Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

AA

alex.anton

4 Posts

2093

December 15th, 2009 09:00

Google Redirects + creates pop-ups...Please Help

Currently having an issue when opening Google. The page either redirects or a pop-up shows up. McAfee has found several Trojans. Any help would be great. Thanks!

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:20:22 PM, on 14/12/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACEIEAddOn.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1850\CPAIEAddOn.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll
O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll
O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.1.0.1990\wso.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb Pro.lnk = D:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuestService Service - Unknown owner - C:\ProgramData\QuestService\questservice129.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 13683 bytes

bamajim

10.4K Posts

December 15th, 2009 17:00

 

alex.anton

1. Go HERE and download File Lister.
  • Save it to your Desktop
    Rt Click ->> Extract all ->> And extract it to your Desktop
    Additional help on extracting zip files can be found HERE
    Open the File Lister Folder.
    Note: Leave the FileLister.vbe file in the folder and run it from there.
    Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
    As the program runs, it will appear that nothing is happening.
    When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

 

alex.anton

4 Posts

December 16th, 2009 14:00

bamajim,

This is the log. God Bless you!


++++++++++++++++++++++++++++++++++
+ File Lister  Version 1.1.2     +
+                                +
+ By bamajim / SpywareHammer.com +
++++++++++++++++++++++++++++++++++

Report ran on --->>>  16/12/2009 5:11:10 PM


====== Running Processes ======

C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\WScript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe


====== BHO's ======
BHO: (NO NAME) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACEIEAddOn.dll

BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1850\CPAIEAddOn.dll

BHO: (NO NAME) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

BHO: (NO NAME) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: (NO NAME) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll

BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll

BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.1.0.1990\wso.dll

BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[Windows Defender] = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
[SMSERIAL] = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
[SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[IgfxTray] = C:\Windows\system32\igfxtray.exe
[HotKeysCmds] = C:\Windows\system32\hkcmd.exe
[Persistence] = C:\Windows\system32\igfxpers.exe
[RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
[IAAnotif] = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
[QPService] = "C:\Program Files\HP\QuickPlay\QPService.exe"
[QlbCtrl] = %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
[HP Health Check Scheduler] = C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[hpWirelessAssistant] = %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[WAWifiMessage] = %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HP Software Update] = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[SunJavaUpdateSched] = "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
[NvCplDaemon] = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
[NvMediaCenter] = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[mcagent_exe] = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
[McENUI] = C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
[GrooveMonitor] = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
[NWEReboot] =
[PWRISOVM.EXE] = D:\Program Files\PowerISO\PWRISOVM.EXE
[NeroFilterCheck] = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[Adobe Acrobat Speed Launcher] = "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
[Acrobat Assistant 8.0] = "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
[MSConfig] = "C:\Windows\system32\msconfig.exe" /auto

====== HKCU\~\Run Keys ======

[Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
[Skype] = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{5808130B-8483-414C-AA5A-5B35204908F6}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{8349D161-D1B2-4843-8F52-E2C0B17DA59D}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{9888FC70-6947-4494-9CB4-A2738070102E}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{A5907A00-B7EB-4E03-B06C-2B4C1499884B}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{C874A7A3-9546-4572-BD6C-9CB873DD1B5A}\  NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{5808130B-8483-414C-AA5A-5B35204908F6}\  NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{8349D161-D1B2-4843-8F52-E2C0B17DA59D}\  NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{9888FC70-6947-4494-9CB4-A2738070102E}\  NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{A5907A00-B7EB-4E03-B06C-2B4C1499884B}\  NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{C874A7A3-9546-4572-BD6C-9CB873DD1B5A}\  NameServer=

HKEY_LOCAL_MACHINE\CS002\~\{5808130B-8483-414C-AA5A-5B35204908F6}\  NameServer=

HKEY_LOCAL_MACHINE\CS002\~\{8349D161-D1B2-4843-8F52-E2C0B17DA59D}\  NameServer=

HKEY_LOCAL_MACHINE\CS002\~\{9888FC70-6947-4494-9CB4-A2738070102E}\  NameServer=

HKEY_LOCAL_MACHINE\CS002\~\{A5907A00-B7EB-4E03-B06C-2B4C1499884B}\  NameServer=

HKEY_LOCAL_MACHINE\CS002\~\{C874A7A3-9546-4572-BD6C-9CB873DD1B5A}\  NameServer=


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

16/12/2009 4:57:01 PM    0    32    C:\Files.txt
04/12/2009 7:54:31 PM    0    39    C:\IO.SYS
04/12/2009 7:54:31 PM    0    39    C:\MSDOS.SYS
14/12/2009 6:17:09 PM    54272    C:\WINDOWS\pss
04/12/2009 9:53:58 PM    26817    32    C:\WINDOWS\DirectX.log
16/12/2009 5:06:33 PM    8212    32    C:\WINDOWS\mfebcdata
26/11/2009 3:01:18 AM    285494    32    C:\WINDOWS\msxml4-KB973688-enu.LOG
16/12/2009 5:10:28 PM    69    32    C:\WINDOWS\NeroDigital.ini
25/11/2009 5:45:10 PM    690    32    C:\WINDOWS\setupact.log
25/11/2009 5:45:10 PM    0    32    C:\WINDOWS\setuperr.log
23/10/2009 11:23:17 AM    32768    32    C:\WINDOWS\URCACM.EXE
22/10/2009 1:14:32 PM    144725    C:\WINDOWS\System32\DRVSTORE
22/10/2009 1:14:32 PM    144725    C:\WINDOWS\System32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C
22/10/2009 1:14:32 PM    133968    C:\WINDOWS\System32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86
09/12/2009 3:10:50 AM    72704    32    C:\WINDOWS\System32\admparse.dll
05/12/2009 12:20:32 AM    45392    33    C:\WINDOWS\System32\AdobePDF.dll
05/12/2009 12:20:32 AM    22872    33    C:\WINDOWS\System32\AdobePDFUI.dll
09/12/2009 3:10:51 AM    124928    32    C:\WINDOWS\System32\advpack.dll
04/12/2009 9:54:35 PM    2323664    32    C:\WINDOWS\System32\d3dx9_28.dll
04/12/2009 9:54:37 PM    2388176    32    C:\WINDOWS\System32\d3dx9_30.dll
28/10/2009 8:01:45 PM    4096    32    C:\WINDOWS\System32\dxmasf.dll
09/12/2009 3:10:48 AM    347136    32    C:\WINDOWS\System32\dxtmsft.dll
09/12/2009 3:10:48 AM    214528    32    C:\WINDOWS\System32\dxtrans.dll
20/10/2009 2:03:02 AM    428032    32    C:\WINDOWS\System32\EncDec.dll
22/10/2009 1:14:33 PM    107368    32    C:\WINDOWS\System32\GEARAspi.dll
09/12/2009 3:10:44 AM    389120    32    C:\WINDOWS\System32\html.iec
09/12/2009 3:07:52 AM    31232    32    C:\WINDOWS\System32\httpapi.dll
09/12/2009 3:10:40 AM    63488    32    C:\WINDOWS\System32\icardie.dll
09/12/2009 3:10:37 AM    70656    32    C:\WINDOWS\System32\ie4uinit.exe
09/12/2009 3:10:50 AM    230400    32    C:\WINDOWS\System32\ieaksie.dll
09/12/2009 3:10:50 AM    161792    32    C:\WINDOWS\System32\ieakui.dll
09/12/2009 3:10:49 AM    380928    32    C:\WINDOWS\System32\ieapfltr.dll
09/12/2009 3:10:50 AM    385024    32    C:\WINDOWS\System32\iedkcs32.dll
09/12/2009 3:10:44 AM    78336    32    C:\WINDOWS\System32\ieencode.dll
09/12/2009 3:10:46 AM    6067200    32    C:\WINDOWS\System32\ieframe.dll
09/12/2009 3:10:37 AM    44544    32    C:\WINDOWS\System32\iernonce.dll
09/12/2009 3:10:37 AM    268288    32    C:\WINDOWS\System32\iertutil.dll
09/12/2009 3:10:36 AM    56320    32    C:\WINDOWS\System32\iesetup.dll
09/12/2009 3:10:46 AM    180736    32    C:\WINDOWS\System32\ieui.dll
09/12/2009 3:10:39 AM    26624    32    C:\WINDOWS\System32\ieUnatt.exe
09/12/2009 3:10:40 AM    1830912    32    C:\WINDOWS\System32\inetcpl.cpl
09/12/2009 3:10:48 AM    27648    32    C:\WINDOWS\System32\jsproxy.dll
20/10/2009 2:03:02 AM    1244672    32    C:\WINDOWS\System32\mcmde.dll
20/10/2009 2:03:01 AM    68608    32    C:\WINDOWS\System32\Mpeg2Data.ax
20/10/2009 2:03:02 AM    177152    32    C:\WINDOWS\System32\mpg2splt.ax
18/10/2009 2:39:51 PM    60928    32    C:\WINDOWS\System32\msasn1.dll
20/10/2009 2:03:01 AM    57856    32    C:\WINDOWS\System32\MSDvbNP.ax
28/10/2009 8:01:45 PM    4096    32    C:\WINDOWS\System32\msdxm.ocx
09/12/2009 3:10:47 AM    459264    32    C:\WINDOWS\System32\msfeeds.dll
09/12/2009 3:10:43 AM    3598336    32    C:\WINDOWS\System32\mshtml.dll
09/12/2009 3:10:42 AM    1383424    32    C:\WINDOWS\System32\mshtml.tlb
09/12/2009 3:10:44 AM    477696    32    C:\WINDOWS\System32\mshtmled.dll
09/12/2009 3:10:44 AM    48128    32    C:\WINDOWS\System32\mshtmler.dll
20/10/2009 2:03:02 AM    80896    32    C:\WINDOWS\System32\MSNP.ax
09/12/2009 3:10:41 AM    671232    32    C:\WINDOWS\System32\mstime.dll
19/10/2009 11:27:44 AM    216576    32    C:\WINDOWS\System32\msv1_0.dll
26/11/2009 3:04:59 AM    1260032    32    C:\WINDOWS\System32\msxml3.dll
26/11/2009 3:04:59 AM    2048    32    C:\WINDOWS\System32\msxml3r.dll
26/11/2009 3:04:59 AM    1406464    32    C:\WINDOWS\System32\msxml6.dll
26/11/2009 3:04:59 AM    2048    32    C:\WINDOWS\System32\msxml6r.dll
09/12/2009 3:07:51 AM    24064    32    C:\WINDOWS\System32\nshhttp.dll
20/10/2009 2:04:56 AM    3502152    32    C:\WINDOWS\System32\ntkrnlpa.exe
20/10/2009 2:04:55 AM    3467864    32    C:\WINDOWS\System32\ntoskrnl.exe
09/12/2009 3:10:38 AM    102912    32    C:\WINDOWS\System32\occache.dll
09/12/2009 3:10:37 AM    44544    32    C:\WINDOWS\System32\pngfilt.dll
20/10/2009 2:03:01 AM    292352    32    C:\WINDOWS\System32\psisdecd.dll
20/10/2009 2:03:01 AM    217088    32    C:\WINDOWS\System32\psisrndr.ax
09/12/2009 3:01:42 AM    274432    32    C:\WINDOWS\System32\raschap.dll
09/12/2009 3:01:41 AM    232960    32    C:\WINDOWS\System32\rastls.dll
28/10/2009 8:01:46 PM    7680    32    C:\WINDOWS\System32\spwmp.dll
26/11/2009 3:03:40 AM    713728    32    C:\WINDOWS\System32\timedate.cpl
26/11/2009 3:04:38 AM    2048    32    C:\WINDOWS\System32\tzres.dll
28/10/2009 8:01:41 PM    311296    32    C:\WINDOWS\System32\unregmp2.exe
09/12/2009 3:10:37 AM    1168384    32    C:\WINDOWS\System32\urlmon.dll
12/11/2009 3:02:55 AM    2031104    32    C:\WINDOWS\System32\win32k.sys
09/12/2009 3:11:51 AM    378368    32    C:\WINDOWS\System32\winhttp.dll
09/12/2009 3:10:49 AM    832512    32    C:\WINDOWS\System32\wininet.dll
28/10/2009 8:01:47 PM    10622464    32    C:\WINDOWS\System32\wmp.dll
28/10/2009 8:01:47 PM    8147968    32    C:\WINDOWS\System32\wmploc.DLL
18/10/2009 2:38:20 PM    604672    32    C:\WINDOWS\System32\WMSPDMOD.DLL
12/11/2009 3:01:34 AM    321536    32    C:\WINDOWS\System32\WSDApi.dll
27/10/2009 6:39:40 AM    575704    32    C:\WINDOWS\System32\wuapi.dll
27/10/2009 6:39:13 AM    33792    32    C:\WINDOWS\System32\wuapp.exe
27/10/2009 6:40:11 AM    53472    32    C:\WINDOWS\System32\wuauclt.exe
27/10/2009 6:40:11 AM    1929952    32    C:\WINDOWS\System32\wuaueng.dll
27/10/2009 6:40:11 AM    2421760    32    C:\WINDOWS\System32\wucltux.dll
27/10/2009 6:39:41 AM    87552    32    C:\WINDOWS\System32\wudriver.dll
27/10/2009 6:39:40 AM    35552    32    C:\WINDOWS\System32\wups.dll
27/10/2009 6:40:11 AM    44768    32    C:\WINDOWS\System32\wups2.dll
27/10/2009 6:39:13 AM    171608    32    C:\WINDOWS\System32\wuwebv.dll

====== "\Administrator\Startup" Last 60 Days======

 

====== "\All Users\Startup" Last 60 Days======


====== "\Program Files" Last 60 Days======

22/10/2009 1:10:11 PM    2221118    C:\Program Files\Apple Software Update
14/12/2009 1:21:37 AM    1692651    C:\Program Files\Automated Content Enhancer
22/10/2009 1:12:22 PM    390387    C:\Program Files\Bonjour
14/12/2009 1:22:05 AM    2396443    C:\Program Files\Content Management Wizard
14/12/2009 1:21:45 AM    1689351    C:\Program Files\Customized Platform Advancer
05/12/2009 2:24:32 AM    1926592    C:\Program Files\DAEMON Tools Toolbar
27/10/2009 7:56:42 PM    4152518    C:\Program Files\DivX
14/12/2009 1:21:15 AM    0    C:\Program Files\Gameztar Toolbar
14/12/2009 1:21:54 AM    3201028    C:\Program Files\Internet Today
22/10/2009 1:13:09 PM    1582699    C:\Program Files\iPod
22/10/2009 1:13:06 PM    111963019    C:\Program Files\iTunes
04/12/2009 9:56:46 PM    378157702    C:\Program Files\Nero
14/12/2009 1:22:30 AM    750192    C:\Program Files\QuestService
22/10/2009 1:11:16 PM    79277715    C:\Program Files\QuickTime
14/12/2009 1:22:17 AM    1127954    C:\Program Files\Textual Content Provider
14/12/2009 5:43:42 PM    401781    C:\Program Files\TrendMicro
14/12/2009 1:21:33 AM    1673833    C:\Program Files\Web Search Operator
01/11/2009 7:11:48 PM    431104    C:\Program Files\WinAce
13/11/2009 9:46:53 PM    8345177    C:\Program Files\WinSCP

======"Drivers" Modified Last 60 Days======

09/12/2009 3:07:52 AM    396800    32    C:\WINDOWS\System32\drivers\http.sys
05/12/2009 2:23:47 AM    691696    32    C:\WINDOWS\System32\drivers\sptd.sys
18/10/2009 2:39:01 PM    130048    32    C:\WINDOWS\System32\drivers\srv2.sys

====== Files Deleted under "%Temp%" ======

3 Files deleted

======"All Users\Application Data" Last 60 Days======

 

====== HKLM\~\ShellServiceObjectDelayLoad======

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll


====== HKLM\~\SharedTaskScheduler======

Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

====== Services ( Services that are Whitelisted are not shown) ======

adp94xx (adp94xx)- C:\Windows\system32\drivers\adp94xx.sys - Disabled/Stopped
adpahci (adpahci)- C:\Windows\system32\drivers\adpahci.sys - Disabled/Stopped
amdide (amdide)- C:\Windows\system32\drivers\amdide.sys - Disabled/Stopped
arcsas (arcsas)- C:\Windows\system32\drivers\arcsas.sys - Disabled/Stopped
BCM43XV (Broadcom Extensible 802.11 Network Adapter Driver)- C:\Windows\system32\DRIVERS\bcmwl6.sys - Manual/Stopped
bowser (Bowser)- C:\Windows\system32\DRIVERS\bowser.sys - Manual/Stopped
BrFiltLo (Brother USB Mass-Storage Lower Filter Driver)- C:\Windows\system32\drivers\brfiltlo.sys - Manual/Stopped
BrFiltUp (Brother USB Mass-Storage Upper Filter Driver)- C:\Windows\system32\drivers\brfiltup.sys - Manual/Stopped
Brserid (Brother MFC Serial Port Interface Driver (WDM))- C:\Windows\system32\drivers\brserid.sys - Disabled/Stopped
BrSerWdm (Brother WDM Serial driver)- C:\Windows\system32\drivers\brserwdm.sys - Disabled/Stopped
BrUsbMdm (Brother MFC USB Fax Only Modem)- C:\Windows\system32\drivers\brusbmdm.sys - Disabled/Stopped
BrUsbSer (Brother MFC USB Serial WDM Driver)- C:\Windows\system32\drivers\brusbser.sys - Manual/Stopped
circlass (Consumer IR Devices)- C:\Windows\system32\drivers\circlass.sys - Disabled/Stopped
CLFS (Common Log (CLFS))- C:\Windows\system32\CLFS.sys - Boot/Running
Crusoe (Transmeta Crusoe Processor Driver)- C:\Windows\system32\drivers\crusoe.sys - Disabled/Stopped
DfsC (Dfs Client Driver)- C:\Windows\system32\Drivers\dfsc.sys - System/Stopped
DXGKrnl (LDDM Graphics Subsystem)- C:\Windows\system32\drivers\dxgkrnl.sys - Manual/Stopped
E100B (Intel(R) PRO Adapter Driver)- C:\Windows\system32\DRIVERS\e100b325.sys - Manual/Stopped
E1G60 (Intel(R) PRO/1000 NDIS 6 Adapter Driver)- C:\Windows\system32\DRIVERS\E1G60I32.sys - Manual/Stopped
eabfiltr (eabfiltr)- C:\Windows\system32\DRIVERS\eabfiltr.sys - System/Stopped
Ecache (ReadyBoost Caching Driver)- C:\Windows\system32\drivers\ecache.sys - Boot/Running
elxstor (elxstor)- C:\Windows\system32\drivers\elxstor.sys - Disabled/Stopped
FileInfo (File Information FS MiniFilter)- C:\Windows\system32\drivers\fileinfo.sys - Boot/Running
Filetrace (FileTrace)- C:\Windows\system32\drivers\filetrace.sys - Manual/Stopped
gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms)- C:\Windows\system32\drivers\gagp30kx.sys - Manual/Stopped
HBtnKey (HBtnKey)- C:\Windows\system32\DRIVERS\cpqbttn.sys - Manual/Running
HidBth (Microsoft Bluetooth HID Miniport)- C:\Windows\system32\drivers\hidbth.sys - Disabled/Stopped
HidIr (Microsoft Infrared HID Driver)- C:\Windows\system32\drivers\hidir.sys - Disabled/Stopped
HpCISSs (HpCISSs)- C:\Windows\system32\drivers\hpcisss.sys - Disabled/Stopped
HSFHWAZL (HSFHWAZL)- C:\Windows\system32\DRIVERS\VSTAZL3.SYS - Manual/Stopped
HSF_DPV (HSF_DPV)- C:\Windows\system32\DRIVERS\VSTDPV3.SYS - Manual/Stopped
iaStor (Intel AHCI Controller)- C:\Windows\system32\DRIVERS\iaStor.sys - Boot/Running
iaStorV (Intel RAID Controller Vista)- C:\Windows\system32\drivers\iastorv.sys - Disabled/Stopped
igfx (igfx)- C:\Windows\system32\DRIVERS\igdkmd32.sys - Manual/Stopped
IPMIDRV (IPMIDRV)- C:\Windows\system32\drivers\ipmidrv.sys - Disabled/Stopped
iScsiPrt (iScsiPort Driver)- C:\Windows\system32\DRIVERS\msiscsi.sys - Manual/Running
iteatapi (ITEATAPI_Service_Install)- C:\Windows\system32\drivers\iteatapi.sys - Disabled/Stopped
iteraid (ITERAID_Service_Install)- C:\Windows\system32\drivers\iteraid.sys - Disabled/Stopped
lltdio (Link-Layer Topology Discovery Mapper I/O Driver)- C:\Windows\system32\DRIVERS\lltdio.sys - Auto/Stopped
LSI_FC (LSI_FC)- C:\Windows\system32\drivers\lsi_fc.sys - Disabled/Stopped
LSI_SAS (LSI_SAS)- C:\Windows\system32\drivers\lsi_sas.sys - Disabled/Stopped
LSI_SCSI (LSI_SCSI)- C:\Windows\system32\drivers\lsi_scsi.sys - Disabled/Stopped
luafv (UAC File Virtualization)- C:\Windows\system32\drivers\luafv.sys - Auto/Stopped
megasas (megasas)- C:\Windows\system32\drivers\megasas.sys - Disabled/Stopped
mpio (Microsoft Multi-Path Bus Driver)- C:\Windows\system32\drivers\mpio.sys - Disabled/Stopped
mpsdrv (Windows Firewall Authorization Driver)- C:\Windows\system32\drivers\mpsdrv.sys - Manual/Stopped
mrxsmb10 (SMB 1.x MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb10.sys - Manual/Stopped
mrxsmb20 (SMB 2.0 MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb20.sys - Manual/Stopped
msahci (msahci)- C:\Windows\system32\drivers\msahci.sys - Disabled/Stopped
msdsm (Microsoft Multi-Path Device Specific Module)- C:\Windows\system32\drivers\msdsm.sys - Disabled/Stopped
msisadrv (ISA/EISA Class Driver)- C:\Windows\system32\drivers\msisadrv.sys - Boot/Running
MsRPC (MsRPC)- C:\Windows\system32\drivers\MsRPC.sys - Manual/Stopped
NativeWifiP (NativeWiFi Filter)- C:\Windows\system32\DRIVERS\nwifi.sys - Manual/Stopped
NETw3v32 (Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit)- C:\Windows\system32\DRIVERS\NETw3v32.sys - Manual/Stopped
NETw4v32 (Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit)- C:\Windows\system32\DRIVERS\NETw4v32.sys - Manual/Stopped
NETw5v32 (Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit)- C:\Windows\system32\DRIVERS\NETw5v32.sys - Manual/Stopped
nfrd960 (nfrd960)- C:\Windows\system32\drivers\nfrd960.sys - Disabled/Stopped
nsiproxy (NSI proxy service)- C:\Windows\system32\drivers\nsiproxy.sys - System/Stopped
ntrigdigi (N-trig HID Tablet Driver)- C:\Windows\system32\drivers\ntrigdigi.sys - Disabled/Stopped
nvlddmkm (nvlddmkm)- C:\Windows\system32\DRIVERS\nvlddmkm.sys - Manual/Stopped
nvstor (nvstor)- C:\Windows\system32\drivers\nvstor.sys - Disabled/Stopped
PEAUTH (PEAUTH)- C:\Windows\system32\drivers\peauth.sys - Auto/Stopped
ql2300 (QLogic Fibre Channel Miniport Driver)- C:\Windows\system32\drivers\ql2300.sys - Disabled/Stopped
ql40xx (QLogic iSCSI Miniport Driver)- C:\Windows\system32\drivers\ql40xx.sys - Disabled/Stopped
QWAVEdrv (QWAVE driver)- C:\Windows\system32\drivers\qwavedrv.sys - Manual/Stopped
RDPENCDD (RDP Encoder Mirror Driver)- C:\Windows\system32\drivers\rdpencdd.sys - System/Stopped
rimmptsk (rimmptsk)- C:\Windows\system32\DRIVERS\rimmptsk.sys - Auto/Running
rimsptsk (rimsptsk)- C:\Windows\system32\DRIVERS\rimsptsk.sys - Auto/Running
rismxdp (Ricoh xD-Picture Card Driver)- C:\Windows\system32\DRIVERS\rixdptsk.sys - Auto/Running
rspndr (Link-Layer Topology Discovery Responder)- C:\Windows\system32\DRIVERS\rspndr.sys - Auto/Stopped
RTL8169 (Realtek 8169 NT Driver)- C:\Windows\system32\DRIVERS\Rtlh86.sys - Manual/Stopped
sbp2port (SBP-2 Transport/Protocol Bus Driver)- C:\Windows\system32\drivers\sbp2port.sys - Disabled/Stopped
SCDEmu (SCDEmu)- C:\Windows\system32\drivers\SCDEmu.sys - System/Stopped
sdbus (sdbus)- C:\Windows\system32\DRIVERS\sdbus.sys - Manual/Stopped
sermouse (Serial Mouse Driver)- C:\Windows\system32\drivers\sermouse.sys - Disabled/Stopped
sffdisk (SFF Storage Class Driver)- C:\Windows\system32\DRIVERS\sffdisk.sys - Manual/Stopped
sffp_mmc (SFF Storage Protocol Driver for MMC)- C:\Windows\system32\drivers\sffp_mmc.sys - Manual/Stopped
sffp_sd (SFF Storage Protocol Driver for SDBus)- C:\Windows\system32\DRIVERS\sffp_sd.sys - Manual/Stopped
SiSRaid2 (SiSRaid2)- C:\Windows\system32\drivers\sisraid2.sys - Disabled/Stopped
SiSRaid4 (SiSRaid4)- C:\Windows\system32\drivers\sisraid4.sys - Disabled/Stopped
smserial (smserial)- C:\Windows\system32\DRIVERS\smserial.sys - Manual/Stopped
spldr (Security Processor Loader Driver)- C:\Windows\system32\drivers\spldr.sys - Boot/Stopped
srv2 (srv2)- C:\Windows\system32\DRIVERS\srv2.sys - Manual/Stopped
srvnet (srvnet)- C:\Windows\system32\DRIVERS\srvnet.sys - Manual/Stopped
SynTP (Synaptics TouchPad Driver)- C:\Windows\system32\DRIVERS\SynTP.sys - Manual/Running
Tcpip6 (Microsoft IPv6 Protocol Driver)- C:\Windows\system32\DRIVERS\tcpip.sys - Manual/Stopped
tcpipreg (TCP/IP Registry Compatibility)- C:\Windows\system32\drivers\tcpipreg.sys - Auto/Stopped
tdx (NetIO Legacy TDI Support Driver)- C:\Windows\system32\DRIVERS\tdx.sys - System/Stopped
tssecsrv (Terminal Services Security Filter Driver)- C:\Windows\system32\DRIVERS\tssecsrv.sys - Manual/Stopped
tunmp (Microsoft Tun Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunmp.sys - Manual/Stopped
tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunnel.sys - Manual/Stopped
uagp35 (Microsoft AGPv3.5 Filter)- C:\Windows\system32\drivers\uagp35.sys - Manual/Stopped
uliagpkx (Uli AGP Bus Filter)- C:\Windows\system32\drivers\uliagpkx.sys - Manual/Stopped
uliahci (uliahci)- C:\Windows\system32\drivers\uliahci.sys - Disabled/Stopped
UlSata (UlSata)- C:\Windows\system32\drivers\ulsata.sys - Disabled/Stopped
ulsata2 (ulsata2)- C:\Windows\system32\drivers\ulsata2.sys - Disabled/Stopped
umbus (UMBus Enumerator Driver)- C:\Windows\system32\DRIVERS\umbus.sys - Manual/Running
USBAAPL (Apple Mobile USB Driver)- C:\Windows\system32\Drivers\usbaapl.sys - Manual/Stopped
usbcir (eHome Infrared Receiver (USBCIR))- C:\Windows\system32\drivers\usbcir.sys - Disabled/Stopped
usbvideo (USB Video Device (WDM))- C:\Windows\system32\Drivers\usbvideo.sys - Manual/Stopped
USB_RNDIS (RCA Digital Cable Modem)- C:\Windows\system32\DRIVERS\usb8023.sys - Manual/Stopped
ViaC7 (VIA C7 Processor Driver)- C:\Windows\system32\drivers\viac7.sys - Disabled/Stopped
volmgr (Volume Manager Driver)- C:\Windows\system32\drivers\volmgr.sys - Boot/Running
volmgrx (Dynamic Volume Manager)- C:\Windows\system32\drivers\volmgrx.sys - Boot/Running
vsmraid (vsmraid)- C:\Windows\system32\drivers\vsmraid.sys - Disabled/Stopped
WacomPen (Wacom Serial Pen HID Driver)- C:\Windows\system32\drivers\wacompen.sys - Disabled/Stopped
Wanarpv6 (Remote Access IPv6 ARP Driver)- C:\Windows\system32\DRIVERS\wanarp.sys - System/Stopped
Wdf01000 (Kernel Mode Driver Frameworks service)- C:\Windows\system32\drivers\Wdf01000.sys - Boot/Running
WmiAcpi (Microsoft Windows Management Interface for ACPI)- C:\Windows\system32\DRIVERS\wmiacpi.sys - Manual/Running
WpdUsb (WpdUsb)- C:\Windows\system32\DRIVERS\wpdusb.sys - Manual/Stopped

====== Uninstall List ======

Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 ActiveX
BitComet 1.16
Acrobat.com
DAEMON Tools Toolbar
Microsoft Office Enterprise 2007
Intel(R) Graphics Media Accelerator Driver
HP Photosmart Essential 2.0
LimeWire 5.3.6
Microsoft .NET Framework 3.5 SP1
MpcStar 4.2
McAfee SecurityCenter
McAfee SecurityCenter
McAfee SecurityCenter
McAfee SecurityCenter
McAfee SecurityCenter
McAfee SecurityCenter
McAfee SecurityCenter
McAfee SecurityCenter
RCA Digital Cable Modem
Netscape Navigator (9.0.0.6)
NVIDIA Drivers
PowerISO
QuestService 1.0 build 129
Adobe Flash Player 9 ActiveX
Motorola SM56 Speakerphone Modem
Synaptics Pointing Device Driver
My HP Games
WinAce Archiver
WinSCP 4.2.4 beta
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
WordWeb Pro
Bonjour
HiJackThis
HP Doc Viewer
muvee autoProducer 6.0
Apple Application Support
Adobe Flash Player 10 Plugin
ESU for Microsoft Vista
AeroSnap 0.61
HPNetworkAssistant
Nero 7 Ultra Edition
ActiveCheck component for HP Active Support Library
HP Active Support Library
Java(TM) SE Runtime Environment 6
HP Quick Launch Buttons 6.20 B1
Roxio Activation Module
Max Payne
MSCU for Microsoft Vista
HP Easy Setup - Frontend
HP QuickPlay 3.2
Skype web features
HP User Guides 0056
HPAsset component for HP Active Support Library
Apple Software Update
Microsoft Works
Acrobat.com
VC80CRTRedist - 8.0.50727.762
MSXML 4.0 SP2 (KB954430)
HP Update
Microsoft Office Access MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
HP Help and Support
Intel Matrix Storage Manager
Adobe AIR
QuickTime
Microsoft Visual C++ 2005 Redistributable
Apple Mobile Device Support
HP Customer Experience Enhancements
Adobe Acrobat 9 Pro - English, Français, Deutsch
DivX Web Player
Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Skype™ 4.1
HP Wireless Assistant
iTunes
Max Payne 2
Realtek High Definition Audio Driver
MSXML 4.0 SP2 (KB973688)
HP Active Support Library 32 bit components

======== Other Info ========

TOTAL PHYSICAL RAM: 2145 MB

Boot Info

OS Type:  Microsoft® Windows Vista™ Home Premium
Build:  6.0.6000
Service Pack:  0.0

====== Files with Hidden Attributes======
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\boot\bootstat.dat

==End of Report==

bamajim

10.4K Posts

December 17th, 2009 07:00


alex.anton

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

alex.anton

4 Posts

December 17th, 2009 14:00

bamajim,

Did what you told me. This is the MBAM log:

Malwarebytes' Anti-Malware 1.42
Database version: 3382
Windows 6.0.6000
Internet Explorer 7.0.6000.16945

17/12/2009 4:56:33 PM
mbam-log-2009-12-17 (16-56-33).txt

Scan type: Quick Scan
Objects scanned: 100126
Time elapsed: 8 minute(s), 49 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 10
Registry Keys Infected: 48
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 33
Files Infected: 74

Memory Processes Infected:
C:\ProgramData\QuestService\questservice129.exe (Adware.DoubleD) -> Unloaded process successfully.
C:\Program Files\QuestService\questservice.exe (Adware.DoubleD) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\CPAIEAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator\4.1.0.1990\WSO.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACEIEAddOn.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Web Search Operator\4.1.0.1990\WSOCommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACECommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\lri.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\CPACommon.dll (Adware.Agent) -> Delete on reboot.
C:\Program Files\QuestService\questservice.dll (Adware.DoubleD) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questservice (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Internet Today (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990 (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\QuestService (Adware.DoubleD) -> Delete on reboot.
C:\Users\user\Local Settings\Application Data\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\Web Search Operator\4.1.0.1990 (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\CPAIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\Low\7392.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Today\1.1.0.1260\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Web Search Operator\4.1.0.1990\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_DomainInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Textual Content Provider\1.1.0.1810\data\TP_KeywordInterval.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Automated Content Enhancer\4.1.0.5260\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\CPACommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Customized Platform Advancer\4.1.0.1850\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\LRI.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Content Management Wizard\1.1.0.1990\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\QuestService\questservice129.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\QuestService\questservice.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\QuestService\questservice.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\QuestService\uninstall.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\user\Local Settings\Application Data\Web Search Operator\4.1.0.1990\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

bamajim

10.4K Posts

December 18th, 2009 09:00


Aalex.anton

Good work. Rerun Hijackthis and post a fresh Hijackthis log.

And in your reply tell how your pc is running at this point

alex.anton

4 Posts

December 18th, 2009 10:00

bamajim,

Thanks for the fast reply. The computer seems to work fine. There are no pop-ups in Internet Explorer, nor redirections of any sorts. This is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:19:36 PM, on 18/12/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb Pro.lnk = D:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 11521 bytes

bamajim

10.4K Posts

December 18th, 2009 12:00


alex.anton

You are most welcome. Glad to hear things are well

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:

Lets create a clean System Restore point:
To create a Clean System Restore Point in Vista
  • Click Start (the Vista icon) ->> All Programs ->> Accessories ->> System Tools ->> System Restore
    The System restore Window will open. Select Open System Protection
    Another window will open, Hilite The C:\ Drive in the window
    Then Select Create. Yet another window will open type in todays date 05262008 (or what ever you would like to remind you of this Restore Point) in the Create a restore point window.
    Then Select Create. Windows will then create a restore point.
    Once done you will receive notification that a System Restore point has been Created.
    Close all the open widows and you are done.


Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basis
  • To a disc or a USB key, not your Hardrive

You may want to read this article" So how did I get infected in the first place" by Tony Klein

surf safe

View More

View All

No Events found!

Top