Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Aeros15

24 Posts

1859

April 22nd, 2007 19:00

Help Please Spyware/virus Problem

Hi, I was told to repost this here. ive been having some issues with my computer and ive tried to figure it out and fix it but nothing really seemed to work.

some main things is that in my control panel/network connections there is an internet gateway connection
another is in the control panel/add remove programs list, there is a program called webfastconnect and i cant remove it

when i did the symantec online virus scan all it came up with was a thing called adware.zangosearch

anyways i have no idea what else i can do

please help

here is the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 7:19:55 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\allSnap\allSnap.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Joshua\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: allSnap.lnk = C:\Program Files\allSnap\allSnap.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

thanks in advance
~Aeros

Message Edited by Aeros15 on 04-22-2007 03:44 PM

bamajim

10.4K Posts

April 24th, 2007 16:00

Aeros15

Re Run Hijackthis
  • At the Main window select " Open the misc tool section"
    Then select " Open uninstall manager"
    Then " save list" and save it to your desktop

Copy and paste that list as a reply to this thread
 
bamajim   Graduate of MRU
CastleCops  Instructor






Aeros15

24 Posts

April 24th, 2007 18:00

Acoustica Beatcraft
Acoustica Effects Pack
Acoustica Mixcraft
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Help Center 1.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Stock Photos 1.0
allSnap version 1.30.6 Release
AOL Instant Messenger
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
ATI Multimedia Center 9.03
ATI Problem Report Wizard
Battlefield 2(TM)
Battlefield 2: Special Forces
BF2 Editor
CopySafe Plugin
DAO
DivX
DivX Player
Dystopia
Easy CD & DVD Creator 6
FEAR
Fraps (remove only)
GmPP v1.0
Google Earth
Google Toolbar for Internet Explorer
Google Video Player
Guitar Pro 5.0
Higher Score on the ACT
HijackThis 1.99.1
HL2CTF Beta v1.5
HLSW v1.0.0.45
iTunes
LEGO Digital Brick Palette - LEGO Factory
LEGO Digital Brick Palette - Make and Create
LEGO Digital Brick Palette - PAB 2004 LEGOLAND SE
LEGO Digital Designer
LimeWire 4.10.9
Logitech MouseWare 9.76
Macromedia Flash Player 8
Macromedia Shockwave Player
MapleStory
McAfee QuickClean 5.0
McAfee SecurityCenter
McAfee SpamKiller
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft AntiSpyware
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
middle_man
mIRC
Mozilla Firefox (2.0.0.2)
Mozilla Firefox (2.0.0.3)
Natural Selection 3.0
Nero - Burning Rom
NVIDIA Drivers
NVIDIA nForce Utilities
NVIDIA Windows 2000/XP nForce Drivers
Plan of Attack
PlanetSide
QuickTime
Reason 3.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SelectRebates
Silkroad
SimCity 4 Deluxe
Skype 2.5
Spybot - Search & Destroy 1.3
Starcraft
StarCraft X-tra Editor Version 2.5
StarDraft Setup
StarForge
StealthBot v2.6 Revision 3 (remove only)
Steam
Sunbelt CounterSpy
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
Tremulous 1.1.0
Ulead GIF Animator 5
UltraVNC v1.0.2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
URGE
Ventrilo Client
Ventrilo Server
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFastConnect
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Xfire (remove only)
Yahoo! Internet Mail
Yahoo! Messenger

thank you for helping :D i really appreciate it

bamajim

10.4K Posts

April 24th, 2007 19:00

Aeros15

1. Reboot into Safe Mode
This can be done by
  • Restart your PC, and after it starts, but before you see the Windows Splash screen
    Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
    Use your arrow keys and select Safe Mode and then Enter

2. Go to Add/remove programs
And Uninstall the following programs
  • SelectRebates
    Starcraft
    StarCraft X-tra Editor Version 2.5
    WebFastConnect

Close Add/Remove programs->>Reboot your PC into Normal Windows mode->>Rerun Hijackthis and post a fresh Hijackthis log
 
bamajim   Graduate of MRU
CastleCops  Instructor


Aeros15

24 Posts

April 24th, 2007 20:00

ok.. well i really wasnt expecting my starcraft stuff to be a reason of malware etc. but i tried to go in safe mode and remove webfastconnect.. didnt work
but i will remove the others

bamajim

10.4K Posts

April 24th, 2007 23:00

Aeros15

Sorry about Starware. After we get your PC clean you can reinstall it if you wish. However I would recommend that you see this link before you decide.

LINK

Something is interfering with the programs uninstall. What happens when you try to remove it? Do you get a message soemthing is missing, does nothing happen or what?

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

bamajim   Graduate of MRU
CastleCops  Instructor

Aeros15

24 Posts

April 25th, 2007 02:00

uhm.. ok so i went into safe mode and deleted the starcraft and starcraft x-tra editor and then tried to delete the select rebates, and it did the same as the Webfastconnect.. it was saying "the program may have already been uninstalled, would you like to remove it from the add/remove programs list" but i chose not to

as for the combofix thing.. i downloaded it and ran the exe and stuff but all that came up was a folder called ComboFixT and a .bat file called Start.bat

so yah.. i couldnt use the combofix that you gave me

bamajim

10.4K Posts

April 25th, 2007 14:00

Aeros15

We can remove them this way:

1. Rerun Hijackthis
  • A the main window Select "Open the misc tool section"
    Then Select " Open Uninstall Manager"
    Highlite the entries below one at a time

    • SelectRebates
      WebFastConnect

    Then Select "Delete this Entry"
    Close Hijackthis->>Reboot your PC.
2. Once you have Combofix downloaded and Saved. Reboot into Safe Mode anf See if you can get it to run. Then reply with the log. If it does not run then reply and we will try something else.
 
bamajim   Graduate of MRU
CastleCops  Instructor




Aeros15

24 Posts

April 25th, 2007 18:00

ok i got the select rebates and webfastconnect removed.. then rebooted in safe mode and ran the combofix, and it worked... there was one thing though.. at the end of its scan i suppose.. it said the search string was too long.. i have never used that program before so i dont know if its messed up or not, but it did produce a log.. here it is:

"Joshua" - 07-04-25 14:13:17 Service Pack 2 [SAFE MODE]
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Joshua\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\quick links\Uninst.log
C:\Program Files\quick links


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))


2007-04-23 16:01 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-04-23 14:11 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-04-23 14:11 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-04-23 14:04 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-04-23 14:02 d-------- C:\Program Files\Sunbelt Software
2007-04-23 14:02 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt Software
2007-04-18 19:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-04-18 19:00 d-------- C:\WINDOWS\system32\appmgmt
2007-04-17 20:42 d-------- C:\DOCUME~1\Joshua\APPLIC~1\WholeSecurity
2007-04-01 17:15 d-------- C:\Program Files\Common Files\EasyInfo
2007-03-27 14:02 d-------- C:\Program Files\Guitar Pro 5
2007-03-26 16:31 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-03-26 15:02 d-------- C:\Program Files\Lavasoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-25 14:07 -------- d-------- C:\Program Files\microsoft antispyware
2007-04-25 14:07 -------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\skype
2007-04-24 22:09 -------- d-------- C:\Program Files\starcraft
2007-04-23 16:01 -------- d-------- C:\Program Files\siteadvisor
2007-04-17 20:32 -------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\xfire
2007-04-17 13:47 -------- d---s---- C:\Program Files\xfire
2007-04-17 13:27 -------- d-------- C:\Program Files\mcafee
2007-04-14 14:33 -------- d--h----- C:\Program Files\installshield installation information
2007-04-10 18:33 -------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\u3
2007-03-26 20:24 -------- d-------- C:\DOCUME~1\Joshua\APPLIC~1\siteadvisor
2007-03-26 15:02 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-03-24 18:49 -------- d-------- C:\Program Files\mcafee.com
2007-03-17 08:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-09 09:57 27376 --a------ C:\WINDOWS\system32\sbbd.exe
2007-03-08 10:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 10:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 10:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 08:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-02 14:16 109608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-02-05 15:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-17 14:37 36156 --ah----- C:\Program Files\untitled.bak.scm


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{089FD14D-132B-48FC-8861-0048AE113215} C:\Program Files\SiteAdvisor\SiteAdv.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\program files\mcafee\virusscan\scriptcl.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nForce Tray Options"="sstray.exe /r"
"Logitech Utility"="Logi_MwX.Exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioAudioCentral"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"SBCSTray"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"McAfee QuickClean Imonitor"="C:\\Program Files\\McAfee\\McAfee QuickClean\\Plguni.exe /START"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"Steam"=""
@=""
"ATI Launchpad"=""
"ATI DeviceDetect"="C:\\Program Files\\ATI Multimedia\\main\\ATIDtct.EXE"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Color Calibration.lnk"
"backup"="C:\\WINDOWS\\pss\\Color Calibration.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SEC\\MAGICT~1.5\\GAMMAT~1.EXE "
"item"="Color Calibration"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NaturalColorLoad.lnk"
"backup"="C:\\WINDOWS\\pss\\NaturalColorLoad.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SEC\\NATURA~1\\NATURA~1.EXE "
"item"="NaturalColorLoad"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\Autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\LaunchU3.exe -a


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-25 14:17:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-25 14:17:35
C:\ComboFix-quarantined-files.txt ... 07-04-25 14:17

Once again thank you for all your help so far

Message Edited by Aeros15 on 04-25-2007 02:24 PM

bamajim

10.4K Posts

April 25th, 2007 19:00

Aeros15
 
You are most welcome

You have some files I would like to have checked

1. Please upload these files to Jotti's Online Virus Scan
  • C:\WINDOWS\system32\appmgmt
    C:\WINDOWS\system32\d3d9caps.dat
    C:\WINDOWS\system32\SBFC.dat
    C:\WINDOWS\system32\SBRC.dat

Click " Browse" at the top of the page
- Navigate to (Locate)Using Windows Explorer
  • (Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)

  • Each one of the files listed above, one at a time

  • - Click " Open" Then the "Submit" and let the scan finish
    - Scroll down to the bottom of the page to find the results
    - Copy/paste the results in your next reply.

bamajim   Graduate of MRU
CastleCops  Instructor

Aeros15

24 Posts

April 25th, 2007 20:00

Uhm.. sorry sort of confused.. when i went to that site, i tried to upload the things you mentioned but when i was browsing for it i went to C:\WINDOWS\system32\appmgmt but the appmgmt was a folder and it came to 2 more folders one called MACHINE and another called S-1-5-21-507921405-115176313-839522115-1003, so i couldnt upload that thing to the site.. if im doing it wrong please help

also one of the other things is there is still this internet gateway type of internet connection on my computer.. how can i get rid of that?

bamajim

10.4K Posts

April 25th, 2007 20:00

Aeros15
 
Upload the other files on the list an dwe will deal witht he folder another way.
 
And we will get rid of the agteway connection after the results of the Jottiscan for the other files
 
bamajim   Graduate of MRU
CastleCops  Instructor

Aeros15

24 Posts

April 26th, 2007 01:00

ok i couldnt upload the last 2 as well.. it said either a firewall or malicious stuff is blocking the file from being uploaded or something...

but here is the one i could upload

Scan taken on 26 Apr 2007 02:44:10 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

bamajim

10.4K Posts

April 27th, 2007 18:00

Aeros15

Don't like dealing with unknowns, but we will come back to that

1. Go here and Download AVG Anti-Spyware
( 30 day free trial version) Save it to Your Desktop
 
Double Click AVG Anti-Spyware-setup
(It will create its own folder)
Once the program starts You will be at the Status menu
  • Under "Your computers Security"
    Click Update now (next to last update)
    After the update loads
    Under Automatic updates Uncheck download and install updates automatically(recommended)
    (you can always select maual updates the next day)
At the top toolbar Click Scanner Then the settings tab
  • Under How to act? Set default action for detected malwareTo Quarantine
    Under how to scan All boxes should be checked
    Under Possibly unwanted software All boxes should be checked
    Under reports Select Automatically generate report after every scan
    Uncheck Only if threats were found
    Under what to scan Scan every file should be highlited
Exit AVG  (But do not run it yet)
 
Reboot into Safe Mode
This can be done by
  • Restart your PC, and after it starts, but before you see the Windows Splash screen
    Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
    Use your arrow keys and select Safe Mode and then Enter
Run AVG Anti-Spyware
  • Click scanner
    Select Complete system scan
Once the scan finishes
  • Select Apply all actions (The items found will be quarantined)
    Click save report as (Another window will open)
    Save it to your desktop
    (By default It will be saved in the AVG folder as)
    C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports
Exit AVG
 
Reboot your PC in Normal Mode->>Re run Hijackthis and post a fresh Hijackthis log.
  • Double click the report-scan txt. you saved to your desktop
    It will open in Notepad
    Copy and paste that report as a reply to this thread
Your reply should include
  • a fresh Hijackthis log
    your report_scan.txt log from AVG
      bamajim   Graduate of MRU
      CastleCops  Instructor


      Aeros15

      24 Posts

      May 8th, 2007 23:00

      ---------------------------------------------------------
      AVG Anti-Spyware - Scan Report
      ---------------------------------------------------------

      + Created at: 7:38:22 PM 5/8/2007

      + Scan result:



      :mozilla.292:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
      :mozilla.293:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
      :mozilla.347:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
      :mozilla.348:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
      :mozilla.322:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
      :mozilla.323:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
      :mozilla.324:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
      :mozilla.325:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
      :mozilla.326:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
      :mozilla.217:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
      :mozilla.218:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
      :mozilla.219:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
      :mozilla.220:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
      :mozilla.221:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
      :mozilla.222:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
      :mozilla.223:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
      :mozilla.31:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
      :mozilla.32:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
      :mozilla.33:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
      :mozilla.34:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
      :mozilla.35:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
      :mozilla.42:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
      :mozilla.155:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
      :mozilla.45:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
      :mozilla.49:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
      :mozilla.50:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
      :mozilla.51:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
      :mozilla.10:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
      :mozilla.11:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
      :mozilla.12:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
      :mozilla.13:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
      :mozilla.14:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
      :mozilla.15:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
      :mozilla.6:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
      :mozilla.7:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
      :mozilla.8:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
      :mozilla.9:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
      :mozilla.36:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
      :mozilla.192:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
      :mozilla.193:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
      :mozilla.194:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
      :mozilla.195:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
      :mozilla.196:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
      :mozilla.197:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
      C:\Documents and Settings\Joshua\Cookies\joshua@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
      :mozilla.71:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
      :mozilla.74:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
      :mozilla.75:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
      :mozilla.76:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
      :mozilla.272:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
      :mozilla.158:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
      :mozilla.159:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
      :mozilla.374:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Information : Cleaned.
      :mozilla.156:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
      :mozilla.157:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
      :mozilla.154:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
      :mozilla.372:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
      :mozilla.356:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
      :mozilla.357:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
      :mozilla.358:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
      :mozilla.359:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
      :mozilla.240:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
      :mozilla.241:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
      C:\Documents and Settings\Joshua\Cookies\joshua@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
      :mozilla.72:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
      :mozilla.73:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
      :mozilla.77:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
      :mozilla.373:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
      :mozilla.148:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
      :mozilla.149:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
      :mozilla.150:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
      :mozilla.151:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
      C:\Documents and Settings\Joshua\Cookies\joshua@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
      :mozilla.242:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
      :mozilla.243:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
      :mozilla.244:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
      :mozilla.245:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
      :mozilla.246:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
      :mozilla.247:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
      :mozilla.46:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
      :mozilla.47:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
      :mozilla.52:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
      :mozilla.53:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
      :mozilla.54:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
      :mozilla.55:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
      :mozilla.224:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
      :mozilla.248:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
      :mozilla.249:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
      :mozilla.250:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
      :mozilla.251:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
      :mozilla.353:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
      :mozilla.355:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
      :mozilla.112:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
      :mozilla.113:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
      :mozilla.114:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
      :mozilla.115:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
      :mozilla.116:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
      :mozilla.117:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
      :mozilla.118:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
      :mozilla.119:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
      :mozilla.120:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
      :mozilla.121:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
      :mozilla.48:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
      :mozilla.57:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
      :mozilla.281:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
      :mozilla.129:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
      :mozilla.130:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
      :mozilla.131:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
      :mozilla.132:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
      :mozilla.133:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
      :mozilla.134:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
      :mozilla.135:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
      :mozilla.136:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
      :mozilla.137:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
      :mozilla.228:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
      :mozilla.229:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
      :mozilla.230:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
      :mozilla.231:C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\amp1c9ii.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


      ::Report end



      (the forum wouldnt let me post them both cuz the post exceeded 20000 characters -_-)

      Aeros15

      24 Posts

      May 8th, 2007 23:00

      ok sorry it took so long to reply.. i had some issues with my computer besides spyware and ive finally been able to get into safe mode.. well heres the hijack this log and avg anti spyware report

      Logfile of HijackThis v1.99.1
      Scan saved at 7:43:01 PM, on 5/8/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
      C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
      C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
      C:\Program Files\allSnap\allSnap.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\common files\mcafee\mna\mcnasvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\WINDOWS\system32\devldr32.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
      c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Joshua\Desktop\HijackThis.exe

      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
      O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
      O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
      O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
      O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
      O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: allSnap.lnk = C:\Program Files\allSnap\allSnap.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
      O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} (CountSpies.SpyCounter) -
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
      O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
      O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

      Was this post helpful?

      View All

      No Events found!

      Top