lofreequency

Members
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About lofreequency

  • Rank
    Member
  1. No Problem. Again, thank you very much. The kind and courteous manner in which you guys operate is special and appreciated. I've been sharing that Mr Tk link with my friends...some great info there. Everything is working great!
  2. Hi, I tried to find System Restore but could not. I'm running Win2000 Pro and did a quick online search and find that feature is not there? Please advise. I followed the IE temp file clean-up insturctions( I usually do that as part of my regular routine). I followed the IE 'more safe instructions' and everything was already set as you described. That Mr Tk link is great! Thanks!
  3. Hi. Lastly, I got Sound Forge to finally install properly (uninstall previous, reinstall, restart). I just wanted to say THANK YOU VERY MUCH FOR YOUR HELP! MUCH APPRECIATED! Things are working great!
  4. Hi, a small update. I didn't have much time to do a lot, but I did run a few applications last night. The only error I encountered was with my Sound Forge 8 program, which upon tring to start it up, an error message appeared saying "SF80.exe" could not be found and the program would have to be restarted. I thought I'd try reinstalling from my disc. For some reason it would not repond to starting the reinstall process from the disc. I could browse the CD fine, but when I hit the "install" feature...nothing. So, I did the error search you recommended above...all came out clear...no errors found. I tried SF again, same error message. So I went into the Programs folder and found the application file and clicked on it and it reinstalled the program from there, but it still won't start. Do I need to copy the "exe" file to the harddrive? All other similiar programs seem to be opening and operating fine from what I can tell at the point, including an older version of Sound Forge I still have on the computer. Also, besides the AOL 9.0 SE security stuff and Ad-Aware, should I be running any of those other programs we used on a regular basis? Thanks.
  5. First, when I started the computer initially this evening, i had not yet deleted any of the those files. I went online and followed your instructions and waited for your last post. I restarted the computer thinking maybe the error message popped-up because I hadn't restarted after deleting. The error message came back. I then realized I had forgotten to take AVG out of the start-up as you suggested. So, I did that and resarted and everything booted normally...no errors! Computer is running very good! Much thanks!
  6. Hi, thanks for the clarifications...just wanted to make sure I understood and didn't delete anything wrong. I just deleted everything you requested. Computer seems fine with one exception, when I booted up I got an error that popped up as the desktop items were still loading: "avgas.exe-unable to locate DLL...then it lised a few items (probably not exactly as I'm typing them here as I wrote them down quickly) such as, C:program/filesgrisoft/avg and C:winnt/system32 and C:winnt system 32/wbem and C:winnt/quicktime/qtsystem." Thanks
  7. No prob. Again, much appreciation for the help here I'm at work now and won't be able to get to those steps until this evening. But I wanted to ask for clarity's sake, when you say "<---Delete this here" or ,<---Clean out this folder" then you list certain entries, are those entries just listed because they are the suspected bad ones and I am to delete the entire folder right, not just specific entries? I already emptied the entire Dr. Web folder as instructed in your last post...that was OK? Also, the "Anti-Spyware Programs" folder on my desktop contains all the programs we've been using...will this delete those programs too? Much thanks!
  8. Hi, I found theDr. Web quatantine folder and empltied. But I'm unclear what to do specifically regarding your instructions about Panda where you say "goto where it shows in the logfile and delete them. some of the items are just backups from tools you and i have been using like say smitRem, VirtumundoBeGone, and so just goto where they show up in the logfile and delete them." Please advise...I guess I need more specific instrucions as I'm not clear where to find said logfiles. Sorry and thanks. Ths computer seems to be running good. The CPU usage is "normal" and the running prcessing are down to 52...i thik before we started this it was over 60. <Edit> I have found a couple Panda related files in WINTT/System32/Activescan folder called "Panda Activescan" are these the files? When I try to open them it doesn't know what program to use...if I use say Wordpad a bunch of code comed up that I don't understand.
  9. Ok, ran Panda...it found some stuff and I saved the scan. Incident Status Location Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ Virus:Trj/Keylog.JA Disinfected C:\avenger\backup.zip[avenger/winupdate.dll] Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/winupdtm.dll] Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/wupdmnt.dll] Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/w_update.dll] Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/w_update.dll-ren-5443] Adware:Adware/SpywareStrike Not disinfected C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\J38771.7810598958.WCU[C:/WINNT/system32/hp15EB.tmp] Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\J38771.7810598958.WCU[C:/WINNT/system32/ld54E0.tmp] Adware:Adware/SpywareStrike Not disinfected C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\J38773.3924754745.WCU[C:/WINNT/system32/hp1470.tmp] Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\hart-navarre1\Application Data\Business Logic\UWC\Backup\J38773.3924754745.WCU[C:/WINNT/system32/ld4F85.tmp] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\hart-navarre1\Cookies\[email protected][1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\hart-navarre1\Cookies\[email protected][1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\hart-navarre1\Cookies\[email protected][2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\smitRem.exe[smitRem/Process.exe] Possible Virus. Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\smitRem.exe[smitRem/swreg.exe] Possible Virus. Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\smitremextracted\smitRem\swreg.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\Desktop\Anti-Spyware Programs\VirtumundoBeGone.exe[²ƒÇ] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\DoctorWeb\Quarantine\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\hart-navarre1\DoctorWeb\Quarantine\Process0.exe Possible Virus. Not disinfected C:\Documents and Settings\hart-navarre1\DoctorWeb\Quarantine\wupdmng.dll Possible Virus. Not disinfected C:\Program Files\America Online 9.0\download\smitRem\swreg.exe I also unistalled and reinstalled AVG...seems like it's normal now. Updates loaded and said it was successful in doing so...
  10. Hi, things didn't go smooth as I hoped. See what you think. I downloaded AVG, installed. I could not get undates to work. Kept getting a message that their server wasnt ready so serve. After several attempts I decided to go into Safe Mode and scan. After three hours AVG scanned and found three items. One "Zbot" program the was a high threat and two other medium threats. After the scan I tried the "Apply all Actions" Upon doing so AVG froze up and said it couldn't quarintine Zbot, etc. I had to tell it to "say Yes to all". After quite a while, the program was saying it was working on it and nothing happened. I opened the Task Manager to find AVG was not responding. So, I tried shutting down the program and restarting. It took the computer a long time to finally restart. Next, I tried updating AVG again. This time the update task bar pegged to the right quickly but just stayed there and never seemed to finish, or did it? Again I let it run for a long time...nothing changed. So, I shut it down and restarted in Safe Mode and re-ran AVG...this time I just did a quick scan, since I'm confident there's nothing on my F:drive. AVG found the two medium threats from last time but not the high threat. I "appied all actions" and they took. I restarted and uninstalled the Java's, then reinstalled the newest version. I had to go into the manual update screen to get it to download proberly. So, that's where I am.
  11. Hi. First, I'd like to thank you for the concise and detailed instructions you relayed. Wow, very impressive. In addition, I'd like to say the kind and courteous manner in which your advice was delivered was greatly appreciated. Thank you very much! Here's my update. I could not find the "inet20125" or the "update8205282820115244.exe" on the C:drive. Everything else went as advised/expected. The computer seems to be running great from what I can tell at this point. One thing I've been monitoring through out this whole ordeal is the CPU performance via the Task Manager. Prior to executing these last steps the CPU has been maxed out at 100% all the time. Before this infection the CPU would normally run in the 1%-3% range. I'm extremely happy to report the CPU Usage rating is back to "normal". Plus, one thing that has been messed up throughout this ordeal has been the desktop settings. I have not been able to place a custom photo as my wallpaper. Well, it works again. Very cool! Here's my HiJack This! log: Logfile of HijackThis v1.99.1 Scan saved at 10:36:46 PM, on 12/9/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe C:\WINNT\system32\CTsvcCDA.EXE C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINNT\system32\gearsec.exe C:\WINNT\system32\hidserv.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\S3apphk.exe C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\Common Files\AOL\1137373316\ee\SSCEvtHdlr.exe C:\Program Files\Common Files\AOL\1137373316\ee\aolsoftware.exe C:\DOCUME~1\HART-N~1\LOCALS~1\Temp\SSUPDATE.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE c:\program files\common files\aol\1137373316\ee\anotify.exe C:\Program Files\America Online 9.0\shellmon.exe C:\HIJack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [s3apphk] S3apphk.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137373316\ee\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{58F75CDC-1AE6-4FA3-B555-E8E7D2DE0BFF}: NameServer = 192.168.0.1,205.171.3.65 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GearSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe Much Thanks!
  12. Hi, The PC Rescue was in the Add/remove programs to I removed it (is that a scam? PC Rescue? Because I paid for it and downloaded it but they would never send me the registration code to activate the program). The other one you mentioned was not there. Here's the Avenger log as requested. The Avenger log: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\uiklpcpy ******************* Script file located at: \??\C:\WINNT\xljnqduv.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Program Files\PCRescueSetup.exe deleted successfully. File C:\Program Files\ssftrialsnrsetup5239_1898980556.exe deleted successfully. File C:\WINNT\system32\94659.exe deleted successfully. File C:\WINNT\system32\winupdate.dll deleted successfully. File C:\wupdmnt.dll deleted successfully. File C:\WINNT\system32\w_update.dll deleted successfully. File C:\w_update.dll deleted successfully. File C:\winupdtm.dll deleted successfully. File C:\Program Files\PCRescueSetup4.exe deleted successfully. File C:\WINNT\unvise32.exe deleted successfully. Folder C:\Program Files\PCRescue4.0 deleted successfully. Folder C:\WINNT\inet20126 deleted successfully. Completed script processing. ******************* Finished! Terminate. And a new HiJack This log: Logfile of HijackThis v1.99.1 Scan saved at 2:51:57 PM, on 12/9/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe C:\WINNT\system32\CTsvcCDA.EXE C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINNT\system32\gearsec.exe C:\WINNT\system32\hidserv.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\wuauclt.exe C:\WINNT\system32\SERVICES.EXE C:\WINNT\system32\S3apphk.exe C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Common Files\AOL\1137373316\ee\SSCEvtHdlr.exe C:\Program Files\Common Files\AOL\1137373316\ee\aolsoftware.exe C:\WINNT\system32\notepad.exe C:\DOCUME~1\HART-N~1\LOCALS~1\Temp\SSUPDATE.EXE c:\program files\common files\aol\1137373316\ee\anotify.exe C:\Program Files\America Online 9.0\shellmon.exe C:\HIJack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [s3apphk] S3apphk.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137373316\ee\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKCU\..\Run: [WinUpgrade] "C:\update8205282820115244.exe " O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{58F75CDC-1AE6-4FA3-B555-E8E7D2DE0BFF}: NameServer = 192.168.0.1,205.171.3.65 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GearSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe Much Thanks!
  13. Hi, as requested the Superanti Spyware log, then the other logs:SUPERAntiSpyware Scan Log Generated 12/09/2006 at 11:31 AM Application Version : 3.4.1000 Core Rules Database Version : 3144 Trace Rules Database Version: 1160 Scan type : Complete Scan Total Scan Time : 02:33:11 Memory items scanned : 510 Memory threats detected : 0 Registry items scanned : 5115 Registry threats detected : 2 File items scanned : 88446 File threats detected : 5 Adware.Tracking Cookie C:\Documents and Settings\hart-navarre1\Cookies\[email protected][2].txt C:\Documents and Settings\hart-navarre1\Cookies\[email protected][2].txt C:\Documents and Settings\hart-navarre1\Cookies\[email protected][2].txt C:\Documents and Settings\hart-navarre1\Cookies\[email protected][1].txt C:\Documents and Settings\hart-navarre1\Cookies\[email protected][1].txt Adware.MyWebSearch HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable And a new Hijack this log after running Superanti Spyware:Logfile of HijackThis v1.99.1 Scan saved at 12:01:37 PM, on 12/9/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe C:\WINNT\system32\CTsvcCDA.EXE C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINNT\system32\gearsec.exe C:\WINNT\system32\hidserv.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\wuauclt.exe C:\WINNT\system32\SERVICES.EXE C:\WINNT\system32\S3apphk.exe C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Common Files\AOL\1137373316\ee\SSCEvtHdlr.exe C:\Program Files\Common Files\AOL\1137373316\ee\aolsoftware.exe C:\DOCUME~1\HART-N~1\LOCALS~1\Temp\SSUPDATE.EXE c:\program files\common files\aol\1137373316\ee\anotify.exe C:\Program Files\America Online 9.0\shellmon.exe C:\HIJack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [s3apphk] S3apphk.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137373316\ee\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [wupdate] rundll32.exe c:\winupdtm.dll,wupdate O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKCU\..\Run: [WinMedia] "C:\update8205282820109545.exe " O4 - HKCU\..\Run: [WinUpgrade] "C:\update8205282820115244.exe " O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{58F75CDC-1AE6-4FA3-B555-E8E7D2DE0BFF}: NameServer = 192.168.0.1,205.171.3.65 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GearSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe And My COMBOFIX log: hart-navarre1 - Sat 12/09/2006 12:10:08.04 Service Pack 4 ComboFix 06.11.27W - Running from: "C:\Program Files\America Online 9.0\download" ((((((((((((((((((((((((((((((( Files Created from 2006-11-09 to 2006-12-09 )))))))))))))))))))))))))))))))))) 2006-12-09 00:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2006-12-09 00:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2006-12-09 00:11 <DIR> d-------- C:\Documents and Settings\hart-navarre1\Application Data\SUPERAntiSpyware.com 2006-12-08 17:32 <DIR> d-------- C:\Documents and Settings\hart-navarre1\DoctorWeb 2006-12-07 18:17 <DIR> d-------- C:\WINNT\SoftwareDistribution 2006-12-07 18:16 465,176 --a------ C:\WINNT\system32\wuapi.dll 2006-12-07 18:16 41,240 --a------ C:\WINNT\system32\wups.dll 2006-12-07 18:16 194,328 --a------ C:\WINNT\system32\wuaueng1.dll 2006-12-07 18:16 18,200 --a------ C:\WINNT\system32\wups2.dll 2006-12-07 18:16 173,536 --a------ C:\WINNT\system32\wuweb.dll 2006-12-07 18:16 172,312 --a------ C:\WINNT\system32\wuauclt1.exe 2006-12-07 18:16 127,256 --a------ C:\WINNT\system32\wucltui.dll 2006-12-06 22:45 <DIR> d-------- C:\HIJack This 2006-12-05 22:08 80,640 --a------ C:\WINNT\system32\drivers\MpFirewall.sys 2006-12-05 22:08 8,704 --a------ C:\WINNT\system32\MPFApi.dll 2006-12-05 22:06 <DIR> d-------- C:\Program Files\CA 2006-12-05 22:05 41,018 --a------ C:\WINNT\system32\EntAPI.dll 2006-12-05 22:05 401,462 --a------ C:\WINNT\system32\msvcp60.dll 2006-12-05 22:04 82,432 --a------ C:\WINNT\system32\msxml4r.dll 2006-12-05 22:04 44,544 --a------ C:\WINNT\system32\msxml4a.dll 2006-12-05 22:04 1,233,920 --a------ C:\WINNT\system32\msxml4.dll 2006-12-05 08:47 <DIR> d-------- C:\WINNT\inet20126 2006-12-05 08:36 45,568 --a------ C:\winupdtm.dll 2006-12-02 11:02 3,867,659 --a------ C:\Program Files\PCRescueSetup4.exe 2006-12-02 10:39 86,016 --a------ C:\WINNT\unvise32.exe 2006-12-02 10:39 <DIR> d-------- C:\Program Files\PCRescue4.0 2006-12-02 10:38 3,867,659 --a------ C:\Program Files\PCRescueSetup.exe 2006-12-01 17:12 684,032 --a------ C:\WINNT\system32\libeay32.dll 2006-12-01 17:12 155,648 --a------ C:\WINNT\system32\ssleay32.dll 2006-12-01 17:10 13,111,432 --a------ C:\Program Files\ssftrialsnrsetup5239_1898980556.exe 2006-11-30 22:13 <DIR> d-------- C:\Documents and Settings\hart-navarre1\Application Data\Uniblue 2006-11-30 22:12 3,027,458 --a------ C:\Program Files\registryboosterplib.exe 2006-11-30 19:43 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2006-11-30 19:43 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Spybot - Search & Destroy 2006-11-30 19:42 5,037,072 --a------ C:\Program Files\spybotsd14.exe 2006-11-29 20:15 <DIR> d-------- C:\Documents and Settings\hart-navarre1\Application Data\PC Tools 2006-11-29 20:14 8,604,464 --a------ C:\Program Files\sdsetup.exe 2006-11-25 12:03 <DIR> d-------- C:\Documents and Settings\hart-navarre1\G-Force 2006-11-25 12:03 <DIR> d-------- C:\Documents and Settings\hart-navarre1\Application Data\G-Force 2006-11-23 00:28 8,509 --a------ C:\WINNT\system32\94659.exe 2006-11-22 07:46 44,032 --a------ C:\WINNT\system32\winupdate.dll 2006-11-22 07:45 94,208 --a------ C:\wupdmnt.dll 2006-11-21 08:19 94,208 ---h----- C:\WINNT\system32\w_update.dll 2006-11-15 08:50 44,544 ---h----- C:\w_update.dll 2006-11-14 17:20 8,976 --a------ C:\WINNT\system32\kbdjpn.dll 2006-11-14 17:20 7,440 --a------ C:\WINNT\system32\kbd106.dll 2006-11-11 18:27 <DIR> d-------- C:\Documents and Settings\hart-navarre1\Application Data\.ABC 2006-11-11 18:25 4,222,516 --a------ C:\Program Files\ABC-win32-v3.1.exe 2006-11-11 18:17 <DIR> d-------- C:\Program Files\3.1.0 2006-11-11 14:08 402,897 --a------ C:\Program Files\maketorrent-2.1.exe 2006-11-11 14:08 <DIR> d-------- C:\Program Files\Maketorrent 2 2006-11-11 13:29 524,709 --a------ C:\Program Files\flac112a.exe 2006-11-11 13:29 <DIR> d-------- C:\Program Files\FLAC 2006-11-11 13:27 204,445 --a------ C:\Program Files\FLAC_plugin_with_library_support.exe 2006-11-11 12:35 1,044,168 --a------ C:\Program Files\vbrun60sp5.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-09 00:11 -------- d-a------ C:\Program Files\Common Files 2006-12-07 18:24 -------- d-------- C:\Program Files\LimeWire 2006-12-07 18:17 -------- d-ah----- C:\Program Files\WindowsUpdate 2006-12-06 10:19 -------- d-------- C:\Program Files\AOL 2006-12-05 22:09 -------- d-a------ C:\Program Files\Common Files\AOL 2006-12-05 22:02 -------- d-------- C:\Documents and Settings\hart-navarre1\Application Data\AOL 2006-12-04 20:06 -------- d-------- C:\Program Files\Incomplete 2006-12-03 11:36 -------- d-------- C:\Program Files\Winamp 2006-12-03 09:31 -------- d-------- C:\Program Files\Webroot 2006-12-02 12:06 58671 --a------ C:\Program Files\StartupCPL.zip 2006-11-23 00:20 -------- d-------- C:\Program Files\Apple Software Update 2006-11-20 22:55 -------- d-------- C:\Documents and Settings\hart-navarre1\Application Data\SoundSpectrum 2006-11-20 07:09 -------- d-a------ C:\Program Files\America Online 9.0 2006-11-16 20:42 753 --a------ C:\Documents and Settings\hart-navarre1\Application Data\com.kennettnet.PodUtil.plist 2006-11-11 18:28 -------- d-------- C:\Program Files\ABC 2006-11-11 18:27 -------- d-------- C:\Documents and Settings\hart-navarre1\Application Data\.ABC 2006-11-11 18:17 320910 --a------ C:\Program Files\ABC-win32-v3.1.zip 2006-11-11 14:07 12150 --a------ C:\Program Files\maketorrent-2.1[1] 2006-11-06 20:01 1121693 --a------ C:\Program Files\mirc62.exe 2006-11-04 09:37 -------- d-------- C:\Program Files\Exact Audio Copy 2006-11-04 09:36 1208101 --a------ C:\Program Files\eac-0.95b4.exe 2006-11-01 21:15 192371 --a------ C:\Program Files\G-Force_Screen_Saver_114.exe 2006-11-01 21:14 3716155 --a------ C:\Program Files\G-Force_357_Platinum.exe 2006-10-22 10:58 -------- d-------- C:\Program Files\MediaFACE II 2006-10-16 20:47 -------- d-------- C:\Documents and Settings\hart-navarre1\Application Data\U3 2006-10-07 13:06 36656704 --a------ C:\Program Files\iTunesSetup.exe 2006-10-04 17:05 3186040 --a------ C:\Program Files\SFTPMSI.exe 2006-10-04 16:42 3742383 --a------ C:\Program Files\CoffeeFreeFTPInstaller.exe 2006-09-30 12:40 45166458 --a------ C:\Program Files\soundforge80d.exe 2006-09-30 10:01 728328 --a------ C:\Program Files\SonicStageInstaller.exe 2006-09-08 22:19 442408 --a------ C:\Program Files\msgr8us.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Window Washer"="\"C:\\Program Files\\Webroot\\Washer\\wwDisp.exe\"" "Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R" "SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe" "AOL Fast Start"="\"C:\\Program Files\\America Online 9.0\\AOL.EXE\" -b" "WinUpgrade"="\"C:\\update8205282820115244.exe \" " "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Synchronization Manager"="mobsync.exe /logon" "S3apphk"="S3apphk.exe" "HostManager"="C:\\Program Files\\Common Files\\AOL\\1137373316\\ee\\AOLSoftware.exe" "AOLDialer"="\"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe\"" "AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1137373316\\ee\\services\\safetyCore\\ver210_5_2_1\\AOLSP Scheduler.exe" "sscRun"="C:\\Program Files\\Common Files\\AOL\\1137373316\\ee\\SSCRun.exe" "OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe" "EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe" "MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\"" "Picasa Media Detector"="\"C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "wupdate"="rundll32.exe c:\\winupdtm.dll,wupdate" "PPRT"="C:\\Program Files\\CA\\PPRT\\bin\\ITMRTSVC_Logon.exe" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000003 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000095 "NoSaveSettings"=dword:00000000 "NoThemesTab"=dword:00000000 "ForceActiveDesktopOn"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=dword:00000000 "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=hex:95,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINNT\tasks\AppleSoftwareUpdate.job Completion time: Sat 2006-12-09 12:11:17.99 C:\ComboFix.txt ... 06-12-09 12:11 Hope I'm understaning your instructions...looks like a new HiJack This scan log after running Combofix is required...which is this: Logfile of HijackThis v1.99.1 Scan saved at 12:13:34 PM, on 12/9/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe C:\WINNT\system32\CTsvcCDA.EXE C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINNT\system32\gearsec.exe C:\WINNT\system32\hidserv.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\wuauclt.exe C:\WINNT\system32\SERVICES.EXE C:\WINNT\system32\S3apphk.exe C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Common Files\AOL\1137373316\ee\SSCEvtHdlr.exe C:\Program Files\Common Files\AOL\1137373316\ee\aolsoftware.exe C:\DOCUME~1\HART-N~1\LOCALS~1\Temp\SSUPDATE.EXE c:\program files\common files\aol\1137373316\ee\anotify.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\America Online 9.0\shellmon.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\NOTEPAD.EXE C:\HIJack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [s3apphk] S3apphk.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137373316\ee\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [wupdate] rundll32.exe c:\winupdtm.dll,wupdate O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKCU\..\Run: [WinUpgrade] "C:\update8205282820115244.exe " O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{58F75CDC-1AE6-4FA3-B555-E8E7D2DE0BFF}: NameServer = 192.168.0.1,205.171.3.65 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GearSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe Thank you very much.
  14. Hi, Hope someone can help. I've followed the instructions on the "Utzimmerman 'matrisahasyou' " post. I've run Drweb and Ad-Aware in safe mode and then rebooted and ran the HiJack This scan. Attatched is my Dr.Web log report and here's my HiJack this log, please advise. Thanks in advance! Logfile of HijackThis v1.99.1 Scan saved at 9:30:39 PM, on 12/8/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe C:\WINNT\system32\CTsvcCDA.EXE C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINNT\system32\gearsec.exe C:\WINNT\system32\hidserv.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\SERVICES.EXE C:\WINNT\system32\S3apphk.exe C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\Common Files\AOL\1137373316\ee\SSCEvtHdlr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Common Files\AOL\1137373316\ee\aolsoftware.exe C:\Program Files\America Online 9.0\shellmon.exe C:\HIJack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [s3apphk] S3apphk.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137373316\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1137373316\ee\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [wupdate] rundll32.exe c:\winupdtm.dll,wupdate O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - HKCU\..\Run: [WinMedia] "C:\update8205282820109545.exe " O4 - HKCU\..\Run: [WinUpgrade] "C:\update8205282820115244.exe " O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm265YYUS O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{58F75CDC-1AE6-4FA3-B555-E8E7D2DE0BFF}: NameServer = 192.168.0.1,205.171.3.65 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1137373316\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GearSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe DrWeb12_8_06.txt