0.0.1 www.adwareprotectionsite.com127.0.0.1 adwareprotectionsite.com127.0.0.1 www.adwarepunisher.com127.0.0.1 adwarepunisher.com127.0.0.1 www.adwareremover.ws127.0.0.1 adwareremover.ws127.0.0.1 www.adwaresafety.com127.0.0.1 adwaresafety.com127.0.0.1 www.adwarexp.com127.0.0.1 adwarexp.com127.0.0.1 affiliate.idownload.com127.0.0.1 www.aflgate.com127.0.0.1 aflgate.com127.0.0.1 africaspromise.org127.0.0.1 agava.com127.0.0.1 agava.ru127.0.0.1 agentstudio.com127.0.0.1 www.aginegialle.it127.0.0.1 aginegialle.it127.0.0.1 aifind.info127.0.0.1 www.aifind.info127.0.0.1 www.airtleworld.com127.0.0.1 airtleworld.com127.0.0.1 www.aitalia.it127.0.0.1 aitalia.it127.0.0.1 akamai.downloadv3.com127.0.0.1 www.aklitalia.it127.0.0.1 aklitalia.it127.0.0.1 akril.com127.0.0.1 alcatel.ws127.0.0.1 www.alertspy.com127.0.0.1 alertspy.com127.0.0.1 www.alfacleaner.com127.0.0.1 alfacleaner.com127.0.0.1 alfa-search.com127.0.0.1 www.alialia.it127.0.0.1 alialia.it127.0.0.1 www.aliotalia.it127.0.0.1 aliotalia.it127.0.0.1 www.alirtalia.it127.0.0.1 alirtalia.it127.0.0.1 www.alitaia.it127.0.0.1 alitaia.it127.0.0.1 www.alitaklia.it127.0.0.1 alitaklia.it127.0.0.1 www.alitala.it127.0.0.1 alitala.it127.0.0.1 www.alitali.it127.0.0.1 alitali.it127.0.0.1 www.alitaliaq.it127.0.0.1 alitaliaq.it127.0.0.1 www.alitalias.it127.0.0.1 alitalias.it127.0.0.1 www.alitaliaz.it127.0.0.1 alitaliaz.it127.0.0.1 www.alitalioa.it127.0.0.1 alitalioa.it127.0.0.1 www.alitalisa.it127.0.0.1 alitalisa.it127.0.0.1 www.alitaliua.it127.0.0.1 alitaliua.it127.0.0.1 www.alitalkia.it127.0.0.1 alitalkia.it127.0.0.1 www.alitaloia.it127.0.0.1 alitaloia.it127.0.0.1 www.alitaluia.it127.0.0.1 alitaluia.it127.0.0.1 www.alitaslia.it127.0.0.1 alitaslia.it127.0.0.1 www.alitlia.it127.0.0.1 alitlia.it127.0.0.1 www.alitralia.it127.0.0.1 alitralia.it127.0.0.1 www.alitsalia.it127.0.0.1 alitsalia.it127.0.0.1 www.aliutalia.it127.0.0.1 aliutalia.it127.0.0.1 www.ALL1COUNT.NET127.0.0.1 ALL1COUNT.NET127.0.0.1 www.all4internet.com127.0.0.1 all4internet.com127.0.0.1 allabtcars.com127.0.0.1 allabtjeeps.com127.0.0.1 www.all-bittorrent.com127.0.0.1 all-bittorrent.com127.0.0.1 www.allcollisions.com127.0.0.1 allcollisions.com127.0.0.1 allcybersearch.com127.0.0.1 www.allcybersearch.com127.0.0.1 www.alldnserrors.com127.0.0.1 alldnserrors.com127.0.0.1 www.all-downloads-now.com127.0.0.1 all-downloads-now.com127.0.0.1 www.all-edonkey.com127.0.0.1 all-edonkey.com127.0.0.1 www.allertaminacce.com127.0.0.1 allertaminacce.com127.0.0.1 allforadult.com127.0.0.1 allhyperlinks.com127.0.0.1 www.alliesecurity.com127.0.0.1 alliesecurity.com127.0.0.1 all-inet.com127.0.0.1 allinternetbusiness.com127.0.0.1 www.all-limewire.com127.0.0.1 all-limewire.com127.0.0.1 www.allmegabucks.com127.0.0.1 allmegabucks.com127.0.0.1 www.allprotections.com127.0.0.1 allprotections.com127.0.0.1 www.allresultz.net127.0.0.1 allresultz.net127.0.0.1 www.allsearch.us127.0.0.1 allsearch.us127.0.0.1 www.allsecuritynotes.com127.0.0.1 allsecuritynotes.com127.0.0.1 www.allsecuritysite.com127.0.0.1 allsecuritysite.com127.0.0.1 www.allstarsvideos.net127.0.0.1 allstarsvideos.net127.0.0.1 www.alltiettantivirus.com127.0.0.1 alltiettantivirus.com127.0.0.1 www.alltruesoftware.com127.0.0.1 alltruesoftware.com127.0.0.1 www.allvideoactivex.com127.0.0.1 allvideoactivex.com127.0.0.1 www.almanah.biz127.0.0.1 almanah.biz127.0.0.1 almarvideos.com127.0.0.1 www.aloitalia.it127.0.0.1 aloitalia.it127.0.0.1 www.aluitalia.it127.0.0.1 aluitalia.it127.0.0.1 www.amaena.com127.0.0.1 amaena.com127.0.0.1 amandamountains.com127.0.0.1 www.amateurliveshow.com127.0.0.1 amateurliveshow.com127.0.0.1 www.amediasoftware.com127.0.0.1 amediasoftware.com127.0.0.1 www.amediasource.com127.0.0.1 amediasource.com127.0.0.1 www.americanautobargains.com127.0.0.1 americanautobargains.com127.0.0.1 www.americancarbargains.com127.0.0.1 americancarbargains.com127.0.0.1 american-teens.net127.0.0.1 amigeek.com127.0.0.1 www.amigobore.com127.0.0.1 amigobore.com127.0.0.1 amisbusiness.com127.0.0.1 www.ampmsearch.com127.0.0.1 ampmsearch.com127.0.0.1 www.analcord.com127.0.0.1 analcord.com127.0.0.1 analmovi.com127.0.0.1 www.anarchylolita.com127.0.0.1 anarchylolita.com127.0.0.1 anarchyporn.com127.0.0.1 www.andromedical.com127.0.0.1 andromedical.com127.0.0.1 www.animepornmag.com127.0.0.1 animepornmag.com127.0.0.1 anin.org127.0.0.1 www.anjpn-avxiz.biz127.0.0.1 anjpn-avxiz.biz127.0.0.1 www.anjpnzqav.biz127.0.0.1 anjpnzqav.biz127.0.0.1 www.anjpn-zqav.biz127.0.0.1 anjpn-zqav.biz127.0.0.1 annaromeo.com127.0.0.1 www.antiddos.us127.0.0.1 antiddos.us127.0.0.1 www.Antiespiadorado.com127.0.0.1 Antiespiadorado.com127.0.0.1 www.Antiespionspack.com127.0.0.1 Antiespionspack.com127.0.0.1 www.Antigusanos2008.com127.0.0.1 Antigusanos2008.com127.0.0.1 www.antispamassistant.com127.0.0.1 antispamassistant.com127.0.0.1 www.antispamdeluxe.com127.0.0.1 antispamdeluxe.com127.0.0.1 www.Antispionage.com127.0.0.1 Antispionage.com127.0.0.1 www.Antispionagepro.com127.0.0.1 Antispionagepro.com127.0.0.1 www.antispyadvanced.com127.0.0.1 antispyadvanced.com127.0.0.1 www.antispydns.biz127.0.0.1 antispydns.biz127.0.0.1 www.antispylab.com127.0.0.1 antispylab.com127.0.0.1 www.antispysolutions.com127.0.0.1 antispysolutions.com127.0.0.1 www.antispyware.com127.0.0.1 antispyware.com127.0.0.1 www.antispywareboot.com127.0.0.1 antispywareboot.com127.0.0.1 www.antispywarebot.com127.0.0.1 antispywarebot.com127.0.0.1 www.antispywarebox.com127.0.0.1 antispywarebox.com127.0.0.1 www.antispywaredownloads.com127.0.0.1 antispywaredownloads.com127.0.0.1 antispywaresuite.com127.0.0.1 www.antispywaresuite.com127.0.0.1 Antispywaresuite.com127.0.0.1 www.Antispywaresuite.com127.0.0.1 www.antispywareupdates.net127.0.0.1 antispywareupdates.net127.0.0.1 www.antispywarexp.com127.0.0.1 antispywarexp.com127.0.0.1 www.Antispyweb.net127.0.0.1 Antispyweb.net127.0.0.1 www.Antiver2008.com127.0.0.1 Antiver2008.com127.0.0.1 www.antivermins.com127.0.0.1 antivermins.com127.0.0.1 www.anti-vermins.com127.0.0.1 anti-vermins.com127.0.0.1 www.antivir2007.com127.0.0.1 antivir2007.com127.0.0.1 www.antivirgear.com127.0.0.1 antivirgear.com127.0.0.1 www.antivirus.fastfreedownload.com127.0.0.1 antivirus.fastfreedownload.com127.0.0.1 www.antivirusadvance.com127.0.0.1 antivirusadvance.com127.0.0.1 www.antivirusaskeladd.com127.0.0.1 antivirusaskeladd.com127.0.0.1 www.antivirusgereedschap.com127.0.0.1 antivirusgereedschap.com127.0.0.1 www.antivirusgolden.com127.0.0.1 antivirusgolden.com127.0.0.1 www.antivirus-hq.net127.0.0.1 antivirus-hq.net127.0.0.1 www.antiviruspcsuite.com127.0.0.1 antiviruspcsuite.com127.0.0.1 www.antiviruspremium.com127.0.0.1 antiviruspremium.com127.0.0.1 www.anti-virus-pro.com127.0.0.1 anti-virus-pro.com127.0.0.1 www.antivirusprotector.com127.0.0.1 antivirusprotector.com127.0.0.1 www.antivirusscherm.com127.0.0.1 antivirusscherm.com127.0.0.1 www.antivirussecuritypro.com127.0.0.1 antivirussecuritypro.com127.0.0.1 www.antivirus-stop.com127.0.0.1 antivirus-stop.com127.0.0.1 antiworm2008.com127.0.0.1 www.antiworm2008.com127.0.0.1 Antiworm2008.com127.0.0.1 www.Antiworm2008.com127.0.0.1 www.Antiwurm2008.com127.0.0.1 Antiwurm2008.com127.0.0.1 antrocity.com127.0.0.1 www.anyofus.com127.0.0.1 anyofus.com127.0.0.1 www.anysn.seproger.com127.0.0.1 anysn.seproger.com127.0.0.1 anything4health.com127.0.0.1 www.apicpreview.com127.0.0.1 apicpreview.com127.0.0.1 www.appealcircuit.com127.0.0.1 appealcircuit.com127.0.0.1 www.approvedlinks.com127.0.0.1 approvedlinks.com127.0.0.1 apps.deskwizz.com127.0.0.1 apps.webservicehost.com127.0.0.1 www.aprotectedpage.com127.0.0.1 aprotectedpage.com127.0.0.1 apsua.com127.0.0.1 www.archivioadulti.com127.0.0.1 archivioadulti.com127.0.0.1 www.archiviosex.net127.0.0.1 archiviosex.net127.0.0.1 aregay.com127.0.0.1 www.ares.click-new-download.com127.0.0.1 ares.click-new-download.com127.0.0.1 www.ares-freebie.com127.0.0.1 ares-freebie.com127.0.0.1 www.arespro2007.com127.0.0.1 arespro2007.com127.0.0.1 www.aresultra.com127.0.0.1 aresultra.com127.0.0.1 www.ares-usa.com127.0.0.1 ares-usa.com127.0.0.1 arheo.com127.0.0.1 arizonaweb.org127.0.0.1 armitageinn.com127.0.0.1 www.arquivojpgs.smtp.ru127.0.0.1 arquivojpgs.smtp.ru127.0.0.1 artachnid.com127.0.0.1 art-func.com127.0.0.1 art-xxx.com127.0.0.1 www.asafebrowser.com127.0.0.1 asafebrowser.com127.0.0.1 www.asafetyalways.com127.0.0.1 asafetyalways.com127.0.0.1 www.asafetynotice.com127.0.0.1 asafetynotice.com127.0.0.1 www.asafetypage.com127.0.0.1 asafetypage.com127.0.0.1 www.asdbiz.biz127.0.0.1 asdbiz.biz127.0.0.1 www.asdeykuddq.com127.0.0.1 asdeykuddq.com127.0.0.1 www.asecurebar.com127.0.0.1 asecurebar.com127.0.0.1 www.asecureboard.com127.0.0.1 asecureboard.com127.0.0.1 www.asecurevalue.com127.0.0.1 asecurevalue.com127.0.0.1 www.asecurityissue.com127.0.0.1 asecurityissue.com127.0.0.1 www.asecuritynotice.com127.0.0.1 asecuritynotice.com127.0.0.1 www.asecuritypaper.com127.0.0.1 asecuritypaper.com127.0.0.1 www.asecuritystuff.com127.0.0.1 asecuritystuff.com127.0.0.1 asiankingkong.com127.0.0.1 www.asianpornmag.com127.0.0.1 asianpornmag.com127.0.0.1 www.asiantoolbar.com127.0.0.1 asiantoolbar.com127.0.0.1 www.asidseiupc.com127.0.0.1 asidseiupc.com127.0.0.1 www.aslitalia.it127.0.0.1 aslitalia.it127.0.0.1 ass-gals.com127.0.0.1 www.assureprotection.com127.0.0.1 assureprotection.com127.0.0.1 asta-killer.com127.0.0.1 www.asupereva.it127.0.0.1 asupereva.it127.0.0.1 www.ataprogram.com127.0.0.1 ataprogram.com127.0.0.1 athenrye.com127.0.0.1 www.atotalsafety.com127.0.0.1 atotalsafety.com127.0.0.1 www.atrueprotection.com127.0.0.1 atrueprotection.com127.0.0.1 www.atruesecurity.com127.0.0.1 atruesecurity.com127.0.0.1 www.attackware.com127.0.0.1 attackware.com127.0.0.1 www.attrezzi.biz127.0.0.1 attrezzi.biz127.0.0.1 www.aucunsvirus.com127.0.0.1 aucunsvirus.com127.0.0.1 www.aulde.net127.0.0.1 aulde.net127.0.0.1 www.aupereva.it127.0.0.1 aupereva.it127.0.0.1 www.autobargains.org127.0.0.1 autobargains.org127.0.0.1 www.autobargainsnetwork.com127.0.0.1 autobargainsnetwork.com127.0.0.1 www.autocontext.begun.ru127.0.0.1 autocontext.begun.ru127.0.0.1 autoescrowpay.com127.0.0.1 www.avadvance.com127.0.0.1 avadvance.com127.0.0.1 www.avast.free-software-center.com127.0.0.1 avast.free-software-center.com127.0.0.1 www.avast-2007.com127.0.0.1 avast-2007.com127.0.0.1 www.avast-downloads.com127.0.0.1 avast-downloads.com127.0.0.1 www.avast-hq.com127.0.0.1 avast-hq.com127.0.0.1 www.avforce.com127.0.0.1 avforce.com127.0.0.1 www.avg.grab-it-today.net127.0.0.1 avg.grab-it-today.net127.0.0.1 www.avg.softwarecenterz.com127.0.0.1 avg.softwarecenterz.com127.0.0.1 www.avg-secure.com127.0.0.1 avg-secure.com127.0.0.1 avian-ads.com127.0.0.1 www.avideoaxaccess.com127.0.0.1 avideoaxaccess.com127.0.0.1 www.avideosurfer.com127.0.0.1 avideosurfer.com127.0.0.1 www.aviewersoft.com127.0.0.1 aviewersoft.com127.0.0.1 www.avpcheckupdate.com127.0.0.1 avpcheckupdate.com127.0.0.1 www.avsmanufacture.com127.0.0.1 avsmanufacture.com127.0.0.1 www.avsystemcare.com127.0.0.1 avsystemcare.com127.0.0.1 www.avxizaaqada.biz127.0.0.1 avxizaaqada.biz127.0.0.1 www.avxiz-anjpn.biz127.0.0.1 avxiz-anjpn.biz127.0.0.1 www.avxizueorn.biz127.0.0.1 avxizueorn.biz127.0.0.1 www.avxiz-ueorn.biz127.0.0.1 avxiz-ueorn.biz127.0.0.1 www.avxiz-vtvcp.biz127.0.0.1 avxiz-vtvcp.biz127.0.0.1 www.avxiz-ygco.biz127.0.0.1 avxiz-ygco.biz127.0.0.1 www.avxiz-zqav.biz127.0.0.1 avxiz-zqav.biz127.0.0.1 www.awarenesstech.com127.0.0.1 awarenesstech.com127.0.0.1 www.awarninglist.com127.0.0.1 awarninglist.com127.0.0.1 awbeta.net-nucleus.com127.0.0.1 www.awesomehomepage.com127.0.0.1 awesomehomepage.com127.0.0.1 awmcash.biz127.0.0.1 awmdabest.com127.0.0.1 www.axemediasoftware.com127.0.0.1 axemediasoftware.com127.0.0.1 www.aximageobject.com127.0.0.1 aximageobject.com127.0.0.1 www.axmediaproject.com127.0.0.1 axmediaproject.com127.0.0.1 www.axmediasoftware.com127.0.0.1 axmediasoftware.com127.0.0.1 www.axmediasolutions.com127.0.0.1 axmediasolutions.com127.0.0.1 www.axobjectpage.com127.0.0.1 axobjectpage.com127.0.0.1 www.axobjectsource.com127.0.0.1 axobjectsource.com127.0.0.1 www.axsoftwaretool.com127.0.0.1 axsoftwaretool.com127.0.0.1 www.axvideoproject.com127.0.0.1 axvideoproject.com127.0.0.1 www.axvideosetup.com127.0.0.1 axvideosetup.com127.0.0.1 ayakawamura.com127.0.0.1 ayb.dns-look-up.com127.0.0.1 ayb.netbios-wait.com127.0.0.1 ayumitaniguchi.com127.0.0.1 azebar.com127.0.0.1 www.azureusclub.com127.0.0.1 azureusclub.com127.0.0.1 www.azureus-freebie.com127.0.0.1 azureus-freebie.com127.0.0.1 www.azzetta.it127.0.0.1 azzetta.it127.0.0.1 b.casalemedia.com127.0.0.1 b122.mcboo.com127.0.0.1 www.babe.k-lined.com127.0.0.1 babe.k-lined.com127.0.0.1 www.babe.the-killer.bz127.0.0.1 babe.the-killer.bz127.0.0.1 www.babenet.com127.0.0.1 babenet.com127.0.0.1 www.babespornmag.com127.0.0.1 babespornmag.com127.0.0.1 www.babeweb.de127.0.0.1 babeweb.de127.0.0.1 www.baccarat-other.info127.0.0.1 baccarat-other.info127.0.0.1 www.Backstripgirls.com127.0.0.1 Backstripgirls.com127.0.0.1 backup.mabou.org127.0.0.1 www.balotierra.com127.0.0.1 balotierra.com127.0.0.1 bannedhost.net127.0.0.1 barbudafarms.com127.0.0.1 www.bardownload.com127.0.0.1 bardownload.com127.0.0.1 barnandfence.com127.0.0.1 batsearch.com127.0.0.1 baygraphicsllc.com127.0.0.1 bbbsearch.com127.0.0.1 bb-search.com127.0.0.1 www.bcnproduction.com127.0.0.1 bcnproduction.com127.0.0.1 bdsmlibrary.net127.0.0.1 www.bdsmpornmag.com127.0.0.1 bdsmpornmag.com127.0.0.1 www.bearshare.click-new-download.com127.0.0.1 bearshare.click-new-download.com127.0.0.1 www.bearshare.download-me.info127.0.0.1 bearshare.download-me.info127.0.0.1 www.bearshare.mp3-muzic.com127.0.0.1 bearshare.mp3-muzic.com127.0.0.1 www.bearshare-download.org127.0.0.1 bearshare-download.org127.0.0.1 www.bearshare-downloads.net127.0.0.1 bearshare-downloads.net127.0.0.1 www.bearsharelive.co.uk127.0.0.1 bearsharelive.co.uk127.0.0.1 www.bearshare-music-downloads.com127.0.0.1 bearshare-music-downloads.com127.0.0.1 www.bearsharepro2007.com127.0.0.1 bearsharepro2007.com127.0.0.1 www.bearshare-usa.com127.0.0.1 bearshare-usa.com127.0.0.1 bedhome.com127.0.0.1 bediadance.com127.0.0.1 www.beebappyy.biz127.0.0.1 beebappyy.biz127.0.0.1 www.begin2search.com127.0.0.1 begin2search.com127.0.0.1 bellabasketsfl.com127.0.0.1 bernaolatwin.com127.0.0.1 www.beruijindegunhadesun.com127.0.0.1 beruijindegunhadesun.com127.0.0.1 www.best3xclips.com127.0.0.1 best3xclips.com127.0.0.1 www.bestadults.com127.0.0.1 bestadults.com127.0.0.1 best-counter.com127.0.0.1 bestcrawler.com127.0.0.1 www.bestdailyvids.com127.0.0.1 bestdailyvids.com127.0.0.1 bestfor.ru127.0.0.1 www.best[censored]vids.com127.0.0.1 best[censored]vids.com127.0.0.1 best-hardpics.com127.0.0.1 www.bestmanage.org127.0.0.1 bestmanage.org127.0.0.1 www.bestmanage0.org127.0.0.1 bestmanage0.org127.0.0.1 www.bestmanage1.org127.0.0.1 bestmanage1.org127.0.0.1 www.bestmanage2.org127.0.0.1 bestmanage2.org127.0.0.1 www.bestmanage3.org127.0.0.1 bestmanage3.org127.0.0.1 www.bestmanage4.org127.0.0.1 bestmanage4.org127.0.0.1 www.bestmanage5.org127.0.0.1 bestmanage5.org127.0.0.1 www.bestmanage6.org127.0.0.1 bestmanage6.org127.0.0.1 www.bestmanage7.org127.0.0.1 bestmanage7.org127.0.0.1 www.bestmanage8.org127.0.0.1 bestmanage8.org127.0.0.1 www.bestmanage9.org127.0.0.1 bestmanage9.org127.0.0.1 www.bestoffersnetworks.com127.0.0.1 bestoffersnetworks.com127.0.0.1 bestporngate.com127.0.0.1 www.bestsafetyguide.net127.0.0.1 bestsafetyguide.net127.0.0.1 www.bestsearch.cc127.0.0.1 bestsearch.cc127.0.0.1 www.best-spyware.info127.0.0.1 best-spyware.info127.0.0.1 www.best-targeted-traffic.com127.0.0.1 best-targeted-traffic.com127.0.0.1 www.best-voyeur.info127.0.0.1 best-voyeur.info127.0.0.1 bestweblinks.com127.0.0.1 best-winning-casino.com127.0.0.1 www.bestworldgirls-for-u.net127.0.0.1 bestworldgirls-for-u.net127.0.0.1 www.bestxclips.com127.0.0.1 bestxclips.com127.0.0.1 bestxporno.com127.0.0.1 www.bestxxxmpegs.com127.0.0.1 bestxxxmpegs.com127.0.0.1 www.bettersearch.biz127.0.0.1 bettersearch.biz127.0.0.1 www.bgazzetta.it127.0.0.1 bgazzetta.it127.0.0.1 www.bgoogle.it127.0.0.1 bgoogle.it127.0.0.1 www.bigtrafficnetwork.com127.0.0.1 bigtrafficnetwork.com127.0.0.1 www.bigwww.com127.0.0.1 bigwww.com127.0.0.1 bin.errorprotector.com127.0.0.1 bins.media-motor.net127.0.0.1 bins2.media-motor.net127.0.0.1 bis.180solutions.com127.0.0.1 bitchesonline.net127.0.0.1 www.bitcomet-freebie.com127.0.0.1 bitcomet-freebie.com127.0.0.1 www.bittorrent.click-new-download.com127.0.0.1 bittorrent.click-new-download.com127.0.0.1 biz.biz127.0.0.1

Tech Clinic / malware having trouble eliminating HELP

« on: March 26, 2008, 12:16:16 AM »

will do. thanks for the help!

Tech Clinic / malware having trouble eliminating HELP

« on: March 25, 2008, 11:50:03 PM »

Search Navipromo version 3.5.1 began on Tue 03/25/2008 at 22:43:10.15

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Actual User Account : "Owner"

Updated on 23.03.2008 at 22h00 by IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 7.0.5730.11
Filesystem type : NTFS

Done in normal mode

*** Searching for installed Software ***

*** Search folders in C:\WINDOWS ***

*** Search folders in C:\Program Files ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Search folders in "C:\Documents and Settings\Owner\applic~1" ***

*** Search folders in "C:\Documents and Settings\Owner\locals~1\applic~1" ***

*** Search folders in "C:\Documents and Settings\Owner\startm~1\programs" ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found

*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in C:\WINDOWS\system32 *

* Scan in "C:\Documents and Settings\Owner\locals~1\applic~1" *

* Scan in "C:\docume~1\Administrator\locals~1\applic~1" *

*** Search files ***

C:\WINDOWS\Downloaded Program Files\EGAUTH.inf found !
C:\WINDOWS\tmlpcert2005 found !
C:\WINDOWS\system32\mseggrpid.dll found !

*** Search specific Registry keys ***

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :

2)Heuristic Search :

* In C:\WINDOWS\system32 :

* In "C:\Documents and Settings\Owner\locals~1\applic~1" :

* In ""C:\docume~1\Administrator\locals~1\applic~1"" :

3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :

*** Search completed on Tue 03/25/2008 at 22:57:28.60 ***

Tech Clinic / malware having trouble eliminating HELP

« on: March 25, 2008, 11:25:42 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:55 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/new_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {BE0C6EB3-C144-49D4-8ED9-801906A00A31} - C:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: Media Player Classic - {D2A8552D-4340-413E-B94E-245827FBC269} - C:\WINDOWS\ausctv32a.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\MORPHE~1.DLL (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Vvwwwgf] C:\Program Files\Bqxq\Xlmsg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a3drt17h] C:\WINDOWS\System32\a3drt17h.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1035.dll,InstantAccess
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=zuzeb004YYCA
O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - java script:{document.location='http://neosexvideo.com/webmasters/df044/access.htm';}
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Blooop by pogo - http://game1.pogo.com/v/8.1.6.3/applet/cas...scade-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.5.27/applet/ca...nasta-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/dr...poker-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/v/8.1.5.27/applet/gin2/gin2-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/ma...jong2-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/v/8.1.6.21/applet/fl...inger-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.5.27/applet/po...ppit2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sp...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sq...chies-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/ho...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.0.25/peak...s-ob-assets.cab
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.9.1.18/word...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/v/8.1.6.21/applet/wh...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/v/8.1.5.42/applet/wo...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/wo...class-en_US.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EC..._1015_EN_XP.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://sympatico.zone.msn.com/bingame/rtlw...bGameLoader.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://sympatico.zone.msn.com/bingame/pppp...rs.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/068a14a671217e...ip/RdxIE601.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://sympatico.zone.msn.com/bingame/amad...t/atomaders.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://download-games.pogo.com/online2/pog...mesLauncher.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://sympatico.zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://sympatico.zone.msn.com/bingame/zpag...vl.cab55579.cab
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} - http://sympatico.zone.msn.com/bingame/zpag...S2.cab61895.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) - http://zone.msn.com/bingame/zpagames/zpa_catan.cab36135.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong...ameLauncher.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games â€“ Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.boomspeed.com/sfhelpers/backgrounds/582.gif

--
End of file - 17070 bytes

Tech Clinic / malware having trouble eliminating HELP

« on: March 25, 2008, 03:06:45 PM »

I have a malware that has imbedded itself on my computer. I have run AGC and Spybot and elminated the following files: egcomlib_1035.dll, secure.exe, oggview.dll, Files Secure 2.1.lnk. Spybot detected and supposedly corrected win32.agent.gvu but it keeps returning. Whenever I open Internet Explorer or switch sites on explorer the following message appears "Your computer was infected by an unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download the antispyware program." When I have opened thiswindow it appears to be a prompt to purchase IEDefender. Any help would be appreciated. Attached is a copy of a Hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:58:55 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\usb.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\Antivirus\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.mytelus.com/new_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch

-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} -

C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164

\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-

us\msntb.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {BE0C6EB3-C144-49D4-8ED9-801906A00A31} -

C:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: Media Player Classic - {D2A8552D-4340-413E-B94E-245827FBC269} -

C:\WINDOWS\ausctv32a.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1

\MORPHE~1\MORPHE~1.DLL (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program

Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} -

C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [navapp] C:\Program

Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Vvwwwgf] C:\Program Files\Bqxq\Xlmsg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a3drt17h] C:\WINDOWS\System32\a3drt17h.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch

Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -

atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1

\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02

\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-

Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Instant Access] rundll32.exe

EGCOMLIB_1035.dll,InstantAccess
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program

Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1

\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared

Files\CamTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6

\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

/RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning]

C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC

Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning]

C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903

\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903

\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS

eCare\bin\matcli.exe
O8 - Extra context menu item: &Search -

http://bar.mywebsearch.com/menusearch.html?p=zuzeb004YYCA
O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - java script:

{document.location='http://neosexvideo.com/webmasters/df044/access.htm';}
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1

\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: Blooop by pogo -

http://game1.pogo.com/v/8.1.6.3/applet/cas...scade-en_US.cab
O16 - DPF: Canasta by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/ca...nasta-en_US.cab
O16 - DPF: High Stakes Poker by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/dr...poker-en_US.cab
O16 - DPF: Jungle Gin by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/gin2/gin2-en_US.cab
O16 - DPF: Mah Jong Garden by pogo -

http://game1.pogo.com/v/8.1.6.21/applet/ma...jong2-en_US.cab
O16 - DPF: Phlinx by pogo -

http://game1.pogo.com/v/8.1.6.21/applet/fl...inger-en_US.cab
O16 - DPF: Poppit by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/po...ppit2-en_US.cab
O16 - DPF: Spider Solitaire by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/sp...pider-en_US.cab
O16 - DPF: Squelchies by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/sq...chies-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/ho...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-

5.9.0.25/peaks/peaks-ob-assets.cab
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-

seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-

seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-

5.9.1.18/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo -

http://game1.pogo.com/v/8.1.6.21/applet/wh...kdown-en_US.cab
O16 - DPF: WordJong by pogo -

http://game1.pogo.com/v/8.1.5.42/applet/wo...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/wo...class-en_US.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -

http://akamai.downloadv3.com/binaries/P2EC..._1015_EN_XP.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -

http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol)

- http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

scanner) -

http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl

Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite)

- http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) -

http://sympatico.zone.msn.com/bingame/rtlw...bGameLoader.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1}

(CPlayFirstPiratePoppersControl Object) -

http://sympatico.zone.msn.com/bingame/pppp...rs.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} -

http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-

dl.real.com/068a14a671217e260718/netzip/RdxIE601.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -

http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4

Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader

Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib

Class) - http://sympatico.zone.msn.com/bingame/amad...t/atomaders.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl)

- http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -

http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) -

http://download-

games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher

.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) -

http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -

http://sympatico.zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) -

http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} -

http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) -

http://sympatico.zone.msn.com/bingame/zpag...vl.cab55579.cab
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} -

http://sympatico.zone.msn.com/bingame/zpag...S2.cab61895.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) -

http://zone.msn.com/bingame/zpagames/zpa_catan.cab36135.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry

Information Class) -

http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) -

http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) -

http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) -

http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class)

- http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -

http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game

Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object)

- http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -

http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -

https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) -

http://games.pogo.com/online2/pogo/mahjong...ameLauncher.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games â€“ Backgammon) -

http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-

00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-

2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) -

http://www.boomspeed.com/sfhelpers/backgrounds/582.gif

--
End of file - 17863 bytes

Pages: [1]

Tech Clinic / malware having trouble eliminating HELP

TheTechGuide Forum

News:

Show Posts

Messages - jmfft

Tech Clinic / malware having trouble eliminating HELP

Tech Clinic / malware having trouble eliminating HELP

Tech Clinic / malware having trouble eliminating HELP

Tech Clinic / malware having trouble eliminating HELP

Tech Clinic / malware having trouble eliminating HELP

Tech Clinic / malware having trouble eliminating HELP

Tech Clinic / malware having trouble eliminating HELP

Tech Clinic / malware having trouble eliminating HELP

Tech Clinic / malware having trouble eliminating HELP

Tech Clinic / malware having trouble eliminating HELP

Tech Clinic / malware having trouble eliminating HELP